Bolt
email
Password Reset Email Never Arrives from Bolt App
Users click 'Forgot Password' in your Bolt.new application and see a success message, but the password reset email never arrives in their inbox. They check their spam folder, wait hours, and still nothing. This locks users out of their accounts with no way to recover access.
Password reset is a critical authentication flow, and when it's broken, users have no self-service path to regain access. They'll either abandon your app entirely or flood your support channels. The problem is especially frustrating because the UI shows a success message even when email delivery fails.
This commonly happens because Bolt sets up authentication with Supabase Auth but doesn't configure email delivery beyond Supabase's built-in email service, which has strict rate limits and often lands in spam. For production apps, you need a proper email delivery service.
Error Messages You Might See
AuthApiError: Email rate limit exceeded
Error sending password reset email
422 Unprocessable Entity: Email not found
SMTP connection refused: check your SMTP settings
Email delivery failed: invalid recipient
Common Causes
- Supabase built-in email rate limit — Supabase's default email service limits sending to 3 emails per hour in development, silently dropping additional requests
- No custom SMTP configured — The app relies on Supabase's built-in email which has low deliverability and often lands in spam folders
- Wrong redirect URL in reset email — The password reset link in the email points to localhost:3000 instead of your production domain
- Email template not customized — The default Supabase email template looks like spam to email providers, lowering delivery rates
- User email typo not caught — No email validation on signup allows misspelled emails (gmial.com, outlok.com) that never receive anything
- Reset endpoint silently fails — The API returns 200 OK even when email sending fails, giving users a false success message
How to Fix It
- Configure custom SMTP — In Supabase dashboard, go to Authentication > SMTP Settings and configure a real email provider: Resend, SendGrid, Postmark, or Amazon SES
- Update the redirect URL — In Supabase Auth settings, set the Site URL to your production domain and add it to Redirect URLs whitelist
- Customize email templates — Edit the password reset template in Supabase dashboard to include your brand name, logo, and clear instructions
- Add proper error handling — Check the Supabase response for errors: const { error } = await supabase.auth.resetPasswordForEmail(email, { redirectTo: 'https://yourapp.com/reset' }); if (error) showError(error.message)
- Verify with email testing — Use a service like Mailtrap or Ethereal to test emails in development before going live
- Add SPF and DKIM records — Configure DNS records for your sending domain to improve deliverability and avoid spam filters
Real developers can help you.
hanson1014
Full-stack developer experienced in fixing and deploying AI-generated apps from Lovable, Bolt.new, Cursor, and Replit. I specialize in debugging Supabase integration issues (auth flows, RLS policies, database connections), fixing broken deployments, resolving routing/blank screen problems, and cleaning up messy React/Vite codebases. I also build production apps with the Claude API and have shipped a Mac desktop dev tool (Nexterm from scratch. Based in Hong Kong, fast turnaround.
Matthew Jordan
I've been working at a large software company named Kainos for 2 years, and mainly specialise in Platform Engineering. I regularly enjoy working on software products outside of work, and I'm a huge fan of game development using Unity. I personally enjoy Python & C# in my spare time, but I also specialise in multiple different platform-related technologies from my day job.
Matt Butler
Software Engineer @ AWS
Basel Issmail
’m a Senior Full-Stack Developer and Tech Lead with experience designing and building scalable web platforms. I work across the full development lifecycle, from translating business requirements into technical architecture to delivering reliable production systems.
My work focuses on modern web technologies, including TypeScript, Angular, Node.js, and cloud-based architectures. I enjoy solving complex technical problems and helping teams turn product ideas and prototypes into working platforms that can grow and scale.
In addition to development, I often collaborate closely with product managers, business analysts, designers, and QA teams to ensure that solutions align with both technical and business goals.
I enjoy working with startups and product teams where I can contribute both as a hands-on engineer and as a technical partner in designing and delivering impactful software.
Prakash Prajapati
I’m a Senior Python Developer specializing in building secure, scalable, and highly available systems. I work primarily with Python, Django, FastAPI, Docker, PostgreSQL, and modern AI tooling such as PydanticAI, focusing on clean architecture, strong design principles, and reliable DevOps practices. I enjoy solving complex engineering problems and designing systems that are maintainable, resilient, and built to scale.
Victor Denisov
Developer
Stanislav Prigodich
15+ years building iOS and web apps at startups and enterprise companies. I want to use that experience to help builders ship real products - when something breaks, I'm here to fix it.
Meïr Ankri
Full-stack developer specializing in React / Next.js / Node.js with 6+ years of experience. I've worked across various sectors including automotive (Reezocar/Société Générale), healthcare (Medical Link SaaS), and e-commerce (Glasman). I build web apps end-to-end, from architecture to production, with a focus on scalability, performance, and code quality. I also mentor junior developers and contribute to technical decisions and code reviews.
Omar Faruk
As a Product Engineer at Klasio, I contributed to end-to-end product development, focusing on scalability, performance, and user experience.
My work spanned building and refining core features, developing dynamic website templates, integrating secure and reliable payment gateways, and optimizing the overall system architecture.
I played a key role in creating a scalable and maintainable platform to support educators and learners globally.
I'm enthusiastic about embracing new challenges and making meaningful contributions.
Richard McSorley
Full-Stack Software Engineer with 8+ years building high-performance applications for enterprise clients. Shipped production systems at Walmart (4,000+ stores), Cigna (20M+ users), and Arkansas Blue Cross. 5 patents in retail/supply chain tech. Currently focused on AI integrations, automation tools, and TypeScript-first architectures.
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
Why does Supabase only send 3 emails per hour?
Supabase's built-in email service uses a shared IP with strict rate limits to prevent abuse. This is intentionally limited for development only. For production, you must configure a custom SMTP provider like Resend, SendGrid, or Postmark in the Supabase dashboard.
How do I test password reset emails during development?
Use Supabase's built-in email for basic testing (check Supabase dashboard logs for email content). For realistic testing, use Mailtrap or Ethereal Email as your SMTP provider - they catch all emails in a test inbox without sending them to real addresses.