Skip to main content
RapidDev - Software Development Agency
supabase-tutorial

How to Change SMTP Settings in Supabase

Supabase's default email sender is limited to 2 emails per hour, which breaks production auth flows. To remove this limit, configure a custom SMTP provider in the Dashboard under Authentication > SMTP Settings. Enter the host, port, username, password, and sender address from your provider (Resend, SendGrid, or Mailgun). Save and test — auth emails will now be sent through your SMTP provider with much higher limits.

What you'll learn

  • How to configure custom SMTP settings in the Supabase Dashboard
  • How to set up popular SMTP providers like Resend, SendGrid, and Mailgun
  • How to test that your SMTP configuration is working correctly
  • How to troubleshoot common SMTP delivery issues
Book a free consultation
4.9Clutch rating
600+Happy partners
17+Countries served
190+Team members
Beginner8 min read10-15 minSupabase (all plans), any SMTP providerMarch 2026RapidDev Engineering Team
TL;DR

Supabase's default email sender is limited to 2 emails per hour, which breaks production auth flows. To remove this limit, configure a custom SMTP provider in the Dashboard under Authentication > SMTP Settings. Enter the host, port, username, password, and sender address from your provider (Resend, SendGrid, or Mailgun). Save and test — auth emails will now be sent through your SMTP provider with much higher limits.

Configuring Custom SMTP Settings in Supabase

By default, Supabase sends authentication emails (confirmation, magic link, password reset, invite) through its built-in email service, which is limited to 2 emails per hour. This is fine for development but completely unusable for production. To remove this restriction, you configure a custom SMTP provider that handles email delivery on your behalf. This tutorial walks through the setup for the most popular providers and shows you how to verify everything works.

Prerequisites

  • A Supabase project (free tier works)
  • An account with an SMTP provider (Resend, SendGrid, Mailgun, or AWS SES)
  • SMTP credentials from your provider (host, port, username, password)
  • A verified sender domain or email address with your SMTP provider

Step-by-step guide

1

Understand the default email limits

Before configuring custom SMTP, understand what the defaults are. Supabase's built-in email service (powered by a shared SMTP relay) allows only 2 emails per hour across all email types: confirmation, magic link, password reset, and invite. If you exceed this limit, users will not receive emails and auth flows will silently fail. There is no error in the client — the signUp or resetPassword call succeeds, but the email never arrives. This is the number one reason users think their auth is broken in production.

Expected result: You understand that the 2 emails/hour limit must be resolved before going to production with any email-based auth flow.

2

Get SMTP credentials from your provider

Sign up for an SMTP provider and obtain the credentials you need. Each provider gives you a host, port, username, and password (or API key). Here are the settings for the most popular providers. Most providers also require you to verify a sender domain (e.g., mail.yourdomain.com) by adding DNS records before you can send emails.

typescript
1# Resend (recommended for simplicity)
2# Host: smtp.resend.com
3# Port: 465 (SSL) or 587 (TLS)
4# Username: resend
5# Password: re_your_api_key_here
6# Sender: noreply@yourdomain.com
7
8# SendGrid
9# Host: smtp.sendgrid.net
10# Port: 587
11# Username: apikey
12# Password: SG.your_api_key_here
13# Sender: noreply@yourdomain.com
14
15# Mailgun
16# Host: smtp.mailgun.org
17# Port: 587
18# Username: postmaster@mg.yourdomain.com
19# Password: your_mailgun_password
20# Sender: noreply@yourdomain.com
21
22# AWS SES
23# Host: email-smtp.us-east-1.amazonaws.com
24# Port: 587
25# Username: your_ses_smtp_username
26# Password: your_ses_smtp_password
27# Sender: noreply@yourdomain.com

Expected result: You have the SMTP host, port, username, password, and a verified sender email address from your chosen provider.

3

Configure SMTP in the Supabase Dashboard

In the Supabase Dashboard, go to Authentication > SMTP Settings (or Project Settings > Authentication > SMTP). Toggle the Enable Custom SMTP switch. Fill in the fields: Sender Email (the from address), Sender Name (displayed in email clients), Host, Port, Username, and Password. Choose the minimum TLS version (TLS 1.2 is recommended). Click Save to apply the settings. From this point, all auth emails will be sent through your SMTP provider instead of Supabase's default service.

Expected result: The SMTP settings are saved in the Dashboard. A green checkmark or success message confirms the configuration was applied.

