Inquiry about restrictions on sending password reset emails

Hello Auth0 support team,

I am one of the developers using Auth0 in our application.
While there is no limit to the number of times a password reset email can be sent, there is a risk of malicious third parties sending unsolicited password reset emails if they know a registered email address.
What measures and policies does Auth0 have in place to address this issue?

Thank you.

Hi @ketanaka,

Welcome to the Auth0 Community!

I can’t find any specific measures for addressing this concern. If you’d like to make a feature request, that can be done here: #feedback.

Is this something you are seeing, or a hypothetical? Also, if bad actor has a known email address they can spam it without using Auth0. Is there a Auth0-specific concern outside of the added emails in their inbox?

Hi @dan.woda

Thank you for your reply.

I understand that there are no specific measurement.
I would like to make a request.

This is a hypothetical situation. But, it would be better to implement some measurement on Auth0 for password reset spam. And, we would like to protect our customer with our service and Auth0.

Thank you.

1 Like

Thanks for the added context.

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.