diff --git a/api/server/services/AuthService.js b/api/server/services/AuthService.js
index b7ab3448848..06dd0d0e729 100644
--- a/api/server/services/AuthService.js
+++ b/api/server/services/AuthService.js
@@ -62,7 +62,7 @@ const sendVerificationEmail = async (user) => {
   let verifyToken = crypto.randomBytes(32).toString('hex');
   const hash = bcrypt.hashSync(verifyToken, 10);
 
-  const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${user.email}`;
+  const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${encodeURIComponent(user.email)}`;
   await sendEmail({
     email: user.email,
     subject: 'Verify your email',
@@ -91,7 +91,7 @@ const sendVerificationEmail = async (user) => {
  */
 const verifyEmail = async (req) => {
   const { email, token } = req.body;
-  let emailVerificationData = await Token.findOne({ email });
+  let emailVerificationData = await Token.findOne({ email: decodeURIComponent(email) });
 
   if (!emailVerificationData) {
     logger.warn(`[verifyEmail] [No email verification data found] [Email: ${email}]`);
@@ -363,7 +363,7 @@ const resendVerificationEmail = async (req) => {
     let verifyToken = crypto.randomBytes(32).toString('hex');
     const hash = bcrypt.hashSync(verifyToken, 10);
 
-    const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${user.email}`;
+    const verificationLink = `${domains.client}/verify?token=${verifyToken}&email=${encodeURIComponent(user.email)}`;
 
     await sendEmail({
       email: user.email,