The password reset email is one of the most commonly received emails today. Building a software application without incorporating an email notification for forgotten passwords is virtually impossible.
However, the very prevalence of password reset emails makes their design and content challenging. These emails are so commonplace that they’re often overlooked. But subtle nuances can significantly impact their effectiveness, making them either user-friendly and convenient or confusing and frustrating.
The process of restoring an account necessitates a delicate balancing act between ensuring password security and maintaining usability.
Similar to how one wouldn’t leave a spare key under the doormat, a password reset email shouldn’t be an easy gateway for unauthorized individuals to hijack an account. On the other hand, a password reset email is a valuable opportunity for positive customer interaction.
Below, we list the best practices for sending password reset emails and share some excellent deliverability tips to help you reach your customers.
A password reset email is a type of transactional email that is automatically triggered when a user clicks on a “Forgot password?” link. It’s a vital component of the account recovery process, which allows users to reset their passwords and regain access to their accounts.
This email typically includes essential information, such as instructions on how to reset the password and a link to the service’s reset password web page. The link provided in the email leads the user to a secure web page where they can enter a new password for their account.
Password reset emails are crucial to account security, as they provide a way for users to verify their identity and ensure that only they can reset their passwords. It helps prevent unauthorized access to their account by would-be attackers.
CyberLabs #2 – Password security, the reason why you should create strong passwords
As such, password reset emails must be designed with security and usability in mind. They should use clear and concise language to guide the user through the process of resetting their password and provide a secure and easy-to-use mechanism for updating their account details.
By providing users with a clear and effective password reset email, service providers can ensure that their users can easily reset their passwords, enhance the overall user experience, and maintain the security of their accounts.
Here are the best practices to follow while creating password reset emails.
Maximize your email deliverability and security with EmailLabs!
When customers ask for a password reset, they require access to their accounts as quickly as possible. It means the speed at which they receive the password reset email can significantly impact their experience.
To ensure that the password reset email arrives immediately, optimizing your email deliverability is crucial. It involves using a trusted email service provider designed to deliver emails at peak performance. You should send emails from a domain with a good reputation and complete DKIM, SPF (and ideally also with DMARC) records for email authentication.
To achieve this, it’s important to work with a reliable email service provider that has the expertise and infrastructure to deliver emails quickly and reliably — like us, EmailLabs. Doing so can help to ensure that the password reset email arrives in the recipient’s inbox as soon as possible, reducing the chance of delays that could impact their experience.
Ideally, the email should land in the recipient’s inbox right after they make a request — like in the example below.
Ensuring that your password reset emails are delivered to your customers’ inboxes is crucial for providing a seamless and hassle-free password reset process.
By prioritizing email deliverability and working with a reputable email service provider, you can ensure your users receive the password reset email as quickly and efficiently as possible.
Equally important when it comes to categorizing messages – it is worth betting on a server dedicated to transactional traffic. Sending emails from a shared IP may end up with the email going to the “Promotions” tab.
As mentioned before, when it comes to a password reset request, people expect the process to be quick and straightforward. As such, the password reset email should be concise and get straight to the point.
Users generally don’t want to spend more time than necessary on account recovery. A long, complex email can be seen as a roadblock that prevents them from completing the task.
Instead, password reset emails should be kept short and easy to read, providing only the essential information that users need to reset their passwords and regain access to their accounts.
The email should be written in clear and simple language that is easy to understand. It should also include explicit instructions on how to reset the password, along with a link to the password reset web page.
The following example perfectly demonstrates this concept. It includes a brief explanation and a clear “Reset your password” button.
The link to reset the password is the most important part of the password reset email. Because of that, it’s essential to ensure that the link is clearly visible and easy to click, as this will make it as simple as possible for the user to access the password reset page.
To make the process as smooth as possible, it’s best to use the HREF attribute of a link rather than embedding the password reset link directly in the email. This is because the URL for the password reset page is often quite long and complex, and embedding it directly in the email can make it difficult to click or copy and paste. It may also cause some email programs to consider the message as phishing.
CyberLabs #1 – Phishing being one of the most popular cyber threats
Using the HREF attribute of a link, you can make the password reset link more prominent and visible, making it easier for users to find and click. It can help ensure that the password reset process is as smooth and straightforward as possible, minimizing any frustration or confusion that users might experience.
