SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

We've noticed that some of our authentication-related emails are being flagged as spam by GMail (e.g. password reset).
* We're using our own domain name
* We're using Mailgun to send the messages
* SPF and DKIM is set up correctly
* The GMail message *implies* the risk factor is the content of the emails itself: "Similar messages were used to steal people's personal information. Avoid clicking links, downloading attachments or replying with personal information"

Our next move, therefore, will be to change the content of the message so that it doesn't resemble the default ST template. Was wondering if other people had faced something similar and had success with a different approach?

Hey. So this has happened with our sending the email from our domain. But this is the first time it’s been reported from someone else’s domain.

One thing to check is that mail gun isn’t transforming the links to add tracking to them.

Gotcha, yeah the link is directly to our domain as generated by your library

Then the best bet is to change the contents and see if that helps