How to Set Up WordPress Emails That Actually Land in the Inbox (Not Spam)

You just reset a customer password on your WordPress site. They never got the email. You sent an order confirmation through WooCommerce. It disappeared. A user tried to register and never received their activation link. Sound familiar?

WordPress email problems are one of the most common (and most frustrating) issues site owners deal with. The fix is almost always the same: your site is using the wrong method to send email, and receiving servers are quietly rejecting or filtering those messages.

This guide walks through the whole picture: why WordPress emails fail, how DNS authentication records work, which SMTP providers are worth using, how to configure popular plugins, and how to verify that everything is actually working.

Why WordPress Emails Go to Spam (or Disappear Entirely)

By default, WordPress sends email using PHP’s built-in mail() function. This is a server-level function that simply hands the message off to whatever mail agent is running on the server. On shared hosting, that usually means Sendmail or Postfix configured with minimal authentication.

The problem is that modern email providers, Gmail, Outlook, Yahoo, and others, apply strict checks before accepting a message. They want to know:

• Is the sending IP authorized to send on behalf of this domain? (SPF)
• Was this email cryptographically signed by the domain owner? (DKIM)
• What should happen if SPF or DKIM fail? (DMARC)

When your server sends email via php mail() on shared hosting, it often fails all three checks. The receiving server sees a message claiming to be from yoursite.com but originating from a shared IP address with no SPF record, no DKIM signature, and no DMARC policy. That message either lands in spam or gets dropped silently.

Even dedicated hosting or VPS setups can have this problem. Unless you have explicitly configured your mail server with SPF, DKIM, and DMARC, those emails are at risk.

SPF, DKIM, and DMARC: What They Are and How to Set Them Up

These three DNS-based records form the authentication layer for email. You do not need all three to start seeing improvement, but having all three gives you the strongest protection against spam filtering and spoofing.

SPF (Sender Policy Framework)

SPF is a DNS TXT record that tells the world which servers are allowed to send email for your domain. When a receiving server gets a message from [email protected], it looks up the SPF record for yoursite.com and checks whether the sending IP is on the approved list.

A basic SPF record looks like this:

v=spf1 include:sendgrid.net include:smtp.google.com ~all

Breaking that down: v=spf1 declares this is an SPF record. include: directives pull in the approved IP ranges from the named service. The ~all at the end means “soft fail”, emails from other sources should be treated with suspicion but not outright rejected. Use -all for a hard fail once you are confident your list of senders is complete.

If you are switching to Brevo (formerly Sendinblue) as your SMTP provider, your SPF record would include:

v=spf1 include:spf.sendinblue.com ~all

Add this as a TXT record on your domain’s DNS, at the root level (often shown as @ in your DNS editor). You can only have one SPF record per domain, so if one already exists, edit it to add the new include: directive rather than creating a second record.

DKIM (DomainKeys Identified Mail)

DKIM adds a cryptographic signature to every outgoing email. Your SMTP provider holds the private key and signs each message. The public key lives in a DNS TXT record, and receiving servers use it to verify the signature.

DKIM records look like this in your DNS panel:

Name: mail._domainkey.yoursite.com
Type: TXT
Value: v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC...

The exact value is generated by your SMTP provider (Brevo, Mailgun, SendGrid, etc.), you do not create it manually. When you set up a sending domain in your provider’s dashboard, they give you the DKIM record to copy into your DNS. The mail._domainkey selector is typical, but providers use different selectors (Mailgun uses k1._domainkey, for example).

DMARC (Domain-based Message Authentication, Reporting and Conformance)

DMARC ties SPF and DKIM together and tells receiving servers what to do when authentication fails. It also enables reporting so you can see who is sending email on behalf of your domain.

A basic DMARC record:

Name: _dmarc.yoursite.com
Type: TXT
Value: v=DMARC1; p=none; rua=mailto:[email protected]

Start with p=none (monitor mode), this means authentication failures are reported but messages are still delivered. Once you have confirmed your SPF and DKIM are working correctly and you are getting clean reports, move to p=quarantine (send failures to spam) and eventually p=reject (block failures entirely).

The rua tag specifies where aggregate reports are sent. Free services like MXToolbox and Postmark’s DMARC Digests can parse those reports for you.

Choosing an SMTP Provider

The most reliable fix for WordPress email delivery is routing all outgoing mail through a dedicated transactional email service. These providers have strong IP reputations, handle the DKIM signing for you, and give you delivery logs.

Brevo (Formerly Sendinblue), Best Free Tier

Brevo’s free plan allows 300 emails per day with no daily sending limit cap on volume tiers. That is enough for most small to medium WordPress sites. The free tier includes SMTP relay, DKIM signing, and basic delivery stats.

Pricing: Free (300/day), then paid plans starting around $25/month for 20,000 emails. Brevo is a strong choice if you want zero upfront cost and a simple setup.

Setup: Create a Brevo account, go to SMTP and API in your account settings, generate an SMTP password, and add your domain for DKIM verification.

Mailgun, Developer-Friendly with a Free Trial

Mailgun offers a pay-as-you-go model starting at $0.80 per 1,000 emails, with a free trial of 100 emails per day for the first 3 months. It has excellent delivery rates and a detailed log system that shows bounces, opens, and clicks.

Mailgun requires domain verification with both SPF and DKIM records. Their dashboard walks you through the exact records to add. One catch: after the trial, you need a credit card. For very low-volume sites, Brevo’s free tier is more practical.

SendGrid, High Volume and Good Free Tier

SendGrid’s free plan allows 100 emails per day permanently, with a one-time 40,000 email trial period for the first 30 days. It is widely used, well-documented, and integrates smoothly with WP Mail SMTP.

Paid plans start at $19.95/month for 50,000 emails. SendGrid is a solid choice for WooCommerce stores where transactional volume is higher.

Postmark, Best for Transactional Email Accuracy

Postmark is built specifically for transactional email, password resets, order confirmations, notifications. It has an outstanding delivery reputation because it strictly separates transactional and bulk email. Free tier is 100 emails per month (very limited), and paid starts at $15/month for 10,000 emails.

If your site does fewer than 500 transactional emails per month and inbox placement is critical (such as a SaaS or membership site), Postmark is worth the cost.

WP Mail SMTP: Full Setup Walkthrough

WP Mail SMTP is the most-used plugin for this job, with over 3 million active installs. The free version covers Brevo, Mailgun, SendGrid, Gmail, and other providers. The Pro version adds email logging, notification alerts, and additional mailer options.

Installing WP Mail SMTP

Go to your WordPress dashboard, then Plugins, then Add New Plugin. Search for “WP Mail SMTP”. Install and activate the plugin by WPForms. After activation, a setup wizard launches automatically. You can follow the wizard or skip it and go to WP Mail SMTP, then Settings.

Connecting to Brevo

In WP Mail SMTP settings, under the Mailer section, select Brevo. You will be prompted for an API key. In your Brevo account, go to Account, then SMTP and API, then API Keys. Create a new API key with “SMTP and API” permissions and paste it into WP Mail SMTP.

Set your From Email to an address at your domain (example: [email protected]) and set From Name to your site name. Do not use a Gmail or Yahoo address here, it will break DMARC alignment.

Connecting to Mailgun

Select Mailgun as your mailer. You need your Mailgun API key and your sending domain. The API key is in your Mailgun account under Settings, then API Keys. Your sending domain is the domain you verified in Mailgun’s dashboard (typically your site domain).

Choose the correct API region, US or EU, depending on where you created your Mailgun account. Getting this wrong is a common source of “authentication failed” errors.

Connecting to Gmail via App Password

If you want to send through a Google Workspace or Gmail account, you cannot use your regular Google password. Google requires App Passwords for third-party SMTP access if your account has 2-Step Verification enabled.

To generate an App Password: Go to your Google Account, then Security. Under “How you sign in to Google”, click 2-Step Verification. Scroll to the bottom and click App passwords. Select “Mail” and “Windows Computer” (or any device name), then click Generate. Google gives you a 16-character password.

In WP Mail SMTP, select Other SMTP as the mailer. Set the SMTP host to smtp.gmail.com, port to 587, encryption to TLS, username to your full Gmail address, and password to the 16-character App Password. Enable authentication.

Note: Gmail limits you to 500 emails per day for standard accounts. If your site sends more than that, use a dedicated transactional provider instead.

FluentSMTP: A Free Alternative with Multiple Mailer Connections

FluentSMTP is a free, fully-featured alternative to WP Mail SMTP. What makes it stand out is its ability to connect multiple email providers simultaneously and route different types of emails through different services.

For example, you could route WooCommerce order confirmation emails through Postmark (excellent transactional reputation) and newsletter confirmations through Brevo (better bulk pricing), all managed from one plugin.

FluentSMTP also includes a built-in email log that records every outgoing email, sent time, recipient, subject, status, and the full email body. This is normally a paid feature in WP Mail SMTP.

To set up FluentSMTP: Install it from Plugins, then Add New Plugin. Go to FluentSMTP, then Settings. Click “Add New Connection”. Select your provider, fill in the credentials (same as you would in WP Mail SMTP), and save. Then set default From Email and From Name at the top of the settings page.

Setting the Correct From Name and From Email

This is a small detail that causes big problems. Your From Email must match the domain you have configured for DKIM and SPF. If your SMTP provider is set up for yoursite.com but WordPress is sending from [email protected], DMARC alignment will fail.

