We use a database connection and universal login page, without any customization. I just heard from a user that password reset emails are not coming through. We tested it ourselves and cannot get the reset flow emails internally either. Auth0 logs indicate that the emails have been sent, but they never arrive.
"date": "2023-08-22T13:31:53.689Z",
"type": "scpr",
"description": "We've just sent you an email to reset your password.",
"connection": "database",
What can I do to make the password reset flow emails work again?
I found that the password reset emails are now quarantined (with Microsoft 365 default policies):
### Received 22 Aug 2023 17:47:08
### Expires 21 Sep 2023 17:47:08
### Subject Reset your password
### Quarantine reason Bulk
### Policy type Anti-spam policy
### Policy name Strict Preset Security Policy1667553212016
### Recipient count 1
### Recipients test.account@combinostics.com
### Threats Spam
### Delivery action Blocked
### Original location Quarantine
### Latest delivery location Quarantine
### Detection technologies Bulk
### Primary Override : Source None
### Sender address no-reply@auth0user.net
### SMTP mail from address bounce-md_9812467.64e4ca6b.v1-fd7fdcb60dc8432c9e803bc6ef1fd14f@mandrillapp.com
### Sent on behalf of -
### Return path bounce-md_9812467.64e4ca6b.v1-fd7fdcb60dc8432c9e803bc6ef1fd14f@mandrillapp.com
### Sender IP 198.2.145.10
### Location US
### Directionality Inbound
### Network message ID d0042eaf-507e-481c-e90f-08dba31ea914
### Internet message ID <722af674-5f2f-714f-faea-debd4a305532@auth0user.net>
### Campaign ID -
### DMARC -
### DKIM -
### SPF -
### Composite authentication pass
Password reset used to work just fine previously. Is there anything at your end that you can do to improve the deliverability of these password reset emails?
Auth0 emailing service is not intended to work reliably. One must setup a custom emailing service and take care of all the ugly details like DKIM, SPF, DMARC. It would have been great not to worry about that.