Is there a way to make sure that a user doesn't use the same email address or change an existing account to the same email address? From what I can see and am told, a user does not require a unique email address. The ability to use this for spam is obvious...
Logged on as admin -> Setup/Configuration there is a "Require Unique Email" setting that you can enable to prevent new signups from using an existing email. You can also enable require email activation which should further help reduce spam.