There is no rate limit on the send report feature on the https://rdiffweb-dev.ikus-soft.com/prefs/notification endpoint , which allows an attacker to spam the victims mailbox
1) Go to https://rdiffweb-dev.ikus-soft.com/prefs/notification
2) Click on daily frequency for Send me a backup status report
3) Turn on your intercept and capture the request while you Click the Save and send report button .
4) Send this report to the repeater and send the same request 100 times .
5) You will see that the mailbox has been spammed