The rule is: the From Email domain must match the domain in your DKIM signature and your SPF record. Both WP Mail SMTP and FluentSMTP let you set this in their main settings screen. Set it once and do not rely on WordPress’s default [email protected] address, which sometimes gets set automatically to a subdomain that is not in your DNS records.

For From Name, use something your recipients will recognize, your business name, site name, or a specific product name. Avoid generic names like “Admin” or “WordPress”, which look like automated spam.

WooCommerce Transactional Emails

WooCommerce sends a significant volume of emails: new order notifications (to you), order confirmations (to the customer), payment receipts, shipping updates, password resets, and refund notices. All of these go through WordPress’s email system, so once you configure WP Mail SMTP or FluentSMTP, WooCommerce emails automatically route through your SMTP connection.

To check WooCommerce email settings, go to WooCommerce, then Settings, then Emails. You will see a list of all email types. Click on any of them to verify the From Address and From Name match what you set in your SMTP plugin. If they differ, the individual email setting overrides the plugin setting.

If customers report not receiving order confirmations, the most common causes are:

• The email is landing in their spam folder (fix: configure SMTP + DNS records)
• The email is being sent but the customer used a typo in their email address (fix: enable email logging)
• A caching or optimization plugin is interfering with the WP cron that triggers the email (fix: check WP-Cron health)

FluentSMTP’s email log is helpful here because you can search by recipient address and see exactly what was sent and whether it was accepted by the receiving mail server.

If you are also sending user-facing notifications from plugins or membership systems, see the guide on WordPress email notifications that actually get delivered for additional configuration steps specific to those scenarios.

Testing Email Delivery

After setting up SMTP, do not assume it is working, test it.

WP Mail SMTP Test Email

In WP Mail SMTP, go to the Tools tab. There is a Send Test Email form. Enter an email address you can check (ideally a Gmail address, since Gmail’s spam filtering is aggressive) and send the test. If it arrives in the inbox, your basic setup is working. If it lands in spam, your DNS records may not be fully propagated yet, or there is an alignment issue between your From Email and your DKIM domain.

Mail-Tester.com

Mail-Tester gives you a temporary email address. Send your test email to that address, then click the button to check your score. It analyzes SPF, DKIM, DMARC, content spam triggers, and IP reputation and shows a score out of 10 with specific explanations for any failures. A score of 9 or 10 means your deliverability is in good shape.

MXToolbox

MXToolbox (mxtoolbox.com) has several useful tools. Use Email Health to check all your DNS records at once. Use Blacklist Check to see if your sending IP or domain is on any known blacklists. If you find a blacklist hit, see the section below on IP reputation.

Email Logs: How to See What Was Sent, Bounced, or Failed

Without email logging, you are guessing. Was the email sent? Did it bounce? Did the user give you the wrong address? Logs answer all of these questions.

FluentSMTP includes full email logging for free. Every email WordPress sends is recorded with the timestamp, recipient, subject, status (sent/failed), and full message body. Go to FluentSMTP, then Logs to see the history.

WP Mail SMTP includes basic logging in its free version (showing sent/failed status) and more detailed logging in the Pro version.

Your SMTP provider also keeps logs on their end. Brevo’s dashboard shows delivery status for each email. Mailgun has a detailed Logs section showing accepted, delivered, failed, and temporary failures. SendGrid’s Activity Feed shows similar data. These provider-side logs are particularly useful for diagnosing bounces, they show the exact SMTP error code the receiving server returned.

Common bounce reasons you will see in provider logs:

• 550 User unknown, the email address does not exist. The customer likely made a typo.
• 550 Message rejected, the receiving server’s spam filter rejected the message. Check your DNS records and content.
• 421 Service temporarily unavailable, the receiving server is busy or rate-limiting. Usually resolves on retry.
• 452 Too many recipients, you are sending too fast or have hit a sending limit.

IP Reputation: What to Do If Your IP Is Blacklisted

If you are sending from your own server (not through a dedicated SMTP service), your server’s IP might be on a blacklist. This can happen if your server was previously used for spam, if you are on shared hosting with other spammy accounts, or if your site was compromised and used to send spam.

First, check if you are blacklisted. Go to MXToolbox and run a Blacklist Check on your server’s IP address. The check queries 100+ blacklists simultaneously.

If you find blacklist listings:

• For minor blacklists (SORBS, SpamCop): These often expire automatically within a few days if you stop sending spam. Most can be removed by submitting a delisting request through the blacklist’s website.
• For Spamhaus SBL or CBL: These are the most impactful blacklists. Check the Spamhaus website for instructions. CBL listings usually indicate your IP is sending spam right now, check your site for malware or compromised plugins first.
• For major inbox providers (Gmail, Outlook): They maintain their own internal reputation lists. If your IP is blocked by Gmail, you need to request a review through the Google Postmaster Tools. For Outlook, use their Junk Mail Reporting tool.

