diff --git a/docs/changelog/7.x.x.txt b/docs/changelog/7.x.x.txt
index f09d6eb00..ee4f9d4be 100644
--- a/docs/changelog/7.x.x.txt
+++ b/docs/changelog/7.x.x.txt
@@ -50,6 +50,7 @@
  - fixed #8818: Visitor sends a welcome message
  - added: "EditArea" code highlighter and editing tool for WebGUI::Form::Codearea, used
     in Template, Snippet, SQLReport, and more
+ - fixed: email password recovery allows sending recovery mail to arbitrary address
 
 7.6.0
  - added: users may now customize the post received page for the CS
diff --git a/lib/WebGUI/Auth/WebGUI.pm b/lib/WebGUI/Auth/WebGUI.pm
index 916f84c7f..67626733d 100644
--- a/lib/WebGUI/Auth/WebGUI.pm
+++ b/lib/WebGUI/Auth/WebGUI.pm
@@ -998,7 +998,7 @@ sub emailRecoverPasswordFinish {
     my $recoveryGuid = $session->id->generate();
     my $url = $session->url->getSiteURL;
     my $userId = $user->userId; #get the user guid
-    $email = $user->profileField('email') unless $email; #get email address from the profile, unless we already have it
+    $email = $user->profileField('email');
 
     my $authsettings = $self->getParams($userId);
     $authsettings->{emailRecoverPasswordVerificationNumber} = $recoveryGuid;
@@ -1008,7 +1008,7 @@ sub emailRecoverPasswordFinish {
     my $mail = WebGUI::Mail::Send->create($session, { to=>$email, subject=>$i18n->get('WebGUI password recovery')});
     $mail->addText($i18n->get('recover password email text1', 'AuthWebGUI') . $url. ". \n\n".$i18n->get('recover password email text2', 'AuthWebGUI')." \n\n ".$url."?op=auth;method=emailResetPassword;token=$recoveryGuid"."\n\n ". $i18n->get('recover password email text3', 'AuthWebGUI'));
     $mail->send;
-    return "<h1>". $i18n->get('recover password banner', 'AuthWebGUI')." </h1> <br> <br> <h3>". $i18n->get('email recover password finish message1', 'AuthWebGUI'). $email . $i18n->get('email recover password finish message2', 'AuthWebGUI') . "</h3>";
+    return "<h1>". $i18n->get('recover password banner', 'AuthWebGUI')." </h1> <br> <br> <h3>". $i18n->get('email recover password finish message', 'AuthWebGUI') . "</h3>";
 }
 
 #-------------------------------------------------------------------
diff --git a/lib/WebGUI/i18n/English/AuthWebGUI.pm b/lib/WebGUI/i18n/English/AuthWebGUI.pm
index 13daac51f..d1f72bee0 100644
--- a/lib/WebGUI/i18n/English/AuthWebGUI.pm
+++ b/lib/WebGUI/i18n/English/AuthWebGUI.pm
@@ -602,14 +602,9 @@ our $I18N = {
 		lastUpdated => 177127324,
 	},
 
-	'email recover password finish message1' => {
-		message => q|An email has been sent to |,
-		lastUpdated => 177127324,
-	},
-
-	'email recover password finish message2' => {
-		message => q| with instructions for resetting your password.|,
-		lastUpdated => 177127324,
+	'email recover password finish message' => {
+		message => q|An email has been sent with instructions for resetting your password.|,
+		lastUpdated => 1223309904,
 	},
 
 	'email recover password start message' => {