Last Updated: Sep 27, 2024
Overview
This article provides guidance on what to do if the customer is facing errors with email delivery.
Applies To
- Custom Email Provider
- Emails
- When emails are:
- not delivered.
- delayed (several minutes to hours).
- marked as spam.
Cause
- Using tenant’s built-in email provider.
- Email sending infrastructure or domain not configured correctly.
Solution
Custom Email Provider
Configure a custom email provider for successful email delivery. The built-in provider is for testing purposes only, and depending on overall load (it is a shared resource), it may not even perform satisfactorily for testing.
Infrastructure and domain configuration
Email delivery today depends heavily on the proper configuration of the tenant’s domain and sending infrastructure. Specifically, expect unpredictable email delivery unless the following standards are properly configured on the email domains:
- DKIM
- SPF
- DMARC
MXToolBox is a tool for diagnosing email delivery issues. This external link is unaffiliated with Okta/Auth0–the free tier should suffice for troubleshooting.
It has tools for analyzing DNS records related to DKIM, SPF, and DMARC, as well as a header analyzer that can be very helpful for pinpointing specific issues.
The vast majority of email delivery issues can be traced to incorrect or missing DKIM, SPF, and/or DMARC configurations.
The following links have some good introductory information on DKIM, SPF, and DMARC:
NOTE: These external links are unaffiliated with Okta/Auth0.
Microsoft/Exchange specific issues
Microsoft email products are known to sometimes quarantine messages that are considered high risk. This is a step beyond simply marking the message as spam. In this case the message is accepted by Microsoft’s email infrastructure, but the user has no way to see it. Usually, an administrator is able to view these messages in a special inbox. The message headers can be reviewed to determine the reason for the high spam score (often DMARC alignment failure).
When should I open a support case?
Before contacting support, make sure a custom email provider has been configured and that the domain properly implements DKIM, SPF, and DMARC.
If messages aren’t delivered at all, Auth0 support can usually tell if messages are accepted by the custom email provider and the error returned if they are not accepted. Delayed messages are usually caused by downstream issues that Auth0 engineers don’t have insight into, but we are happy to review the case and provide guidance on the next steps.