When creating APIs that send emails programmatically, it's essential to include logic to ensure that messages get sent only if certain conditions apply (for example, CAPTCHAs) to reduce the risk of spamming by bots.

This rule detects instances in which is possible to send emails without any control, straight invokable from end-users.

Did this answer your question?