Email Delivery

SMTP

Recovery only works when the email actually arrives. Use a stable SMTP provider, keep your environment variables organized, and verify the delivery path before shipping the flow.

In this section

Follow the same recovery flow across installation, forms, auth, API wiring, and email delivery.

Structure

Keep the existing docs routes, but present them in a cleaner shell that matches the rest of the product UI.

Provider example

Use a provider dashboard to confirm the exact SMTP credentials your app should send with.

Brevo or similar providers usually expose the host, port, sender identity, and API or SMTP credentials in one place. Mirror those values in your environment file and verify with a test delivery.

SMTP provider dashboard example

SMTP configuration checklist

Good documentation for email delivery should be operational, not abstract. Teams need to know exactly which values to configure and how those settings affect password recovery in production.

Set the SMTP host, port, username, and password from your provider.
Choose the correct transport security mode for that provider.
Use a from-address that matches your verified sending domain.
Test the delivery path before attaching the flow to live accounts.

Transporter and sendEmail utility

Nodemailer works well here because it keeps the transport layer small and explicit. Your recovery endpoints only need one reusable helper that accepts the recipient, subject, and rendered HTML.

Mail utility

import nodemailer from 'nodemailer';
import Env from '@/config/env';

export const transporter = nodemailer.createTransport({
  host: Env.SMTP_HOST,
  port: Number(Env.SMTP_PORT),
  secure: false,
  auth: {
    user: Env.SMTP_USER,
    pass: Env.SMTP_PASSWORD,
  },
});

export const sendEmail = async (
  to: string,
  subject: string,
  html: string
) => {
  const info = await transporter.sendMail({
    from: Env.EMAIL_FROM,
    to,
    subject,
    html,
  });

  return info?.messageId;
};

Environment contract

A dedicated environment wrapper makes the recovery stack easier to reason about. The same settings power SMTP delivery, encryption, and reset URL generation.

Environment variables

class Env {
  static SMTP_HOST: string = process.env.SMTP_HOST!;
  static SMTP_PORT: string = process.env.SMTP_PORT!;
  static SMTP_USER: string = process.env.SMTP_USER!;
  static SMTP_PASSWORD: string = process.env.SMTP_PASSWORD!;
  static SMTP_SECURE: string = process.env.SMTP_SECURE!;
  static EMAIL_FROM: string = process.env.EMAIL_FROM!;
  static SECRET_KEY: string = process.env.NEXTAUTH_SECRET!;
  static APP_URL: string = process.env.APP_URL!;
}

export default Env;
If recovery emails fail in production, check provider credentials, sender verification, blocked ports, and whether the application URL matches the real public domain used in reset links.

Previous

API

Next

You have reached the last guide in this sequence.