diff --git a/lib/Controller/AutoConfigController.php b/lib/Controller/AutoConfigController.php
index 1a19dbc241..92211833d9 100644
--- a/lib/Controller/AutoConfigController.php
+++ b/lib/Controller/AutoConfigController.php
@@ -34,6 +34,7 @@
 use OCA\Mail\Validation\RemoteHostValidator;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
+use OCP\AppFramework\Http\Attribute\UserRateLimit;
 use OCP\IRequest;
 use function in_array;
 
@@ -60,9 +61,11 @@ public function __construct(IRequest $request,
 	 *
 	 * @NoAdminRequired
 	 * @TrapError
+	 * @UserRateThrottle(limit: 5, period: 60)
 	 *
 	 * @return JsonResponse
 	 */
+	#[UserRateLimit(limit: 5, period: 60)]
 	public function queryIspdb(string $email): JsonResponse {
 		$rfc822Address = new Horde_Mail_Rfc822_Address($email);
 		if (!$rfc822Address->valid || !$this->hostValidator->isValid($rfc822Address->host)) {
@@ -78,9 +81,11 @@ public function queryIspdb(string $email): JsonResponse {
 	 *
 	 * @NoAdminRequired
 	 * @TrapError
+	 * @UserRateThrottle(limit: 5, period: 60)
 	 *
 	 * @return JsonResponse
 	 */
+	#[UserRateLimit(limit: 5, period: 60)]
 	public function queryMx(string $email): JsonResponse {
 		$rfc822Address = new Horde_Mail_Rfc822_Address($email);
 		if (!$rfc822Address->valid || !$this->hostValidator->isValid($rfc822Address->host)) {
@@ -98,9 +103,11 @@ public function queryMx(string $email): JsonResponse {
 	 *
 	 * @NoAdminRequired
 	 * @TrapError
+	 * @UserRateThrottle(limit: 10, period: 60)
 	 *
 	 * @return JsonResponse
 	 */
+	#[UserRateLimit(limit: 10, period: 60)]
 	public function testConnectivity(string $host, int $port): JsonResponse {
 		if (!in_array($port, [143, 993, 465, 587])) {
 			return JsonResponse::fail('Port not allowed');
diff --git a/src/components/AccountForm.vue b/src/components/AccountForm.vue
index a30fe597ac..53bfab3742 100644
--- a/src/components/AccountForm.vue
+++ b/src/components/AccountForm.vue
@@ -612,6 +612,8 @@ export default {
 						this.feedback = t('mail', 'SMTP connection failed')
 					} else if (error.message === CONSENT_ABORTED) {
 						this.feedback = t('mail', 'Google authorization popup closed')
+					} else if (error.response?.status === 429) {
+						this.feedback = t('mail', 'Configuration discovery temporarily not available. Please try again later.')
 					} else {
 						this.feedback = t('mail', 'There was an error while setting up your account')
 					}