Anyone can create an account with someone else’s email address

I ended up with a Discord account because someone registered for an account with my email address.  I received a verification email from Discord which alerted me that someone had created an account with my email address.  I reacted quickly and went to the website, reset the password for the account and got in before they could do harm with the account.  At this point I’m going to squat on this account because I don’t want someone to do it again.  Your system should restrict people from using a new account until they have verified their email address.  At a minimum, when you send out the verification email, give a single click response to indicated that the user did not create the account.  It’s ridiculous that your system doesn’t do this by default.