diff --git a/config/initializers/rack_attack.rb b/config/initializers/rack_attack.rb
index a2a39ec9380..c5d8931e4d8 100644
--- a/config/initializers/rack_attack.rb
+++ b/config/initializers/rack_attack.rb
@@ -111,7 +111,7 @@ def headers
         # increments the count), so requests below the limit are not blocked until
         # they hit the limit. At that point, `filter` will return true and block.
         user = req.params.fetch('user', {})
-        email = user['email'].to_s
+        email = user['email'].to_s.downcase.strip
         email_fingerprint = Pii::Fingerprinter.fingerprint(email) if email.present?
         email_and_ip = "#{email_fingerprint}-#{req.remote_ip}"
         maxretry = Figaro.env.logins_per_email_and_ip_limit.to_i
diff --git a/spec/requests/rack_attack_spec.rb b/spec/requests/rack_attack_spec.rb
index f2172ff52c5..af52c0ed728 100644
--- a/spec/requests/rack_attack_spec.rb
+++ b/spec/requests/rack_attack_spec.rb
@@ -205,15 +205,15 @@
       end
     end
 
-    context 'when the number of logins per email and ip is higher than the limit per period' do
+    context 'when number of logins per stripped/downcased email + ip is higher than limit per period' do
       it 'throttles with a custom response' do
         analytics = instance_double(Analytics)
         allow(Analytics).to receive(:new).and_return(analytics)
         allow(analytics).to receive(:track_event)
 
-        (logins_per_email_and_ip_limit + 1).times do
+        (logins_per_email_and_ip_limit + 1).times do |index|
           post '/', params: {
-            user: { email: 'test@example.com' },
+            user: { email: index % 2 == 0 ? 'test@example.com' : ' test@EXAMPLE.com   ' },
           }, headers: { REMOTE_ADDR: '1.2.3.4' }
         end