This article explains why emails sent due to the Breached Password Detection feature are not sent from the Custom Email Provider configured under Branding > Email Provider.

• Breached Password Detection
• Custom Email Providers

Emails sent due to Breached Password Detection are sent by Auth0, likely from the address no-reply@auth0user.net.

The custom email provider is not used for this purpose. To suggest this functionality in a future release of Auth0, please submit a feature request using the Product Feedback form. More information about this process can be found at How to Submit Product Feedback or Feature Requests.