[SOLVED] Bug in Accounts Email Verification Occasionally Doesn't Send Verification Email

I have a production app that uses the Accounts package send-email-verification functionality. I’m experiencing an issue where about once per week, maybe every forty or fifty new accounts, someone complains of never receiving the verification email.

I configured the email to send using:

Accounts.config({
    sendVerificationEmail: true
});

And it sends the verification emails successfully for 95% of my users. Like clockwork, there’s always one user on a regular basis who complains the email never landed and is also not in their spam folder.

I limit functionality in my app until the user verifies their email. So I provide a button to resend their email, which I’ve also tested and know it works. And the strange thing is that when a user does not receive the email, and presses the button several times, their Meteor User document successfully shows that they requested multiple verificationTokens showing the correct email:

email: {
    verificationTokens: [
        {
          token: "HPHa3lKLiBseffS-_BEw-qXC7Bj-e_883993jBNVeo2k",
          address: "johndoe@email.com",
          when: ISODate("2017-10-04T00:13:15.307Z")
        },
        {
          token: "J39jk39320jkJKLl-_alLOk20Okkl-e_29alaI2020KKKE",
          address: "johndoe@email.com",
          when: ISODate("2017-10-04T00:11:20.629Z")
        },
        {
          token: "83JJujkkwujmbw8-_BEw-qXC7Bj-e_4dzRMUUCnof9E",
          address: "johndoe@email.com",
          when: ISODate("2017-10-03T00:13:15.307Z")
        },
        {
          token: "12GWbso9288ka-_BEw-qXC7Bj-e_93la93k9922kiIIKE",
          address: "johndoe@email.com",
          when: ISODate("2017-10-02T00:13:15.307Z")
        },
    ]
}

So somewhere in the API it’s getting that the email should be resent, but the email never sends to that user.

Every time I test it myself on a “one-off” dummy account it always works.

This has been a really annoying bug and a problem for users as I noticed a lot of unverified accounts - almost 50% of my total users - most probably didn’t choose to verify and flaked off, but I can’t help but wonder how many didn’t verify because of this bug. As I assume only a fraction actually email us about it. So maybe the problem is more severe than 5% or so.

Does anyone have any ideas about how to test this and/or create a looping-test repo that could demonstrate this? Without creating hundreds of test email accounts? Like maybe loop over the same account a hundred times? Adding, testing the confirmation email, removing the account, repeat?

Anyone else experienced this? I’ve filed a Meteor bug: https://github.com/meteor/meteor/issues/9192

As it occurs, we’ve been feeling like email verification is too much friction anyway and are thinking switching to reCAPTCHA only to verify users. Just have a reCAPTCHA on the account creation page and then allow full access from there. It seems like less friction in the end. Any experience or advise with this?

I’m not saying that there isn’t a bug in the Accounts code, but given my experience, what seems way more likely is that this is a deliverability issue.

What mail service are you using to deliver your mail? If I had to guess, I’d say your emails are likely getting rejected. We’ve seen this with some frequency, due to things like being on a shared, temporarily-blacklisted ip, not being on a custom mail services’s whitelist of ips, things like that.

If you have access to the actual deliverability data, I’d look there for errors first.

1 Like

Ah yeah… I think you’re right. I checked my mailgun logs and I’m seeing errors every so often… looks like it has something to do with this:

https://stackoverflow.com/questions/27930771/mailgun-messages-from-subdomain-without-mx-record-get-rejected-by-some-mail-prov

I just assumed because it worked most of the time it must be a bug. Will close the above issue. And report back here once solved.

1 Like

It turns out the issue wasn’t the above article (though it’s related somewhat). The issue was not setting MX entries in my DNS settings for my subdomain that Mailgun was using with my app. I never set those because my naked domain also sends email for my landing page, uses Mailgun, and had MX entries set, so I thought that was enough… and my app was sending email correctly 95% of the time. I may revisit this in the future to not have two email endpoints in the future as I can probably configure it to only use one. Thought after a week of testing, everything is working fine without a single email error.

After a lot of hunting, this article describes the exact problem and solution:

Without these records you may see an increase in “Sender Domain Verification” errors, which are errors that the recipient server returns whenever your domain lacks MX records. By configuring your domain with MX records (Either Mailgun’s or your other incoming server) it will resolve the above error and prevent it from occurring.

https://help.mailgun.com/hc/en-us/articles/203357040-Can-I-use-the-same-domain-name-for-Mailgun-and-for-Google-Apps-or-another-email-server-