[insomniacity]

Not quite - best practice is to continue the initial setup - ie, "we've sent you a link, please click to activate your account". Except if the email address is already in use, you email the address and let them know that. That way they only leak that info to the owner of the email address - and they can include a password reset link too.

[MattSayar]

How about for websites that give you some functionality without a verified email address? At that point, you can't let a user dink around if the address is in use.

Granted, this doesn't apply to eg banks, but there's plenty of websites where this could apply.

[JimDabell]

Don't ask for their email address then. What's the point in having an email address that you have no idea if it's correct or not? You might as well ask them to put in a random string of characters.