diff --git a/wp-login.php b/wp-login.php
index c9944b6846..349c70d61e 100644
--- a/wp-login.php
+++ b/wp-login.php
@@ -161,7 +161,7 @@ function retrieve_password() {
 	$message .= get_option('siteurl') . "\r\n\r\n";
 	$message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
 	$message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
-	$message .= site_url("wp-login.php?action=rp&key=$key&login=$user_login", 'login') . "\r\n";
+	$message .= site_url("wp-login.php?action=rp&key=$key&login=" . urlencode($user_login), 'login') . "\r\n";
 
 	$title = sprintf(__('[%s] Password Reset'), get_option('blogname'));