We have various environments for development and testing where all emails from Auth0 are trapped via a fake SMTP server (MailTrap in this case).
Our testers are using various fake email domains for their testing which appear to be black listed for emailing by Auth0.
When a user with a blacklisted email domain attempts to reset their password, they receieve a successful message:
“We’ve just sent you an email to reset your password.”
however the logs show “Success Change Password Request” for that user, followed by “Failed Sending Notification” with the error “the domain is blacklisted”.
I have tried follow the below for white listing the domaons, but I assume this is for access and not emailing:
The user also appears to be able to authenticate through Auth0, so I assume it is just emailing that is blacklisted?
I have yet to see any configuration to change the black listsing in our test environment, nor a rule example to work around this.
I have tried turning off the anomoly detection, but this did not seem to allow the email to send (and is not in the related Auth0 docs).
Any help or guidance would be greatly appreciated.
If configuration of this is not supported, this would be helpful to know so I can report this to our testers.
Hi, does anybody else in the community have any insight into this?
The settings used for a Custom Email Provider via a thrid party SMTP server do not appear to include any black listing options, so I am still under the impression this is done by Auth0.
Following communication with Auth0 Support, I can confirm this feature is not configurable and is not documented.
I have submitted feedback for this to be documented and potentially configurable for non-production environments.
Pending documentation, I have been informed the current email domain blacking listing includes: