@binoyp73053411 Can you tail the error logs and do check the configuration in OSGi console - "Day CQ Mail Service" as below: Please refer this article - https://www.albinsblog.com/2019/11/SMTPSendFailedException-Must-issue-a-STARTTLS-adobe-experience-manager.html Regards,Raja

Hello, I think its depend on your approach how you are planning to implement it. If, you are cross verifying via managing some validation that the person who is accessing this URL is same who requested for reset password then you are doing ok because you can easily stop those unwanted hit during validation (also, you can apply permission on this node hierarchy for access). But, if not then and want to protect your system from unwanted hits then captcha or moving this path configuration to Site c...