diff --git a/app/api/views/alias.py b/app/api/views/alias.py
index eef24ba1..6adc9ad3 100644
--- a/app/api/views/alias.py
+++ b/app/api/views/alias.py
@@ -24,6 +24,7 @@ from app.errors import (
     ErrContactAlreadyExists,
     ErrAddressInvalid,
 )
+from app.extensions import limiter
 from app.models import Alias, Contact, Mailbox, AliasMailbox
 
 
@@ -71,6 +72,9 @@ def get_aliases():
 
 
 @api_bp.route("/v2/aliases", methods=["GET", "POST"])
+@limiter.limit(
+    "15/minute",
+)
 @require_api_auth
 def get_aliases_v2():
     """
diff --git a/app/dashboard/views/index.py b/app/dashboard/views/index.py
index ceeef89e..24286dba 100644
--- a/app/dashboard/views/index.py
+++ b/app/dashboard/views/index.py
@@ -57,6 +57,10 @@ def get_stats(user: User) -> Stats:
     methods=["POST"],
     exempt_when=lambda: request.form.get("form-name") != "create-random-email",
 )
+@limiter.limit(
+    "10/minute",
+    methods=["GET"],
+)
 @login_required
 @parallel_limiter.lock(
     name="alias_creation",