Error Sending Email "Invalid login: 451 Authentication failed: Could not authenticate"

Overview

This article explains an error that occurs when using SendGrid as an email provider, which prevents emails from being sent. The following error message from SendGrid is recorded in the tenant logs:

Invalid login: 451 Authentication failed: Could not authenticate

This error may also appear when testing the Email Provider from the Auth0 Dashboard.
Test email sent to your tenant primary email address (present in Tenant Settings). If you don’t receive an email within the next hour, please check your dashboard logs for “Failed Sending Notification” events and review your configuration according to Custom Email Providers. If the problem persists, please contact support.

Applies To

  • SendGrid
  • Simple Mail Transfer Protocol (SMTP) Provider

Cause

The root cause of this error is that the Auth0 Internet Protocol (IP) addresses are not included in SendGrid’s IP allow list. The error can occur when SendGrid is configured using either the SMTP integration or the direct SendGrid integration.

Solution

To resolve this error, the appropriate Auth0 IP addresses must be added to the IP allow list in SendGrid. The required IPs depend on the tenant’s cloud environment:

Troubleshooting Steps in SendGrid

To confirm the configuration on the SendGrid side, perform the following checks.

  1. Navigate to the IP Access Management page in the SendGrid interface and select Allow Listed IP Addresses to verify that all necessary Auth0 IPs are included. Also, review the Recent Access Attempts section to identify any IPs attempting to communicate with SendGrid.
  2. Navigate to the API Keys page in the SendGrid interface to confirm the API Key is valid and matches the one configured in the Auth0 dashboard.
  3. Navigate to the Sender Verification page in the SendGrid interface to ensure the domains are verified under both Domain Authentication and Single Sender Verification.