The fastest way to sidestep IP reputation issues is to switch to a dedicated SMTP provider like Brevo, Mailgun, or SendGrid. Their IPs have established positive reputations because they are used exclusively for legitimate email sending.

Putting It All Together: A Practical Checklist

Here is the sequence that covers 95% of WordPress email deliverability problems:

1. Pick an SMTP provider (Brevo for free, Mailgun or SendGrid for more volume).
2. Create an account and verify your sending domain in the provider’s dashboard.
3. Copy the SPF and DKIM records your provider gives you into your domain’s DNS.
4. Add a DMARC record starting with p=none.
5. Install WP Mail SMTP or FluentSMTP on your WordPress site.
6. Connect the plugin to your SMTP provider using the API key or SMTP credentials.
7. Set From Email to an address at your verified domain. Set From Name to your site name.
8. Wait 30 minutes to 24 hours for DNS changes to propagate.
9. Send a test email through the plugin’s test tool.
10. Check your score on Mail-Tester.com.
11. Check WooCommerce email settings to ensure the From Address matches.
12. Enable email logging and review it after a few days to catch any bounce patterns.

Getting to a Mail-Tester score of 9 or 10 is achievable for most sites within an hour, and the difference in inbox placement is immediate once your DNS records propagate.

Common Mistakes to Avoid

Using a Gmail address as your From Email. If your WordPress site is hosted at myshop.com but you set the From Email to [email protected], DMARC alignment will fail. Gmail’s DMARC policy is strict, and your emails will be rejected or flagged.

Having two SPF records. You can only have one SPF TXT record per domain. If you have two, SPF lookups will fail with a “permerror” result. Merge all your authorized senders into a single record.

Not waiting for DNS propagation. After adding DNS records, changes can take anywhere from a few minutes to 48 hours to propagate globally. Run your tests after waiting at least 30 minutes, and use a tool like dnschecker.org to verify the records are visible worldwide.

Skipping DKIM because it seems optional. DKIM alone does not guarantee inbox delivery, but its absence is a red flag for receiving servers. Nearly every major filtering algorithm scores unsigned messages lower. Always configure DKIM.

Using your regular Google password for Gmail SMTP. Google no longer allows plain password authentication for SMTP if 2-Step Verification is on. You need an App Password, as described above. If you try to use your regular password, authentication will fail silently on many setups.

What About WordPress.com Hosted Sites?

If you are on WordPress.com (not self-hosted WordPress), you do not have access to install plugins or change SMTP settings. WordPress.com handles email through their own infrastructure. If you are having email issues there, the options are limited, you can contact their support, but you cannot install WP Mail SMTP or FluentSMTP.

This guide is written for self-hosted WordPress installations (the kind you get from WordPress.org and install on your own hosting). If you are not sure which type you have, check whether you can access Plugins in your admin menu, if yes, you are self-hosted.

Keeping Email Deliverability Healthy Over Time

Email deliverability is not a one-time fix. A few ongoing practices keep things running smoothly:

Review your email logs monthly. Look for bounce patterns or sudden spikes in failed deliveries. These can signal a compromised account, a spam list subscription issue, or a change in your provider’s IP allocation.

Monitor your DMARC reports. Once you set up DMARC with a reporting address, you will receive aggregate XML reports. Free tools like Postmark’s DMARC Digests or dmarcian can parse these into readable summaries. Look for unauthorized senders, services you did not know were sending on your behalf.

Test after major WordPress updates. Core updates and plugin updates occasionally change how WordPress sends email. After updates, send a quick test through your SMTP plugin to confirm everything still works. If an update causes a bigger problem, the guide on how to restore your WordPress site from a backup covers recovery options.

Keep your sending domain separate from your marketing domain if possible. If you send bulk newsletters through Mailchimp or another marketing tool, that sends from a different subdomain (like mail.yoursite.com) while your transactional emails send from yoursite.com. This way, if your newsletter IP reputation takes a hit, it does not affect your order confirmation emails. If you are building out your broader email strategy, the guide on setting up email marketing with WordPress using MailPoet vs Mailchimp covers the newsletter side of the equation.

Getting WordPress email working reliably does not require deep technical knowledge. The steps above, picking a good SMTP provider, adding three DNS records, and installing one plugin, solve the problem for the vast majority of WordPress sites. The key insight is that php mail() was never designed for modern email authentication requirements, and switching to a proper SMTP relay is the fix, not a workaround.

Beginner WordPress Tips Email Marketing Essential WordPress settings First steps after WordPress install

Last modified: April 29, 2026