Summary

Currently, users can trigger multiple email verification requests in rapid succession when changing their email via the profile edit page.

Problem

This could allow:

• accidental double-click spam
• abuse by automated scripts
• unnecessary load on the email system

Proposed Solution

Implement a per-user rate limit using Django's cache.add() to ensure only one verification email can be triggered within 60 seconds.

Additional Notes

This is a follow-up improvement inspired by PR #4804 .