4

Test the SMTP configuration

After saving your SMTP settings, test that emails are actually being delivered. The easiest way is to trigger a password reset or magic link from your application. Go to your app's login page and use the forgot password or magic link flow. Check the recipient's inbox (and spam folder) for the email. If the email arrives, your SMTP configuration is working. If not, check the error logs in your SMTP provider's dashboard — most providers show delivery attempts and errors.

typescript
1// Trigger a test email via password reset
2import { supabase } from '@/lib/supabase'
3
4const { error } = await supabase.auth.resetPasswordForEmail(
5  'your-test-email@example.com',
6  { redirectTo: 'http://localhost:3000/reset-password' }
7)
8
9if (error) {
10  console.error('Reset email error:', error.message)
11} else {
12  console.log('Reset email sent — check your inbox')
13}

Expected result: The test email arrives in the recipient's inbox, confirming that your custom SMTP settings are working correctly.

5

Update your email templates

After configuring SMTP, customize the email templates to match your brand. Go to Authentication > Email Templates in the Dashboard. You can edit the HTML template for each email type: Confirm Signup, Magic Link, Change Email Address, and Reset Password. Use Supabase template variables like {{ .ConfirmationURL }}, {{ .Token }}, and {{ .SiteURL }} to insert dynamic content. Apply your brand colors, logo, and tone to create a professional experience.

typescript
1<!-- Example: Custom confirmation email template -->
2<html>
3<body style="font-family: Arial, sans-serif; padding: 20px;">
4  <h2>Welcome to Your App!</h2>
5  <p>Thanks for signing up. Please confirm your email address by clicking the button below.</p>
6  <a href="{{ .ConfirmationURL }}"
7     style="display: inline-block; padding: 12px 24px; background: #3b82f6;
8            color: white; text-decoration: none; border-radius: 6px;">
9    Confirm Email
10  </a>
11  <p style="color: #666; margin-top: 20px; font-size: 14px;">
12    If you did not create an account, you can safely ignore this email.
13  </p>
14</body>
15</html>

Expected result: Auth emails are sent with your custom branding, logo, and copy instead of the default Supabase template.

Complete working example

test-smtp-setup.ts
1// Complete SMTP verification script
2// Run this after configuring custom SMTP to verify all email types work
3
4import { createClient } from '@supabase/supabase-js'
5
6const supabase = createClient(
7  process.env.NEXT_PUBLIC_SUPABASE_URL!,
8  process.env.NEXT_PUBLIC_SUPABASE_ANON_KEY!
9)
10
11const TEST_EMAIL = 'your-test-email@example.com'
12const REDIRECT_URL = 'http://localhost:3000'
13
14async function testPasswordReset() {
15  console.log('Testing password reset email...')
16  const { error } = await supabase.auth.resetPasswordForEmail(TEST_EMAIL, {
17    redirectTo: `${REDIRECT_URL}/reset-password`,
18  })
19  if (error) {
20    console.error('Password reset email FAILED:', error.message)
21  } else {
22    console.log('Password reset email SENT — check inbox')
23  }
24}
25
26async function testMagicLink() {
27  console.log('Testing magic link email...')
28  const { error } = await supabase.auth.signInWithOtp({
29    email: TEST_EMAIL,
30    options: {
31      emailRedirectTo: `${REDIRECT_URL}/dashboard`,
32    },
33  })
34  if (error) {
35    console.error('Magic link email FAILED:', error.message)
36  } else {
37    console.log('Magic link email SENT — check inbox')
38  }
39}
40
41async function testSignupConfirmation() {
42  console.log('Testing signup confirmation email...')
43  const { error } = await supabase.auth.signUp({
44    email: `test-${Date.now()}@example.com`,
45    password: 'test-password-12345',
46    options: {
47      emailRedirectTo: `${REDIRECT_URL}/welcome`,
48    },
49  })
50  if (error) {
51    console.error('Signup confirmation FAILED:', error.message)
52  } else {
53    console.log('Signup confirmation SENT — check inbox')
54  }
55}
56
57// Run all tests
58async function main() {
59  console.log('=== SMTP Configuration Test ===')
60  console.log(`Supabase URL: ${process.env.NEXT_PUBLIC_SUPABASE_URL}`)
61  console.log(`Test email: ${TEST_EMAIL}\n`)
62
63  await testPasswordReset()
64  await testMagicLink()
65  await testSignupConfirmation()
66
67  console.log('\nDone. Check your inbox for all three emails.')
68}
69
70main()

Common mistakes when changing SMTP Settings in Supabase

Why it's a problem: Going to production without configuring custom SMTP, hitting the 2 emails/hour limit

How to avoid: Always configure custom SMTP before launch. The default limit is per-project, not per-user, so even a handful of signups can exhaust the limit.

