Since gnupg 2.1.10 the option --encrypt-to checks for for ambigious keys. But
this also fails, when there are two keys, where one key is valid and the other
one is expired and revoked.
This is a common case. When someone creates a new key, it is a good practise to
keep the old one to decrypt old data.
$ LC_ALL=C gpg --encrypt --encrypt-to email@example.com -r 0x5334752442830117 --armour
gpg: key specification 'firstname.lastname@example.org' is ambiguous
gpg: (check argument of option '--encrypt-to')
gpg: 'email@example.com' matches at least: