WordPress Email Deliverability: Why Emails Go to Spam and How to Fix It

WordPress emails going to spam? Learn why WordPress's default email sending fails, how to fix it with SMTP plugins, and how to set up proper authentication.

Best Practices

WordPress sends email for contact forms, password resets, order notifications (WooCommerce), and plugin notifications. By default, WordPress uses PHP's mail() function — and that's the root of most deliverability problems.

The PHP mail function sends email directly from your web server without proper authentication. Most mailbox providers treat these emails with suspicion, and they frequently end up in spam.

Why WordPress Emails Go to Spam

The PHP mail() Problem

WordPress's default wp_mail() function uses PHP's built-in mail handler. This means:

  • Email is sent from your web server's IP address, which isn't configured as a mail server
  • No DKIM signing — the emails aren't cryptographically signed
  • SPF may fail — your web server's IP probably isn't in your SPF record
  • No proper SMTP authentication
  • The sending IP often has poor reputation (shared hosting IPs send email from many sites)

Shared Hosting Compounds It

If you're on shared hosting, your web server's IP is shared with hundreds of other sites. If any of those sites send spam, the IP's reputation drops — and your WordPress emails are affected.

The Fix: Use an SMTP Plugin

The solution is to route WordPress email through a proper email service using SMTP instead of PHP mail.

PluginBest For
WP Mail SMTPMost popular, supports all major providers
Post SMTPDetailed logging and troubleshooting
FluentSMTPFree, supports multiple connections

Setup Process

1

Choose an email sending service

Use a transactional email service: SendGrid, Amazon SES, Mailgun, Postmark, or even Gmail/Google Workspace SMTP.

2

Install an SMTP plugin

Install WP Mail SMTP, Post SMTP, or another SMTP plugin from the WordPress plugin repository.

3

Configure the plugin

Enter your email service's SMTP credentials (server, port, username, password or API key).

4

Set up authentication DNS records

Add SPF and DKIM records for your email service to your domain's DNS.

5

Send a test email

Use the plugin's test email feature to verify everything works. Check that the test email passes SPF, DKIM, and DMARC.

Check your WordPress domain

Run a free deliverability check on your domain. Verify that SPF, DKIM, and DMARC are correctly configured after setting up SMTP.

Post SMTP: Troubleshooting Flagged Emails

Post SMTP is particularly useful because it logs every email WordPress sends and shows delivery status. If Post SMTP shows an email flagged as spam:

  1. Check the log entry — Post SMTP shows the full SMTP conversation, including error codes
  2. Review the sending service — The issue is usually with authentication, not the plugin itself
  3. Verify DNS recordsCheck your domain for SPF, DKIM, and DMARC issues
  4. Check the From address — Ensure it matches a domain you've authenticated

Common Post SMTP error patterns:

ErrorCauseFix
Authentication failedWrong SMTP credentialsRe-enter credentials from your email service
Message rejectedSPF/DKIM/DMARC failureAdd proper DNS records for your sending service
Connection timeoutFirewall blocking port 587/465Contact hosting provider or use API-based sending
Recipient rejectedInvalid address or blacklistCheck bounce details in the log

WooCommerce Email Deliverability

WooCommerce adds transactional email to your WordPress site — order confirmations, shipping notifications, refund confirmations. These are critical emails that must reach customers.

WooCommerce-Specific Setup

  • Use SMTP for all WooCommerce emails — The SMTP plugin applies to all wp_mail() calls, including WooCommerce
  • Use a consistent From address — Set the same From address in WooCommerce settings and your SMTP plugin
  • Don't use noreply@ if possible — Replies to order emails are valuable customer service data
  • Test every email type — WooCommerce has many email templates. Trigger each one (new order, processing, completed, refunded) to verify they all deliver

High-Volume WooCommerce Stores

If your store sends hundreds of order emails daily:

  • Consider a transactional email service designed for volume (SendGrid, Amazon SES, Postmark)
  • Use a dedicated sending subdomain (e.g., orders.yourdomain.com)
  • Monitor delivery rates through your email service's dashboard

Choosing an Email Service for WordPress

ServiceFree TierBest For
SendGrid100 emails/dayMedium to high volume, detailed analytics
Amazon SES$0.10 per 1,000 emailsHigh volume, cost-sensitive
Mailgun100 emails/day (trial)Developers, API integration
Postmark100 emails/month (trial)Transactional email focus, excellent deliverability
Google Workspace SMTPIncluded with WorkspaceLow volume, already using Workspace

For most WordPress sites, Google Workspace SMTP (if you already have it) or SendGrid's free tier covers the volume needed for forms and notifications.

WordPress Email Best Practices

Keep Plugins Updated

Outdated plugins with security vulnerabilities can be exploited to send spam from your server. This gets your IP blacklisted and damages deliverability for all email from your domain.

Protect Contact Forms

Contact form spam is a WordPress-specific problem:

  • Use reCAPTCHA or hCaptcha on all forms
  • Add honeypot fields to catch bots
  • Rate-limit form submissions
  • Don't auto-reply to form submissions with the sender's input (this enables spam relay)

Monitor Your Sending

Check your email service's logs weekly:

  • Are emails being delivered?
  • Are bounce rates normal?
  • Are any emails being flagged or rejected?

Without monitoring, WordPress email can fail silently — and you won't know until a customer complains they never received their order confirmation.