Hi there, @joefarrowsmith… others may disagree, but I wouldn’t worry about it because it’s just the way it is that someone could accidentally (or not accidentally, of course) submit a password reset request for an email address that isn’t theirs.
The only thing I would likely do (and have done in the past) is change the messaging in the email to something more along the lines of, “A request has been submitted to reset your password. If you did not submit this request, it was likely submitted for your email address in error, and you do not need to be concerned about the security of your account because your password cannot be reset without access to your email account.”
Hope this helps.
Best…
Mike