The Forgot password email template has been the same for more than a decade. It is time to include more information in the email.
Here are the couple of Forgot password email I received from Facebook and Twitter recently. Both of them were not initiated by me, my Facebook account is deactivated a long time ago. I have also recently changed the email id to a different email id, and I still receive at least once every month.
I suggest to send more information to the user to take decision. For eg., Gmail displays a notification bar if there are any suspicious activity, like login from two different countries in short span of time. Other webapps should also do the same, it is not 2004 anymore. People ignore these emails if they don't initiate it, and the web apps don't have enough information to block the IP if there are patterns.
So kindly include information like IP Address, Browser Agent, Country/State if possible.