In the functionality of “Forgot password”, we have observed that we can send an unlimited number of forgot password requests to any random email, even if the email is not a registered Metabase user.
This can be used to span any random email with a potentially unlimited number of mails.
Is there a way to set a rate limit on the number of requests of “Forgot password” are sent to an email in a given time frame?
Also, is there functionality to send “Forgot password” request only to registered Metabase users?
If there are no such features, can you kindly guide me on how to create requests for the addition of such features?
Thanks in advance.