Feature: Include Forward Email @forwardemail as a recommended email provider

[titanism]

What is the improvement or update you wish to see?

The docs at https://authjs.dev/getting-started/providers/nodemailer and https://authjs.dev/guides/configuring-http-email fail to include @forwardemail, which is the only 100% open source email service that is privacy and security focused.

It offers all the features as the others do, and it also has IMAP, POP3, and CalDAV, which pretty much nobody else offers.

The API is extensive and you can even generate mailboxes using the API too (e.g. for storing mail).

See https://forwardemail.net and https://forwardemail.net/api

Is there any context that might help us understand?

See above

Does the docs page already exist? Please link to it.

No response

[titanism]

It was previously included https://github.com/nextauthjs/next-auth/pull/8210/commits/fd4a157f83bde3cb4bf6ac637bdcec0009151c26 and was removed completely for some reason...

[balazsorban44]

Sorry about that, it might have happened during our full documentation rewrite. Care to open a new PR? :pray:

[github-actions[bot]]

This issue was marked with the good first issue label by a maintainer.

This means that it is a good candidate for someone interested in contributing to the project, but does not know where to start.

Have a look at the Contributing Guide first.

This will help you set up your development environment to get started. When you are ready, open a PR, and link back to this issue in the form of adding Fixes #1234 to the PR description, where 1234 is the issue number. This will auto-close the issue when the PR gets merged, making it easier for us to keep track of what has been fixed.

Please make sure that - if applicable - you add tests for the changes you make.

If you have any questions, feel free to ask in the comments below or the PR. Generally, you don't need to @mention anyone directly, as we will get notified anyway and will respond as soon as we can)

[!NOTE]
There is no need to ask for permission "can I work on this?" Please, go ahead if there is no linked PR :slightly_smiling_face:

[titanism]

@balazsorban44 I feel very concerned that this entire website/docs is geared towards examples from Resend. Is it OK if we replace Resend examples with ours, or perhaps add ours below or above somehow?

Resend has had a severe security breach in the past (see links below) and their backend is completely closed source, which should concern users, especially ones using open-source tech like Next.js and Auth.js.

• https://resend.com/blog/incident-report-for-january-10-2024
• https://news.ycombinator.com/item?id=38944146

[balazsorban44]

Auth.js has no opinion on which provider you chose.

Most of the OAuth Providers we support are closed-source as well.

I understand your concern, and really appreciate the open-source mentality. I don't think we would like to replace Resend, but we certainly are not "gearing towards" it. Can you explain why do you feel this being the case? I think one thing people like with Resend is the ease of setup, compared to a nodemailer alternative. nodemailer also does not work in Edge runtimes which is tecnhincally not an Auth.js issue, but we are so often targeted that we had to write a special page explaining it: https://authjs.dev/guides/edge-compatibility

I think we should definitely add a new ForwardEmail provider though! :green_heart: Do you know if it is actively maintained? the related npm package hasn't received updates in 2 years.

Or how could you envision an ideal setup with it?

[titanism]

@balazsorban44 I am the founder of the service, and so yes it is actively maintained 🚀

We have been around since 2017, which is way longer than Resend. We also have 500,000+ domains using us (which is 2x as many custom domains as Proton Mail has on their service; which you can confirm using reverse MX lookup on a website like Security Trails). And here are a few notable users:

• Netflix
• The Linux Foundation
• The PHP Foundation
• Fox News Radio
• Disney Ad Sales
• jQuery
• LineageOS
• The University of Maryland
• The University of Washington
• Tufts University
• Swarthmore College
• Government of South Australia
• Government of Dominican Republic
• RCD Hotels
• International Correspondence Chess Federation
• John Graham-Cumming (Cloudflare)
• Isaac Z. Schlueter (npm)
• David Heinemeier Hansson (Ruby on Rails)

Our service supports SMTP and HTTP (e.g. meaning we have an HTTP RESTful API just like the others) – so yes it works in edge environments and IoT and devices that cannot use SMTP protocol for example (and rely on HTTP only).

We said it seems like it's supporting a service with known security incidents only because most of the examples are referencing Resend.

Perhaps we can submit a PR soon that has examples added for our service alongside the existing examples, maybe in a tabbed format.

[balazsorban44]

Adding an HTTP-based version of your email provider makes sense then!

[titanism]

@balazsorban44 can you please accept and merge PR at https://github.com/nextauthjs/next-auth/pull/11494? Thank you 🙏 ❤️ 🚀