Jonathan Matthews <contact+cfdev@...>
toggle quoted messageShow quoted text
I wouldn’t be surprised to find this is intentional.
If this didn’t happen, then it would be possible for an attacker to try submitting many addresses, and then receive confirmation of which of them were related to accounts on the service/system.
I also wouldn’t be surprised to find that the service had an option to disable this behaviour in trusted environments, but I’ve no insight into that - I’m just mentioning that’s it’s /possible/ :-)
On Sun, 14 Jun 2020 at 16:59, shilpa kulkarni <shilpakulkarni91@...> wrote: