Bolt
email
Password Reset Email Never Arrives from Bolt App
Users click 'Forgot Password' in your Bolt.new application and see a success message, but the password reset email never arrives in their inbox. They check their spam folder, wait hours, and still nothing. This locks users out of their accounts with no way to recover access.
Password reset is a critical authentication flow, and when it's broken, users have no self-service path to regain access. They'll either abandon your app entirely or flood your support channels. The problem is especially frustrating because the UI shows a success message even when email delivery fails.
This commonly happens because Bolt sets up authentication with Supabase Auth but doesn't configure email delivery beyond Supabase's built-in email service, which has strict rate limits and often lands in spam. For production apps, you need a proper email delivery service.
Error Messages You Might See
AuthApiError: Email rate limit exceeded
Error sending password reset email
422 Unprocessable Entity: Email not found
SMTP connection refused: check your SMTP settings
Email delivery failed: invalid recipient
Common Causes
- Supabase built-in email rate limit — Supabase's default email service limits sending to 3 emails per hour in development, silently dropping additional requests
- No custom SMTP configured — The app relies on Supabase's built-in email which has low deliverability and often lands in spam folders
- Wrong redirect URL in reset email — The password reset link in the email points to localhost:3000 instead of your production domain
- Email template not customized — The default Supabase email template looks like spam to email providers, lowering delivery rates
- User email typo not caught — No email validation on signup allows misspelled emails (gmial.com, outlok.com) that never receive anything
- Reset endpoint silently fails — The API returns 200 OK even when email sending fails, giving users a false success message
How to Fix It
- Configure custom SMTP — In Supabase dashboard, go to Authentication > SMTP Settings and configure a real email provider: Resend, SendGrid, Postmark, or Amazon SES
- Update the redirect URL — In Supabase Auth settings, set the Site URL to your production domain and add it to Redirect URLs whitelist
- Customize email templates — Edit the password reset template in Supabase dashboard to include your brand name, logo, and clear instructions
- Add proper error handling — Check the Supabase response for errors: const { error } = await supabase.auth.resetPasswordForEmail(email, { redirectTo: 'https://yourapp.com/reset' }); if (error) showError(error.message)
- Verify with email testing — Use a service like Mailtrap or Ethereal to test emails in development before going live
- Add SPF and DKIM records — Configure DNS records for your sending domain to improve deliverability and avoid spam filters
Real developers can help you.
hanson1014
Full-stack developer experienced in fixing and deploying AI-generated apps from Lovable, Bolt.new, Cursor, and Replit. I specialize in debugging Supabase integration issues (auth flows, RLS policies, database connections), fixing broken deployments, resolving routing/blank screen problems, and cleaning up messy React/Vite codebases. I also build production apps with the Claude API and have shipped a Mac desktop dev tool (Nexterm from scratch. Based in Hong Kong, fast turnaround.
Basel Issmail
’m a Senior Full-Stack Developer and Tech Lead with experience designing and building scalable web platforms. I work across the full development lifecycle, from translating business requirements into technical architecture to delivering reliable production systems.
My work focuses on modern web technologies, including TypeScript, Angular, Node.js, and cloud-based architectures. I enjoy solving complex technical problems and helping teams turn product ideas and prototypes into working platforms that can grow and scale.
In addition to development, I often collaborate closely with product managers, business analysts, designers, and QA teams to ensure that solutions align with both technical and business goals.
I enjoy working with startups and product teams where I can contribute both as a hands-on engineer and as a technical partner in designing and delivering impactful software.
Franck Plazanet
I am a Strategic Engineering Leader with over 8 years of experience building high-availability enterprise systems and scaling high-performing technical teams. My focus is on bridging the gap between complex technology and business growth.
Core Expertise:
🚀 Leadership: Managing and coaching teams of 15+ engineers, fostering a culture of accountability and continuous improvement.
🏗️ Architecture: Enterprise Core Systems, Multi-system Integration (ERP/API/ETL), and Core Database Structure.
☁️ Cloud & Scale: AWS Expert; architected systems handling 10B+ monthly requests and managing 100k+ SKUs.
📈 Business Impact: Aligning tech strategy with P&L goals to drive $70k+ in monthly recurring revenue.
I thrive on "out-of-the-box" thinking to solve complex technical bottlenecks and am always looking for ways to use automation to improve business productivity.
Yovel Cohen
I got a lot of experience in building Long-horizon AI Agents in production, Backend apps that scale to millions of users and frontend knowledge as well.
MFox
Full-stack professional senior engineer (15+years). Extensive experience in software development, qa, and IP networking.
ISHANTDEEP SINGH
Senior Software Engineer with 7+ years of experience in React, JavaScript, TypeScript, Next.js, and Node.js. I’ve also worked as a tech lead for startups, owning end-to-end technical execution including architecture, development, scaling, and delivery. I bring a strong mix of hands-on coding, product thinking, and technical leadership, and I’m comfortable building products from scratch as well as improving and scaling existing systems.
Kingsley Omage
Fullstack software engineer passionate about AI Agents, blockchain, LLMs.
Costea Adrian
Embedded Engineer specilizing in perception systems. Latest project was a adas camera calibration system.
Meïr Ankri
Full-stack developer specializing in React / Next.js / Node.js with 6+ years of experience. I've worked across various sectors including automotive (Reezocar/Société Générale), healthcare (Medical Link SaaS), and e-commerce (Glasman). I build web apps end-to-end, from architecture to production, with a focus on scalability, performance, and code quality. I also mentor junior developers and contribute to technical decisions and code reviews.
Mehdi Ben Haddou
- Founder of Chessigma (1M+ users) & many small projects
- ex Founding Engineer @Uplane (YC F25)
- ex Software Engineer @Amazon and @Booking.com
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
Why does Supabase only send 3 emails per hour?
Supabase's built-in email service uses a shared IP with strict rate limits to prevent abuse. This is intentionally limited for development only. For production, you must configure a custom SMTP provider like Resend, SendGrid, or Postmark in the Supabase dashboard.
How do I test password reset emails during development?
Use Supabase's built-in email for basic testing (check Supabase dashboard logs for email content). For realistic testing, use Mailtrap or Ethereal Email as your SMTP provider - they catch all emails in a test inbox without sending them to real addresses.