One of drawbacks of this mechanism compared to Persona is that a web server needs to be configured to send emails with tokens using site's own email credentials. This isn't easy to setup reliably for a small site. A malicious user can easily trick the server to send many tokens to different accounts and cause the sending email to be included on spam blacklists.
How is that different from registering many user accounts with many different emails, or using the "Forgot Password" feature using many different emails?
If you use Persona, the site doesn't need to send any emails (As I wrote this is a drawback in comparison to Persona, a traditional password based mechanism has the same problem).
