diff --git a/src/requests/password.cr b/src/requests/password.cr
index 40c3a20..eb4d22e 100644
--- a/src/requests/password.cr
+++ b/src/requests/password.cr
@@ -1,12 +1,24 @@
 class AuthD::Request
 	IPC::JSON.message AskPasswordRecovery, 3 do
-		property user       : UserID
+		property login      : String? = nil
+		property email      : String? = nil
 
-		def initialize(@user)
+		def initialize(@login = nil, @email = nil)
 		end
 
 		def handle(authd : AuthD::Service, fd : Int32)
-			user = authd.user? @user
+			if @login.nil? && @email.nil?
+				return Response::ErrorUserNotFound.new
+			end
+
+			user = if l = @login
+				authd.user? l
+			elsif mail = @email
+				authd.users_per_email.get? Base64.encode(mail)
+			else
+				nil
+			end
+
 			# This is a way for an attacker to know what are the valid logins.
 			# Not sure I care enough to fix this.
 			return Response::ErrorUserNotFound.new if user.nil?
diff --git a/src/service.cr b/src/service.cr
index 9d9c95a..c56e375 100644
--- a/src/service.cr
+++ b/src/service.cr
@@ -25,6 +25,7 @@ class AuthD::Service < IPC
 	property users           : DODB::DataBase(User)
 	property users_per_uid   : DODB::Index(User)
 	property users_per_login : DODB::Index(User)
+	property users_per_email : DODB::Index(User)
 
 	property logged_users    : Hash(Int32, AuthD::User::Public)
 
@@ -37,6 +38,13 @@ class AuthD::Service < IPC
 		@users = DODB::DataBase(User).new @configuration.storage
 		@users_per_uid   = @users.new_index "uid",   &.uid.to_s
 		@users_per_login = @users.new_index "login", &.login
+		@users_per_email = @users.new_index "email" do |user|
+			if mail = user.contact.email
+				Base64.encode mail
+			else
+				""
+			end
+		end
 
 		@last_uid_file = "#{@configuration.storage}/last_used_uid"