With the move to OTP-based customer accounts, reliable delivery of authentication emails is critical for customer access.
Currently, there doesn’t appear to be a way for merchants to whitelist trusted sender domains or explicitly control which email sources are accepted for OTP delivery. As a result, legitimate authentication emails can be filtered or blocked, even when sent from properly configured infrastructure.
It would be helpful to have a way to:
- Whitelist verified sender domains for OTP / customer account emails
- Mark trusted email sources used in authentication flows
- Improve transparency around filtering decisions for OTP emails
OTP emails are now a core part of customer login. Delivery issues directly impact customer access, store conversions, and support volume.
This is also important for app developers building customer account and authentication-related experiences on Shopify. Email deliverability limitations can restrict what’s possible in terms of app functionality and user experience, ultimately affecting the adoption and growth of these apps in the ecosystem.
Given the increasing reliance on OTP-based authentication, improving control and reliability here should be considered a high-priority area.