WordPress Email Deliverability: Why Emails Go to Spam and How to Fix It
WordPress emails going to spam? Learn why WordPress's default email sending fails, how to fix it with SMTP plugins, and how to set up proper authentication.
WordPress sends email for contact forms, password resets, order notifications (WooCommerce), and plugin notifications. By default, WordPress uses PHP's mail() function — and that's the root of most deliverability problems.
The PHP mail function sends email directly from your web server without proper authentication. Most mailbox providers treat these emails with suspicion, and they frequently end up in spam.
Why WordPress Emails Go to Spam
The PHP mail() Problem
WordPress's default wp_mail() function uses PHP's built-in mail handler. This means:
- Email is sent from your web server's IP address, which isn't configured as a mail server
- No DKIM signing — the emails aren't cryptographically signed
- SPF may fail — your web server's IP probably isn't in your SPF record
- No proper SMTP authentication
- The sending IP often has poor reputation (shared hosting IPs send email from many sites)
Shared Hosting Compounds It
If you're on shared hosting, your web server's IP is shared with hundreds of other sites. If any of those sites send spam, the IP's reputation drops — and your WordPress emails are affected.
The Fix: Use an SMTP Plugin
The solution is to route WordPress email through a proper email service using SMTP instead of PHP mail.
Popular SMTP Plugins
| Plugin | Best For |
|---|---|
| WP Mail SMTP | Most popular, supports all major providers |
| Post SMTP | Detailed logging and troubleshooting |
| FluentSMTP | Free, supports multiple connections |
Setup Process
Choose an email sending service
Use a transactional email service: SendGrid, Amazon SES, Mailgun, Postmark, or even Gmail/Google Workspace SMTP.
Install an SMTP plugin
Install WP Mail SMTP, Post SMTP, or another SMTP plugin from the WordPress plugin repository.
Configure the plugin
Enter your email service's SMTP credentials (server, port, username, password or API key).
Set up authentication DNS records
Add SPF and DKIM records for your email service to your domain's DNS.
Send a test email
Use the plugin's test email feature to verify everything works. Check that the test email passes SPF, DKIM, and DMARC.
Check your WordPress domain
Run a free deliverability check on your domain. Verify that SPF, DKIM, and DMARC are correctly configured after setting up SMTP.
Post SMTP: Troubleshooting Flagged Emails
Post SMTP is particularly useful because it logs every email WordPress sends and shows delivery status. If Post SMTP shows an email flagged as spam:
- Check the log entry — Post SMTP shows the full SMTP conversation, including error codes
- Review the sending service — The issue is usually with authentication, not the plugin itself
- Verify DNS records — Check your domain for SPF, DKIM, and DMARC issues
- Check the From address — Ensure it matches a domain you've authenticated
Common Post SMTP error patterns:
| Error | Cause | Fix |
|---|---|---|
| Authentication failed | Wrong SMTP credentials | Re-enter credentials from your email service |
| Message rejected | SPF/DKIM/DMARC failure | Add proper DNS records for your sending service |
| Connection timeout | Firewall blocking port 587/465 | Contact hosting provider or use API-based sending |
| Recipient rejected | Invalid address or blacklist | Check bounce details in the log |
WooCommerce Email Deliverability
WooCommerce adds transactional email to your WordPress site — order confirmations, shipping notifications, refund confirmations. These are critical emails that must reach customers.
WooCommerce-Specific Setup
- Use SMTP for all WooCommerce emails — The SMTP plugin applies to all
wp_mail()calls, including WooCommerce - Use a consistent From address — Set the same From address in WooCommerce settings and your SMTP plugin
- Don't use noreply@ if possible — Replies to order emails are valuable customer service data
- Test every email type — WooCommerce has many email templates. Trigger each one (new order, processing, completed, refunded) to verify they all deliver
High-Volume WooCommerce Stores
If your store sends hundreds of order emails daily:
- Consider a transactional email service designed for volume (SendGrid, Amazon SES, Postmark)
- Use a dedicated sending subdomain (e.g.,
orders.yourdomain.com) - Monitor delivery rates through your email service's dashboard
Choosing an Email Service for WordPress
| Service | Free Tier | Best For |
|---|---|---|
| SendGrid | 100 emails/day | Medium to high volume, detailed analytics |
| Amazon SES | $0.10 per 1,000 emails | High volume, cost-sensitive |
| Mailgun | 100 emails/day (trial) | Developers, API integration |
| Postmark | 100 emails/month (trial) | Transactional email focus, excellent deliverability |
| Google Workspace SMTP | Included with Workspace | Low volume, already using Workspace |
For most WordPress sites, Google Workspace SMTP (if you already have it) or SendGrid's free tier covers the volume needed for forms and notifications.
WordPress Email Best Practices
Keep Plugins Updated
Outdated plugins with security vulnerabilities can be exploited to send spam from your server. This gets your IP blacklisted and damages deliverability for all email from your domain.
Protect Contact Forms
Contact form spam is a WordPress-specific problem:
- Use reCAPTCHA or hCaptcha on all forms
- Add honeypot fields to catch bots
- Rate-limit form submissions
- Don't auto-reply to form submissions with the sender's input (this enables spam relay)
Monitor Your Sending
Check your email service's logs weekly:
- Are emails being delivered?
- Are bounce rates normal?
- Are any emails being flagged or rejected?
Without monitoring, WordPress email can fail silently — and you won't know until a customer complains they never received their order confirmation.