Not only that, but along with the email you may have higher value targets that you will spend more time checking or trying to brute force.

Even if it's a gmail user, if you get them, and they use the same password on their mail, poof, you're in.

What gets me is that banks of all places have the worst password abilities (for their web logins)... case insensitive, only letters and numbers.