You can limit login URL generation for the given time span.
For instance, with this example configuration. The client can only create 10 login links within 10 minutes. This way you can prevent potential abuse of the login emails.
In order to comply with GDPR, Magic Login doesn’t save the raw IP address.