Comment 0 for bug 78039

According to lib/canonical/launchpad/pagetests/foaf/02-addemail.txt, you can ask for a confirmation message to be sent to an unconfirmed e-mail address "as many times as you want, because you can have lost the token and then you'll need another one".

That's a good reason, but it has a problem. If you don't have a Launchpad account, someone who isn't even logged in can DoS you by getting Launchpad to rapidly send you hundreds of confirmation messages.

Either Launchpad should limit the number of confirmation messages sent to an address (perhaps 2 per day maximum), or the confirmation message should include the IP address of the person who requested the confirmation (as other systems do), or both.