BACK_TO_FEED
#next.js#supabase#neon#resend

3 Email Problems (And How I Fixed Them)

3/15/2026
6 min
29 VIEWS

While building my project, I ran into several email authentication problems that took hours to debug. Here are the three biggest ones and how I solved them.

1. The Sandbox Restriction (550 Error)

The first problem was that emails were only being sent to my own address. Any other user trying to register caused a 500 error.

The reason was simple: the email service started my account in sandbox mode, which only allows sending emails to the account owner.

Fix:
I verified my domain (lozi.me) and updated the SMTP password in Supabase using a new API key. After that, emails could be sent to anyone.

2. The Double-Wrapped Sender (422 Error)

Next, I started seeing a 422 validation error in the email logs. The issue was with the sender format.

Supabase combined the sender name and email in a way the email service rejected, producing something like:

"BookPulse <hello@noreply.lozi.me>" <hello@noreply.lozi.me>

Fix:
I cleaned the SMTP settings and email templates so the sender field used a proper format with only the correct email address.

3. The otp_expired Password Reset Problem

When password reset emails finally started working, clicking the reset link sent users to the homepage with an otp_expired or access_denied error.

The problem was unexpected: Gmail security bots were clicking the reset link before users did. Since the link was single-use, it expired immediately.

Fix:
Instead of using reset links, I switched to OTP codes. Users receive a 6- or 8-digit code and enter it manually, which bots cannot automatically use.

Bonus: Gmail Marked My Emails as Dangerous

When the emails finally worked, Gmail flagged them as dangerous phishing emails.

This happened because a new domain sending basic emails with security links looks suspicious to Gmail.

Fix:
I updated the email templates with a proper HTML layout and marked the emails as “Looks Safe” in Gmail so the system could learn that they were legitimate.

Lesson learned:
Email authentication seems simple until you actually build it. Domain verification, sender formatting, and bot behavior can all break things in unexpected ways.

But once you solve them, your system becomes much more reliable.

LOG_REF: cmmrp3u3a000004k0b4d3wsbt // UPDATED Mon Apr 06 2026

Continue Reading_

Featured
Feb 17, 2026
5 min read

From Next.js to Android

When I started building Flowly, I chose to use Next.js. As a longtime JS/TS developer, a PWA seemed like the easiest path. But as the app releases, people ask me to make it an app.

# Next.js#Capacitor#pwa
READ MORE
Featured
Feb 11, 2026
5 min read

Solving Hydration Mismatches in Next.js

If you’ve ever opened Chrome DevTools to a wall of red text shouting about "Hydration Mismatches," you probably noticed your site suddenly felt sluggish. I hit this wall recently while building my portfolio. Here’s why it happens and how to fix it—without the technical headache.

# Next.js
READ MORE
Featured
Feb 5, 2026
5 min read

Pointing Hostinger to Vercel

When deploying a Next.js application to Vercel, connecting a custom domain is usually the final step. However, many developers run into the dreaded "Invalid Configuration" red warning like i do. Here is a breakdown of why this happens and how we fixed it for lozi.me(this page _: ) ) me and chatgpt.

#Hostinger#Vercel
READ MORE