diff --git a/auth/email_action_links_test.go b/auth/email_action_links_test.go
index 5db51d60..876f3300 100644
--- a/auth/email_action_links_test.go
+++ b/auth/email_action_links_test.go
@@ -21,6 +21,8 @@ import (
 	"net/http"
 	"reflect"
 	"testing"
+
+	"firebase.google.com/go/v4/errorutils"
 )
 
 const (
@@ -177,6 +179,27 @@ func TestPasswordResetLinkWithSettings(t *testing.T) {
 	}
 }
 
+func TestPasswordResetLinkWithSettingsNonExistingUser(t *testing.T) {
+	resp := `{
+		"error": {
+			"message": "EMAIL_NOT_FOUND"
+		}
+	}`
+	s := echoServer([]byte(resp), t)
+	defer s.Close()
+	s.Status = http.StatusBadRequest
+
+	link, err := s.Client.PasswordResetLinkWithSettings(context.Background(), testEmail, testActionCodeSettings)
+	if link != "" || err == nil {
+		t.Errorf("PasswordResetLinkWithSettings() = (%q, %v); want = (%q, error)", link, err, "")
+	}
+
+	want := "no user record found for the given email"
+	if err.Error() != want || !IsEmailNotFound(err) || !errorutils.IsNotFound(err) {
+		t.Errorf("PasswordResetLinkWithSettings() error = %v; want = %q", err, want)
+	}
+}
+
 func TestEmailSignInLink(t *testing.T) {
 	s := echoServer(testActionLinkResponse, t)
 	defer s.Close()
diff --git a/auth/user_mgt.go b/auth/user_mgt.go
index d5e7521d..333416e4 100644
--- a/auth/user_mgt.go
+++ b/auth/user_mgt.go
@@ -450,6 +450,7 @@ const (
 	// Backend-generated error codes
 	configurationNotFound    = "CONFIGURATION_NOT_FOUND"
 	emailAlreadyExists       = "EMAIL_ALREADY_EXISTS"
+	emailNotFound            = "EMAIL_NOT_FOUND"
 	invalidDynamicLinkDomain = "INVALID_DYNAMIC_LINK_DOMAIN"
 	phoneNumberAlreadyExists = "PHONE_NUMBER_ALREADY_EXISTS"
 	tenantNotFound           = "TENANT_NOT_FOUND"
@@ -468,6 +469,11 @@ func IsEmailAlreadyExists(err error) bool {
 	return hasAuthErrorCode(err, emailAlreadyExists)
 }
 
+// IsEmailNotFound checks if the given error was due to the user record corresponding to the email not being found.
+func IsEmailNotFound(err error) bool {
+	return hasAuthErrorCode(err, emailNotFound)
+}
+
 // IsInsufficientPermission checks if the given error was due to insufficient permissions.
 //
 // Deprecated. Always returns false.
@@ -1298,6 +1304,11 @@ var serverError = map[string]*authError{
 		message:  "user with the provided email already exists",
 		authCode: emailAlreadyExists,
 	},
+	"EMAIL_NOT_FOUND": {
+		code:     internal.NotFound,
+		message:  "no user record found for the given email",
+		authCode: emailNotFound,
+	},
 	"INVALID_DYNAMIC_LINK_DOMAIN": {
 		code:     internal.InvalidArgument,
 		message:  "the provided dynamic link domain is not configured or authorized for the current project",