This article addresses an issue where password reset emails fail to send when using a custom external Simple Mail Transfer Protocol (SMTP) provider. The system logs show a 'Failed Sending Notification' event containing the following error:

"email_type": "reset_email",
"to": "<user@domain.com>",
"error": "The requestor's IP Address is not whitelisted"

• Custom Email Provider
• Simple Mail Transfer Protocol (SMTP)

A user (or an application) initiated a password reset for <user@domain.com>. The Auth0 tenant received this instruction and tried to send the reset email ("email_type": "reset_email"). The Auth0 tenant is configured to use a custom SMTP account to send this email. The Auth0 server made an API call to the SMTP server to send the email. The SMTP provider rejected this API call because the IP address of the Auth0 server making the request was not on its "IP Access Management" allow list.

To resolve this error, the custom SMTP provider must be configured to allow inbound connections from Auth0.

1. Obtain the list of Auth0 IP addresses that require access. This list can be found in the Allowlist Auth0 IP Addresses documentation. NOTE: The list of required IP addresses is also available in the Auth0 Dashboard by navigating to Branding > Email Provider.

2. Within the external SMTP provider's security or firewall settings, add the full list of Auth0 IP addresses to the allowlist.