is that by making a request for password, no limit on users, for example, someone might abuse the resources sent by mail or just annoy another user to send unlimited fake password requests, just knowing the user name ...
I have just received this kind of attention from somebody here on the community site. I received 4 fake password reset requests all originating from the same IP address. Not too difficult to track that person down and ban them.
Those requests came from Alexander Kings. If anyone would like to work on adding a limit, we'd definitely accept a patch/pull request.
yes it was me, excuse me Trajan... Cash you're a sentinel xD