Why it's a problem: Using incorrect SMTP port or missing TLS configuration, causing connection failures

How to avoid: Most providers use port 587 with STARTTLS or port 465 with SSL. Check your provider's documentation for the correct port. Set minimum TLS to 1.2 in the Supabase Dashboard.

Why it's a problem: Not verifying the sender domain with the SMTP provider, causing emails to land in spam

How to avoid: Add the required DNS records (SPF, DKIM, DMARC) to your domain as specified by your SMTP provider. Domain verification significantly improves email deliverability.

Why it's a problem: Using a personal Gmail address as the SMTP sender, which has low deliverability and strict limits

How to avoid: Use a dedicated SMTP service (Resend, SendGrid, Mailgun) with a verified business domain. Gmail SMTP is not designed for transactional emails.

Best practices

  • Configure custom SMTP before your app goes to production — the default 2 emails/hour limit will break auth flows
  • Verify your sender domain (SPF, DKIM, DMARC records) for better email deliverability
  • Use a dedicated transactional email service (Resend, SendGrid, Mailgun) rather than a general email provider
  • Set a recognizable sender name and email address so users trust and open the emails
  • Customize email templates to match your brand including logo, colors, and professional copy
  • Monitor your SMTP provider's dashboard for delivery errors and bounce rates
  • Test all email types (confirmation, magic link, password reset, invite) after configuration
  • Keep your SMTP credentials secure — rotate API keys periodically and update them in the Dashboard

Still stuck?

Copy one of these prompts to get a personalized, step-by-step explanation.

ChatGPT Prompt

I need to configure custom SMTP for my Supabase project because the default 2 emails/hour limit is blocking my users. Walk me through setting up Resend as my SMTP provider, configuring it in the Supabase Dashboard, and testing that all auth emails work.

Supabase Prompt

Set up custom SMTP in my Supabase project using Resend. Show me where to enter the SMTP settings in the Dashboard, what values to use for Resend, and how to test that confirmation, magic link, and password reset emails are working.

Frequently asked questions

What is the default email sending limit in Supabase?

Supabase's built-in email service is limited to 2 emails per hour across all email types (confirmation, magic link, password reset, invite). This limit is per-project, not per-user.

Which SMTP provider should I use?

Resend is the simplest to set up with a generous free tier (100 emails/day). SendGrid offers a free tier of 100 emails/day with more features. Mailgun has reliable delivery but no free tier. AWS SES is the cheapest at scale but requires more setup.

Do I need to verify my domain to send emails?

Most SMTP providers require domain verification (adding SPF, DKIM, and DMARC DNS records) for production use. You can usually send to your own email without verification for testing, but domain verification is essential for deliverability.

Why are my emails landing in spam?

The most common cause is an unverified sender domain. Add the SPF, DKIM, and DMARC records your SMTP provider specifies. Also avoid using a free email address (gmail.com, yahoo.com) as the sender.

Can I use different SMTP providers for different email types?

No. Supabase uses a single SMTP configuration for all auth email types. If you need different providers for different email types, handle those emails through Edge Functions instead of built-in auth emails.

Does changing SMTP settings affect existing users?

No. Changing SMTP settings only affects future emails. Existing users who already confirmed their email are not affected. Users waiting for a confirmation email will receive it from the new provider when they next trigger an email.

Can RapidDev help me configure email delivery for my Supabase project?

Yes. RapidDev can set up your SMTP provider, configure domain verification, customize email templates, and ensure reliable email delivery for your Supabase authentication flows.

RapidDev

Talk to an Expert

Our team has built 600+ apps. Get personalized help with your project.

Book a free consultation

Need help with your project?

Our experts have built 600+ apps and can accelerate your development. Book a free consultation — no strings attached.

Book a free consultation

We put the rapid in RapidDev

Need a dedicated strategic tech and growth partner? Discover what RapidDev can do for your business! Book a call with our team to schedule a free, no-obligation consultation. We'll discuss your project and provide a custom quote at no cost.