Bolt
email
Password Reset Email Never Arrives from Bolt App
Users click 'Forgot Password' in your Bolt.new application and see a success message, but the password reset email never arrives in their inbox. They check their spam folder, wait hours, and still nothing. This locks users out of their accounts with no way to recover access.
Password reset is a critical authentication flow, and when it's broken, users have no self-service path to regain access. They'll either abandon your app entirely or flood your support channels. The problem is especially frustrating because the UI shows a success message even when email delivery fails.
This commonly happens because Bolt sets up authentication with Supabase Auth but doesn't configure email delivery beyond Supabase's built-in email service, which has strict rate limits and often lands in spam. For production apps, you need a proper email delivery service.
Error Messages You Might See
AuthApiError: Email rate limit exceeded
Error sending password reset email
422 Unprocessable Entity: Email not found
SMTP connection refused: check your SMTP settings
Email delivery failed: invalid recipient
Common Causes
- Supabase built-in email rate limit — Supabase's default email service limits sending to 3 emails per hour in development, silently dropping additional requests
- No custom SMTP configured — The app relies on Supabase's built-in email which has low deliverability and often lands in spam folders
- Wrong redirect URL in reset email — The password reset link in the email points to localhost:3000 instead of your production domain
- Email template not customized — The default Supabase email template looks like spam to email providers, lowering delivery rates
- User email typo not caught — No email validation on signup allows misspelled emails (gmial.com, outlok.com) that never receive anything
- Reset endpoint silently fails — The API returns 200 OK even when email sending fails, giving users a false success message
How to Fix It
- Configure custom SMTP — In Supabase dashboard, go to Authentication > SMTP Settings and configure a real email provider: Resend, SendGrid, Postmark, or Amazon SES
- Update the redirect URL — In Supabase Auth settings, set the Site URL to your production domain and add it to Redirect URLs whitelist
- Customize email templates — Edit the password reset template in Supabase dashboard to include your brand name, logo, and clear instructions
- Add proper error handling — Check the Supabase response for errors: const { error } = await supabase.auth.resetPasswordForEmail(email, { redirectTo: 'https://yourapp.com/reset' }); if (error) showError(error.message)
- Verify with email testing — Use a service like Mailtrap or Ethereal to test emails in development before going live
- Add SPF and DKIM records — Configure DNS records for your sending domain to improve deliverability and avoid spam filters
Real developers can help you.
Taufan
I’m a product-focused engineer and tech leader who builds scalable systems and turns ideas into production-ready platforms.
Over the past years, I’ve worked across startups and fast-moving teams, leading backend architecture, improving system reliability, and shipping products used by thousands of users. My strength is not just writing code — but connecting product vision, technical execution, and business impact.
Basel Issmail
’m a Senior Full-Stack Developer and Tech Lead with experience designing and building scalable web platforms. I work across the full development lifecycle, from translating business requirements into technical architecture to delivering reliable production systems.
My work focuses on modern web technologies, including TypeScript, Angular, Node.js, and cloud-based architectures. I enjoy solving complex technical problems and helping teams turn product ideas and prototypes into working platforms that can grow and scale.
In addition to development, I often collaborate closely with product managers, business analysts, designers, and QA teams to ensure that solutions align with both technical and business goals.
I enjoy working with startups and product teams where I can contribute both as a hands-on engineer and as a technical partner in designing and delivering impactful software.
rayush33
JavaScript (React.js, React Native, Node.js) Developer with demonstrated industry experience of 4+ years, actively looking for opportunities to hone my skills as well as help small-scale business owners with solutions to technical problems
Milan Surelia
Milan Surelia is a Mobile App Developer with 5+ years of experience crafting scalable, cross-platform apps at 7Span and Meticha. At 7Span, he engineers feature-rich Flutter apps with smooth performance and modern UI. As the Co-Founder of Meticha, he builds open-source tools and developer-focused products that solve real-world problems.
Expertise:
💡 Developing cross-platform apps using Flutter, Dart, and Jetpack Compose for Android, iOS, and Web.
🖋️ Sharing insights through technical writing, blogging, and open-source contributions.
🤝 Collaborating closely with designers, PMs, and developers to build seamless mobile experiences.
Notable Achievements:
🎯 Revamped the Vepaar app into Vepaar Store & CRM with a 2x performance boost and smoother UX.
🚀 Launched Compose101 — a Jetpack Compose starter kit to speed up Android development.
🌟 Open source contributions on Github & StackOverflow for Flutter & Dart
🎖️ Worked on improving app performance and user experience with smart solutions.
Milan is always happy to connect, work on new ideas, and explore the latest in technology.
Richard McSorley
Full-Stack Software Engineer with 8+ years building high-performance applications for enterprise clients. Shipped production systems at Walmart (4,000+ stores), Cigna (20M+ users), and Arkansas Blue Cross. 5 patents in retail/supply chain tech. Currently focused on AI integrations, automation tools, and TypeScript-first architectures.
Omar Faruk
As a Product Engineer at Klasio, I contributed to end-to-end product development, focusing on scalability, performance, and user experience.
My work spanned building and refining core features, developing dynamic website templates, integrating secure and reliable payment gateways, and optimizing the overall system architecture.
I played a key role in creating a scalable and maintainable platform to support educators and learners globally.
I'm enthusiastic about embracing new challenges and making meaningful contributions.
Rudra Bhikadiya
I build and fix web apps across Next.js, Node.js, and DBs.
Comfortable jumping into messy code, broken APIs, and mysterious bugs.
If your project works in theory but not in reality, I help close that gap.
Victor Denisov
Developer
Prakash Prajapati
I’m a Senior Python Developer specializing in building secure, scalable, and highly available systems. I work primarily with Python, Django, FastAPI, Docker, PostgreSQL, and modern AI tooling such as PydanticAI, focusing on clean architecture, strong design principles, and reliable DevOps practices. I enjoy solving complex engineering problems and designing systems that are maintainable, resilient, and built to scale.
Matthew Jordan
I've been working at a large software company named Kainos for 2 years, and mainly specialise in Platform Engineering. I regularly enjoy working on software products outside of work, and I'm a huge fan of game development using Unity. I personally enjoy Python & C# in my spare time, but I also specialise in multiple different platform-related technologies from my day job.
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
Why does Supabase only send 3 emails per hour?
Supabase's built-in email service uses a shared IP with strict rate limits to prevent abuse. This is intentionally limited for development only. For production, you must configure a custom SMTP provider like Resend, SendGrid, or Postmark in the Supabase dashboard.
How do I test password reset emails during development?
Use Supabase's built-in email for basic testing (check Supabase dashboard logs for email content). For realistic testing, use Mailtrap or Ethereal Email as your SMTP provider - they catch all emails in a test inbox without sending them to real addresses.