Bolt
email
Password Reset Email Never Arrives from Bolt App
Users click 'Forgot Password' in your Bolt.new application and see a success message, but the password reset email never arrives in their inbox. They check their spam folder, wait hours, and still nothing. This locks users out of their accounts with no way to recover access.
Password reset is a critical authentication flow, and when it's broken, users have no self-service path to regain access. They'll either abandon your app entirely or flood your support channels. The problem is especially frustrating because the UI shows a success message even when email delivery fails.
This commonly happens because Bolt sets up authentication with Supabase Auth but doesn't configure email delivery beyond Supabase's built-in email service, which has strict rate limits and often lands in spam. For production apps, you need a proper email delivery service.
Error Messages You Might See
AuthApiError: Email rate limit exceeded
Error sending password reset email
422 Unprocessable Entity: Email not found
SMTP connection refused: check your SMTP settings
Email delivery failed: invalid recipient
Common Causes
- Supabase built-in email rate limit — Supabase's default email service limits sending to 3 emails per hour in development, silently dropping additional requests
- No custom SMTP configured — The app relies on Supabase's built-in email which has low deliverability and often lands in spam folders
- Wrong redirect URL in reset email — The password reset link in the email points to localhost:3000 instead of your production domain
- Email template not customized — The default Supabase email template looks like spam to email providers, lowering delivery rates
- User email typo not caught — No email validation on signup allows misspelled emails (gmial.com, outlok.com) that never receive anything
- Reset endpoint silently fails — The API returns 200 OK even when email sending fails, giving users a false success message
How to Fix It
- Configure custom SMTP — In Supabase dashboard, go to Authentication > SMTP Settings and configure a real email provider: Resend, SendGrid, Postmark, or Amazon SES
- Update the redirect URL — In Supabase Auth settings, set the Site URL to your production domain and add it to Redirect URLs whitelist
- Customize email templates — Edit the password reset template in Supabase dashboard to include your brand name, logo, and clear instructions
- Add proper error handling — Check the Supabase response for errors: const { error } = await supabase.auth.resetPasswordForEmail(email, { redirectTo: 'https://yourapp.com/reset' }); if (error) showError(error.message)
- Verify with email testing — Use a service like Mailtrap or Ethereal to test emails in development before going live
- Add SPF and DKIM records — Configure DNS records for your sending domain to improve deliverability and avoid spam filters
Real developers can help you.
Luca Liberati
I work on monoliths and microservices, backends and frontends, manage K8s clusters and love to design apps architecture
zipking
I am a technologist and product builder dedicated to creating high-impact solutions at the intersection of AI and specialized markets. Currently, I am focused on PropScan (EstateGuard), an AI-driven SaaS platform tailored for the Japanese real estate industry, and exploring the potential of Archify.
As an INFJ-T, I approach development with a "systems-thinking" mindset—balancing technical precision with a deep understanding of user needs. I particularly enjoy the challenge of architecting Vertical AI SaaS and optimizing Small Language Models (SLMs) to solve specific, real-world business problems. Whether I'm in a CTO-level leadership role or hands-on with the code, I thrive on building tools that turn complex data into actionable value.
Stanislav Prigodich
15+ years building iOS and web apps at startups and enterprise companies. I want to use that experience to help builders ship real products - when something breaks, I'm here to fix it.
Kingsley Omage
Fullstack software engineer passionate about AI Agents, blockchain, LLMs.
prajwalfullstack
Hi Im a full stack developer, a vibe coded MVP to Market ready product, I'm here to help
Dor Yaloz
SW engineer with 6+ years of experience,
I worked with React/Node/Python
did projects with React+Capacitor.js for ios
Supabase expert
Caio Rodrigues
I'm a full-stack developer focused on building practical and scalable web applications. My main experience is with **React, TypeScript, and modern frontend architectures**, where I prioritize clean code, component reusability, and maintainable project structures.
I have strong experience working with **dynamic forms, state management (Redux / React Hook Form), and complex data-driven interfaces**. I enjoy solving real-world problems by turning ideas into reliable software that companies can actually use in their daily operations.
Beyond coding, I care about **software quality and architecture**, following best practices for componentization, code organization, and performance optimization.
I'm also comfortable working across the stack when needed, integrating APIs, handling business logic, and helping transform prototypes into production-ready systems.
My goal is always to deliver solutions that are **simple, efficient, and genuinely useful for the people using them.**
Franck Plazanet
I am a Strategic Engineering Leader with over 8 years of experience building high-availability enterprise systems and scaling high-performing technical teams. My focus is on bridging the gap between complex technology and business growth.
Core Expertise:
🚀 Leadership: Managing and coaching teams of 15+ engineers, fostering a culture of accountability and continuous improvement.
🏗️ Architecture: Enterprise Core Systems, Multi-system Integration (ERP/API/ETL), and Core Database Structure.
☁️ Cloud & Scale: AWS Expert; architected systems handling 10B+ monthly requests and managing 100k+ SKUs.
📈 Business Impact: Aligning tech strategy with P&L goals to drive $70k+ in monthly recurring revenue.
I thrive on "out-of-the-box" thinking to solve complex technical bottlenecks and am always looking for ways to use automation to improve business productivity.
Taufan
I’m a product-focused engineer and tech leader who builds scalable systems and turns ideas into production-ready platforms.
Over the past years, I’ve worked across startups and fast-moving teams, leading backend architecture, improving system reliability, and shipping products used by thousands of users. My strength is not just writing code — but connecting product vision, technical execution, and business impact.
Richard McSorley
Full-Stack Software Engineer with 8+ years building high-performance applications for enterprise clients. Shipped production systems at Walmart (4,000+ stores), Cigna (20M+ users), and Arkansas Blue Cross. 5 patents in retail/supply chain tech. Currently focused on AI integrations, automation tools, and TypeScript-first architectures.
You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.
Get HelpFrequently Asked Questions
Why does Supabase only send 3 emails per hour?
Supabase's built-in email service uses a shared IP with strict rate limits to prevent abuse. This is intentionally limited for development only. For production, you must configure a custom SMTP provider like Resend, SendGrid, or Postmark in the Supabase dashboard.
How do I test password reset emails during development?
Use Supabase's built-in email for basic testing (check Supabase dashboard logs for email content). For realistic testing, use Mailtrap or Ethereal Email as your SMTP provider - they catch all emails in a test inbox without sending them to real addresses.