Provide sending limits for password reset emails

ketanaka · March 30, 2023, 7:20am

Feature:
Provide sending limits for password reset emails.

Description:
Since password reset emails do not have send limits, malicious third parties can send spam emails by using Auth0.
So, Auth0 should have the measurement for this situation.
For example, if specific account send the multiple password reset emails, Auth0 will prohibit sending password reset within 24 hours.

Use-case:
Our company develops a mobile ordering application for the retail industry. We maintain strict security policies and believe it’s important to implement measures to address this issue.

konrad.sopala · March 30, 2023, 9:59am

Hey there!

Thank you for creating this feedback card! Make sure to upvote it so it can get as many votes as possible. We review those feedback cards on a monthly basis and will let you know once we have any updates on that front!

marcstuart · July 4, 2023, 12:19pm

Hi there,

If not this then could we enable captcha for reset password?

Topic		Replies	Views
Captcha protection for password-reset (email flood) Feedback password-reset , forgot-password , captcha , bot-det , bot_detection	0	494	March 11, 2024
Inquiry about restrictions on sending password reset emails Help	4	1113	April 3, 2023
Disable All Emailing from Auth0 Help emails	2	4228	February 7, 2020
Reset Password Emails Sent By Auth0 Take Several Hours To Arrive Help	1	1909	January 18, 2022
No limit for 'reset password' requests to Auth0 Help	1	3799	December 4, 2019

Provide sending limits for password reset emails

Related Topics