I thought I was being clever when I implemented sign-in via email + one-time token for poketto.me:
✅ No passwords to store
✅ No reliance on external login providers like Google or Facebook
And I had two reliable email services to send those tokens: Hetzner, via their all-inclusive web + mail hosting package I’m using for ralphmayr.com, and Zoho Mail, as a lightweight, email-only solution I’m using for poketto.me.
On paper, everything looked fine: The SMTP server accepted the mail, and the message was sent. Simple, right? Wrong—especially when Gmail is on the receiving end.
Emails sent via Zoho would routinely end up deep in Gmail’s spam folder, leaving users stuck hitting refresh, getting frustrated, and eventually abandoning the login process. Hetzner worked more reliably (perhaps thanks to better deliverability reputation with Google), but even there, I ran into strange throttling behavior.
During development, I triggered a bunch of token emails for testing. Then… they just stopped arriving. I debugged everything on my end, found no issue, gave up in frustration, went for a walk—and came back to 15 tokens suddenly dumped into my inbox all at once. Gmail had queued them and released them later, for reasons known only to the algorithm.
So, what’s the fix?
For now, I’ve switched to sending tokens via Hetzner only. That means users get emails from me personally rather than the more neutral hello@poketto.me address, but that’s a trade-off I can live with. I also added a small note on the login screen to remind users to check their spam folders.
Is this perfect? No.
Will I move to a dedicated email delivery service in the future (for login, newsletters, notifications, etc.)? Very likely.
But for now? It works well enough.