Password Reset Email Never Arrives from Bolt App
Users click 'Forgot Password' in your Bolt.new application and see a success message, but the password reset email never arrives in their inbox. They check their spam folder, wait hours, and still nothing. This locks users out of their accounts with no way to recover access.
Password reset is a critical authentication flow, and when it's broken, users have no self-service path to regain access. They'll either abandon your app entirely or flood your support channels. The problem is especially frustrating because the UI shows a success message even when email delivery fails.
This commonly happens because Bolt sets up authentication with Supabase Auth but doesn't configure email delivery beyond Supabase's built-in email service, which has strict rate limits and often lands in spam. For production apps, you need a proper email delivery service.
Error Messages You Might See
Common Causes
- Supabase built-in email rate limit — Supabase's default email service limits sending to 3 emails per hour in development, silently dropping additional requests
- No custom SMTP configured — The app relies on Supabase's built-in email which has low deliverability and often lands in spam folders
- Wrong redirect URL in reset email — The password reset link in the email points to localhost:3000 instead of your production domain
- Email template not customized — The default Supabase email template looks like spam to email providers, lowering delivery rates
- User email typo not caught — No email validation on signup allows misspelled emails (gmial.com, outlok.com) that never receive anything
- Reset endpoint silently fails — The API returns 200 OK even when email sending fails, giving users a false success message
How to Fix It
- Configure custom SMTP — In Supabase dashboard, go to Authentication > SMTP Settings and configure a real email provider: Resend, SendGrid, Postmark, or Amazon SES
- Update the redirect URL — In Supabase Auth settings, set the Site URL to your production domain and add it to Redirect URLs whitelist
- Customize email templates — Edit the password reset template in Supabase dashboard to include your brand name, logo, and clear instructions
- Add proper error handling — Check the Supabase response for errors: const { error } = await supabase.auth.resetPasswordForEmail(email, { redirectTo: 'https://yourapp.com/reset' }); if (error) showError(error.message)
- Verify with email testing — Use a service like Mailtrap or Ethereal to test emails in development before going live
- Add SPF and DKIM records — Configure DNS records for your sending domain to improve deliverability and avoid spam filters
Real developers can help you.
Omar Faruk
As a Product Engineer at Klasio, I contributed to end-to-end product development, focusing on scalability, performance, and user experience.
My work spanned building and refining core features, developing dynamic website templates, integrating secure and reliable payment gateways, and optimizing the overall system architecture.
I played a key role in creating a scalable and maintainable platform to support educators and learners globally.
I'm enthusiastic about embracing new challenges and making meaningful contributions.
Tejas Chokhawala
Full-stack engineer with 5 years experience building production web apps using React, Next.js and TypeScript.
Focused on performance, clean architecture and shipping fast.
Experienced with Supabase/Postgres backends, Stripe billing, and building AI-assisted developer tools.
Rudra Bhikadiya
I build and fix web apps across Next.js, Node.js, and DBs.
Comfortable jumping into messy code, broken APIs, and mysterious bugs.
If your project works in theory but not in reality, I help close that gap.
Jen Jacobsen
I’m a Full-Stack Developer with over 10 years of experience building modern web and mobile applications. I enjoy working across the full product lifecycle — turning ideas into real, well-built products that are intuitive for users and scalable for businesses.
I particularly enjoy building mobile apps, modern web platforms, and solving complex technical problems in a way that keeps systems clean, reliable, and easy to maintain.
Daniel Vázquez
Software Engineer with over 10 years of experience on Startups, Government, big tech industry & consulting.
Taufan
I’m a product-focused engineer and tech leader who builds scalable systems and turns ideas into production-ready platforms.
Over the past years, I’ve worked across startups and fast-moving teams, leading backend architecture, improving system reliability, and shipping products used by thousands of users. My strength is not just writing code — but connecting product vision, technical execution, and business impact.
David Olverson
Solo dev shipping production apps with AI-assisted development. I specialize in rescuing broken Lovable/Bolt/Cursor builds and taking them to production. 10+ apps shipped including SaaS CRMs, gaming platforms, real estate tools, and Discord bots. Stack: Next.js 16, TypeScript, Tailwind CSS, FastAPI, PostgreSQL, Prisma. I use Claude Code with 50+ custom skills for rapid delivery. Average turnaround: 2-4 weeks from broken prototype to production.
Richard McSorley
Full-Stack Software Engineer with 8+ years building high-performance applications for enterprise clients. Shipped production systems at Walmart (4,000+ stores), Cigna (20M+ users), and Arkansas Blue Cross. 5 patents in retail/supply chain tech. Currently focused on AI integrations, automation tools, and TypeScript-first architectures.
BurnHavoc
Been around fixing other peoples code for 20 years.
Costea Adrian
Embedded Engineer specilizing in perception systems. Latest project was a adas camera calibration system.
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
Why does Supabase only send 3 emails per hour?
Supabase's built-in email service uses a shared IP with strict rate limits to prevent abuse. This is intentionally limited for development only. For production, you must configure a custom SMTP provider like Resend, SendGrid, or Postmark in the Supabase dashboard.
How do I test password reset emails during development?
Use Supabase's built-in email for basic testing (check Supabase dashboard logs for email content). For realistic testing, use Mailtrap or Ethereal Email as your SMTP provider - they catch all emails in a test inbox without sending them to real addresses.