When resetting a password, you must ensure that the email you send is secure and legitimate. If the email comes from an unfamiliar sender name or address, it’s natural for recipients to assume that it might be spam or a phishing attempt.
To build trust and reassure recipients, it’s vital to identify your company in the sender’s name and address. Additionally, including your logo at the top of the email can help reinforce your brand identity and provide a visual cue that the email is from a legitimate source.
For example, in the password reset email from Evernote, the sender’s name is clearly identified as Evernote, and the email address is [email protected].com
The email also prominently features the Evernote logo at the top. All these elements make it clear that the email is from Evernote and helps reassure the recipient that it is safe to open the email and click on the password reset link.
Including marketing material in transactional emails can confuse Inbox Service Providers (ISPs) and cause them to flag the email as a marketing email. This situation increases the likelihood that the email will end up in the recipient’s spam folder rather than their inbox.
Consequently, it’s crucial to keep transactional emails focused solely on their intended purpose and avoid including any marketing messages or material.
Patreon password reset email sets a good example by being concise and easily readable.
When resetting a password, there’s nothing more frustrating than encountering obstacles or distractions along the way. That’s why it’s essential to provide users with password resets email that is clear, straightforward, and easy to use.
The best password reset emails typically feature a single, prominent call-to-action (CTA) button or link that leads the user directly to the reset password page. It ensures that users can complete the process without being distracted by other options or confusing messages.
Whether the user is in a rush or simply looking for a hassle-free experience, a clear and straightforward password reset email can make all the difference. By providing a simple and easy-to-use CTA, you can help users get back to their accounts quickly and efficiently.
In some cases, including a copyable reset password URL in addition to the CTA button or link may be helpful. Doing so can be especially useful if the user cannot click through to the browser or encounter any other technical difficulties.
For example, you can follow in Etsy’s footsteps and add the link below the “Reset Your Password” button to give your customers an additional option to restore control of their accounts.
Ultimately, the goal of a password reset email is to provide users with a positive and secure experience while ensuring that their account information is protected. By prioritizing simplicity and clarity, you can achieve this goal and build trust and loyalty with your users.
To ensure that password reset emails reach the widest possible audience, sending both an HTML and plain text version of the email is critical. Doing this can improve the delivery rate, as spam filters often view HTML-only emails as a potential red flag.
Providing both versions of the email ensures that users can access the content in a format that works best for them, whether they prefer to view the email in HTML or plain text. It can improve the overall user experience, as well as the security and accessibility of the email.
The password reset email from Airbnb provides an outstanding example of how to include both an HTML and plain text version of the email. By giving both versions, Airbnb ensures that users can access the email and reset link regardless of their email client or preferences and can reset their password quickly and easily.
HTML version
Plain text version
It’s crucial to reassure your customers that they have control over their accounts. For that reason, your password reset email should make it clear that users can opt to do nothing if they did not request a password change and that they can always contact support if they have any questions or concerns.
One example of a company that does this well is Society6, a home decor site. Their password reset link email not only provides clear instructions on resetting the password but also includes a reassuring message that users can choose not to change their password if they did not initiate the request.
By including this message, Society6 is sending a signal of trust to its users. It shows that the company takes security and privacy seriously and is committed to providing a transparent and user-friendly experience.
In addition to this message, Society6 also encourages users to contact support if they have any questions or issues. This further reinforces the company’s commitment to providing excellent customer service and support and can help to build trust and loyalty with its users.
Creating a password reset email that is user-friendly, secure, and effective is no small feat. To help ensure that your email hits all the right notes, we’ve put together a handy checklist of best practices to follow.
Maximize your email deliverability and security with EmailLabs!
Regarding password resets, there’s a fine line between ensuring security and providing a user-friendly experience.
On the one hand, you want to give users enough information to initiate a password reset. But on the other, you don’t want to make it too easy for hackers to gain access to sensitive information.
One effective way to maintain security is to never confirm or deny the existence of an account with a given email or username. Yet, it can create confusion and frustration for users who are unsure whether their account actually exists.
To address this challenge, a simple solution is to always send an email to the email address provided, regardless of whether the user exists or not. This way, the confirmation message displayed on the web page simply states, “an email has been sent to the provided email address with further instructions.”
If the user exists, you send the standard password reset email with a URL and instructions. If the user doesn’t exist, you send a different email explaining that the user account was not found and suggesting they try a different email address.
