Captcha protection for password-reset (email flood)

Possibility of setting up bot-detection on “forgot password” (password reset) page.

There is no rate limiting or other mechanisms that would prevent the automation of sending e-mails to an attacker-chosen e-mail address. This behavior could be a minor annoyance if a malicious user decides to send multiple requests to flood another person’s inbox, thus potentially damaging the image of our company. An efficient countermeasure against automated attacks is to implement a CAPTCHA.

For reference:
previous community post, possibly never actually submitted as a feature request?

Alternative solution - rate limit feature