The max_emails_per_day_per_user setting does not apply to critical emails. Because of this, some users—whether intentionally or not—are able to repeatedly trigger signup or forgot password emails in a very short time.
I’ve observed that most of my new users end up sending 2 to 4 signup emails within just two minutes.
I tried to find a solution, such as:
- Limiting the frequency of critical emails
- Setting a daily limit per email address
However, it seems there are currently no rate limits at all for critical emails.
I believe that adding even a simple limit here could eliminate redundant behavior and lead to more meaningful efficiency—not just in system performance, but in time and money.
Are there any existing ways to restrict this behavior, or could a setting be added in the future to make critical email behavior more manageable?
I don’t think critical emails should simply be excluded from max_emails_per_day_per_user. There should also be a setting like max_critical_emails_per_day_per_address or /per_ip.
Discuss this on our forum.