While this approach may not provide immediate feedback on the web page, it ensures that no one other than the email address owner can identify a list of user accounts for a given service. The owner of the email address will be the only one to receive any details about the password, and anyone looking to uncover existing users will always receive the same message and never know whether the account exists or not.
Following this approach allows you to strike the right balance between security and usability and provide a seamless password reset experience for your users.
The last thing you want is for your password reset email to end up in the spam folder or be blocked altogether. After all, if your customers can’t access your email, how are they supposed to access their account?
You can do a few things to ensure your password reset email makes it to the inbox.
First, consider sending your email from a dedicated IP address. It will allow you to maintain a strong sending reputation and avoid being affected by the practices of other senders.
Second, it can be helpful to separate your mail streams for marketing and promotional emails from transactional emails. By closely monitoring the mail stream for login credentials, you can ensure that you are experiencing high delivery rates.
Finally, refrain from adding marketing material to your transactional emails. ISPs can easily become confused by marketing material in transactional emails, making your email more likely to land in the spam folder.
Password reset emails may seem like mundane and functional emails, but they actually offer a perfect opportunity to showcase your brand’s personality, build stronger relationships with your customers, and drive conversions.
While it’s easy to overlook the potential of password reset emails, a closer look reveals a wealth of possibilities. By infusing your password reset emails with your brand’s unique voice and tone, you can make a lasting impression on your customers and reinforce your brand identity.
Additionally, password reset emails offer an opportunity to engage further with your customers and drive conversions. Including relevant calls to action or information about your products or services can encourage customers to explore your offerings further.
Ready to start sending? Sign up for a free EmailLabs account today and transform your password reset emails for better deliverability and classification of transactional emails that help you build stronger relationships with your customers and drive business growth!
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
We are proud to announce that Vercom S.A., the company behind the EmailLabs project, successfully passed an audit for compliance with the latest ISO/IEC 27001:2022 and ISO/IEC 27018:2019 standards....
The increasing number of phishing attacks each year, and the projection that this trend will continue to escalate, aren’t likely to astonish anyone. This can be attributed, in part,...
Out of all the things that can go wrong when sending out marketing emails, having your emails end up in the recipient’s spam folder is arguably the most dreaded...
Email Authentication, Security
DMARC is an email authentication protocol that is designed to give domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing. Spoofing occurs...
With the emergence of the Covid-19 pandemic, many brands have been challenged to adapt in a short period to the changed reality and new consumer attitudes. That meant reorganizing...
Deliverability, Sending Reputation
Are you just starting to send emails, transitioning to dedicated infrastructure, or switching your sending domain? Don’t overlook a key step – the warm-up process! Warming up an IP...
Best practices, Email Marketing
Email marketing is a powerful tool for businesses to connect with their audience, promote products, and drive conversions. However, simply sending out an email campaign is not enough to...
Deliverability, Sending Reputation
Are you just starting to send emails, transitioning to dedicated infrastructure, or switching your sending domain? Don’t overlook a key step – the warm-up process! Warming up an IP...
We are pleased to announce that MessageFlow, a product from the Vercom S.A. group, has received the prestigious CSA (Certified Senders Alliance) Certification. This recognition not only underscores the...
Best practices, Email Marketing
Email marketing is a powerful tool for businesses to connect with their audience, promote products, and drive conversions. However, simply sending out an email campaign is not enough to...
With the release of iOS 18 on September 16, 2024, Apple has introduced a long-anticipated update to Apple Mail: tabbed inboxes. While this feature isn’t a novelty – Gmail...
Gmail users may soon benefit from a game-changing feature called Shielded Email, designed to enhance privacy and combat spam. While the feature has not yet been officially launched, recent...
Are you frustrated with the constant struggle of your emails getting blocked by Gmail? Have you ever wondered about the reasons behind this issue and, more importantly, how to...
In the ever-evolving landscape of email management, Google has announced an exciting upgrade to Gmail’s summary cards, aimed at improving user experience and streamlining inbox navigation. The latest enhancements,...
Entering the world of email communication, you’ll encounter many terms that initially seem straightforward and intuitive. However, some of these can be pretty challenging. Accurately distinguishing between them is...
Attaching a folder to an email may seem complicated at first glance, especially if you’re trying to send multiple files or an entire project’s documents to a colleague or...