diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee
index 8e45788281..f864535706 100644
--- a/services/web/app/coffee/router.coffee
+++ b/services/web/app/coffee/router.coffee
@@ -127,9 +127,19 @@ module.exports = class Router
 		if Features.hasFeature 'affiliations'
 			webRouter.post '/user/emails',
 				AuthenticationController.requireLogin(),
+				RateLimiterMiddlewear.rateLimit({
+					endpointName: 'add-email',
+					maxRequests: 10
+					timeInterval: 60
+				}),
 				UserEmailsController.add
 			webRouter.post '/user/emails/delete',
 				AuthenticationController.requireLogin(),
+				RateLimiterMiddlewear.rateLimit({
+					endpointName: 'delete-email',
+					maxRequests: 10
+					timeInterval: 60
+				}),
 				UserEmailsController.remove
 			webRouter.post '/user/emails/default',
 				AuthenticationController.requireLogin(),