I am one of the developers using Auth0 in our application.
While there is no limit to the number of times a password reset email can be sent, there is a risk of malicious third parties sending unsolicited password reset emails if they know a registered email address.
What measures and policies does Auth0 have in place to address this issue?
I can’t find any specific measures for addressing this concern. If you’d like to make a feature request, that can be done here: #feedback.
Is this something you are seeing, or a hypothetical? Also, if bad actor has a known email address they can spam it without using Auth0. Is there a Auth0-specific concern outside of the added emails in their inbox?
I understand that there are no specific measurement.
I would like to make a request.
This is a hypothetical situation. But, it would be better to implement some measurement on Auth0 for password reset spam. And, we would like to protect our customer with our service and Auth0.