Place time-based throttling on Lost Information routines
Short, concise description of the idea
Alter http://www.livejournal.com/lostinfo.bml so that it will only allow username/password requests once per hour.
Full description of the idea
(Idea from leora, writeup by me.) Place bounds on http://www.livejournal.com/lostinfo.bml so that a username/password request from a particular email address or username (or possibly from a particular IP address) can only be made once per hour. This will eliminate the possibility for a malicious user to "spam" a victim with no public email address and no comment boards enabled. Currently, a harrasser could use the Lost Information system to mailbomb the chosen victim with endless emails containing the user's username and password, apparently sent from LiveJournal itself. Placing a limit of one password request per hour for each user account would eliminate this risk, and not negatively impact legitimate users of the function.
An ordered list of benefits
An ordered list of problems/issues involved
An organized list, or a few short paragraphs detailing suggestions for implementation