Password Reset Email being caught in MS Exchange quarantine

Hi all,

I have discovered that our password reset emails generated by Auth0 are being caught in MS-exchanges quarantine with the tag “high confidence phisihing”. This is causing users to not receive their password reset links. I’m just using the default auth0 email template.

I’m wondering if anyone else has run into this issue know of things I can try to prevent password reset emails from being quarantined.



Hi @odsSofware,

Welcome to the Auth0 Community!

Firstly, I’d like to emphasize that the default Auth0 email provider should only be used for testing purposes.

In production scenarios, we strongly recommend using a Custom Email Provider to avoid any latencies or disruptions.

Once you have configured a custom email provider, you will address the issue with quarantined emails or emails marked as spam.

Please let me know if you have any further questions.

Thank you.

hi @rueben.tiow,

To clarify, I am using the default email content template for the password reset email. We are using our own AWS email provider to actually send the emails.

We have already done some investigation on our end to ensure that our email provider is configured correctly to avoid being flagged as spam, so at this point it seems that the content of the email is causing the emails to be identified by the Exchange spam filter as phishing emails, resulting in the emails being quarantined. The end result is that our customers are not receiving their password reset emails.

Given how common it is for companies to use MS Exchange, I’m hoping someone on here had previously been dealing with this issue and had found some way to update the email content mitigate the likelihood that pw reset email get quarantined.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.