Provide sending limits for password reset emails.
Since password reset emails do not have send limits, malicious third parties can send spam emails by using Auth0.
So, Auth0 should have the measurement for this situation.
For example, if specific account send the multiple password reset emails, Auth0 will prohibit sending password reset within 24 hours.
Our company develops a mobile ordering application for the retail industry. We maintain strict security policies and believe it’s important to implement measures to address this issue.