Configuration or rule for: "Failed Sending Notification" with the error "the domain is blacklisted"

Hello,

We have various environments for development and testing where all emails from Auth0 are trapped via a fake SMTP server (MailTrap in this case).
Our testers are using various fake email domains for their testing which appear to be black listed for emailing by Auth0.

When a user with a blacklisted email domain attempts to reset their password, they receieve a successful message:
“We’ve just sent you an email to reset your password.”
however the logs show “Success Change Password Request” for that user, followed by “Failed Sending Notification” with the error “the domain is blacklisted”.

I have tried follow the below for white listing the domaons, but I assume this is for access and not emailing:

The user also appears to be able to authenticate through Auth0, so I assume it is just emailing that is blacklisted?

I have yet to see any configuration to change the black listsing in our test environment, nor a rule example to work around this.
I have tried turning off the anomoly detection, but this did not seem to allow the email to send (and is not in the related Auth0 docs).

Any help or guidance would be greatly appreciated.
If configuration of this is not supported, this would be helpful to know so I can report this to our testers.

Thanks,
Sam

Hi @Sam.Pillay

Are you using the default Auth0 SMTP mailer or your own custom SMTP mailer?

If using the default Auth0 SMTP mailer there are restrictions and you may have more luck setting up your own SMTP mailer (docs).

Hope this helps!

2 Likes

Thanks charsleysa,
We are using a Custom Email Provider via a thrid party SMTP server at the moment, so I will recheck all the settings.

Hi, does anybody else in the community have any insight into this?
The settings used for a Custom Email Provider via a thrid party SMTP server do not appear to include any black listing options, so I am still under the impression this is done by Auth0.

Thanks,
Sam
Happy New Year!

Hello,

Following communication with Auth0 Support, I can confirm this feature is not configurable and is not documented.
I have submitted feedback for this to be documented and potentially configurable for non-production environments.

Pending documentation, I have been informed the current email domain blacking listing includes:

'user.com',
'test.com',
'abc.com',
'example.com',
'test.com',
'b.c',
'1.com',
'11.com',
'2.com',
'3.com',
'4.com',
'a.com',
'test.be',
'test.dk',
'nope.com',
'abcdefg.com',
'nowhere.com',
'something.com',
'www.www'
2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.