
The fix was using AWS WAF CAPTCHA and Cloudflare Turnstile. I wrote about how we diagnosed it, why the obvious defences failed, and how we solved it.
If you're running any public endpoint that triggers an email, this is worth a read: poly4.hashnode.dev/why-rate-limit…
English















