Timing attacks for email enumeration

[neilbags]

Does this library have any protection or mitigation against email address enumeration?

With PASSWORDLESS_REGISTER_NEW_USERS set to False, and emails sent synchronously, I would expect the response time to be higher for a registered vs an unregistered user. This type of attack may also be possible even if email is sent asynchronously.

If not does anyone have a clean way to mitigate email enumeration while using this library?