I agree with you 100%. I've never liked having an e-mail address required as the user-ID for a log-on dialog. Web site developers seem to prefer it because it is implicitly unique, and whether the account exists is easy to verify by sending a message and requiring the person who is "registering" or "opening an account" to respond to that message in some way before they are granted privileges. But just because the prospective user responds does not mean that the e-mail account is used for any other purpose than as a user-id for web sites which require it.
If an attacker knows that an e-mail address is used as the user-ID, then they do not have to randomly generate the string that follows the @ symbol. What they need is a list of as many e-mail "providers", usually ISPs, as they can feasibly use.
Aside from public web sites, though, using an e-mail address for the user-id to log-on to a private network, such as one's employer, could be giving a prospective intruder a significant advantage, since they can probably discover what the string must be following the @ symbol and they can focus upon using likely user-names which precede the @ symbol, before resorting to random "names".
