WordPress powers over 40% of all websites, and virtually every WordPress site sends email — contact form notifications, WooCommerce order confirmations, account registration emails, password resets, and comment notifications. By default, WordPress uses PHP's built-in mail() function to send email — a configuration that produces some of the worst email deliverability of any platform. PHP mail() sends email through the local server's SMTP agent without SPF alignment, without DKIM signing, and from a server IP that has no established sending reputation. The result: WordPress email from default configurations has inbox placement rates that often fall below 50% at Gmail and Microsoft. This guide covers the configuration changes that turn WordPress email from unreliable to production-quality deliverability.
Why WordPress Email Fails by Default
WordPress's default email architecture was designed for simplicity, not deliverability. By default, WordPress uses the wp_mail() function, which calls PHP's mail() function, which passes the message to the server's local mail agent (typically Sendmail or Postfix configured for local delivery). This local mail agent delivers the email through the server's own IP address — the same IP that hosts the website.
The deliverability problems with this architecture compound in several ways: (1) Web hosting server IPs are not configured for email reputation — the IP has no SNDS registration, no FBL enrollment, and typically no PTR record. ISPs treat email from unknown, low-reputation IPs with high suspicion. (2) The From: address in WordPress email is often set to "wordpress@yourdomain.com" or a similar address — but the SPF record for yourdomain.com does not include the hosting server's IP, causing SPF softfail or fail. (3) No DKIM signing — the local mail agent does not sign outgoing email with DKIM, producing unauthenticated email that DMARC evaluates as failing. (4) The hosting server IP is often on shared hosting where other customers on the same IP have been sending spam — inheriting poor IP reputation.
The PHP mail() and PHPMailer Problem
WordPress includes PHPMailer as its underlying email library — PHPMailer is a solid email sending library that supports SMTP, TLS, authentication, and HTML email. The problem is not PHPMailer itself; it is how WordPress calls it by default. By default, WordPress calls PHPMailer in "mail" mode — using PHP's built-in mail() function rather than SMTP mode. In mail mode, PHPMailer passes messages to the system's local mail agent rather than connecting directly to a remote SMTP server.
The fix is straightforward: configure WordPress to use PHPMailer in SMTP mode, pointing at an authenticated external SMTP relay (Postmark, Mailgun, Gmail Workspace, or another SMTP service). In SMTP mode, WordPress authenticates to the remote SMTP server, the remote server adds DKIM signing and sends from its own IP pool (which has established reputation), and the email arrives at the recipient's inbox authenticated and from a known-reputation source. This configuration change alone typically improves WordPress email inbox placement from below 50% to 90%+.
Setting Up SMTP in WordPress
The manual method for enabling SMTP mode in WordPress (without a plugin) requires adding code to the wp-config.php or a custom plugin that hooks into the phpmailer_init action:
// Add to functions.php or a custom plugin:
add_action( 'phpmailer_init', function( $phpmailer ) {
$phpmailer->isSMTP();
$phpmailer->Host = 'smtp.postmarkapp.com'; // Your SMTP server
$phpmailer->SMTPAuth = true;
$phpmailer->Port = 587; // TLS submission port
$phpmailer->SMTPSecure = 'tls'; // Use TLS
$phpmailer->Username = 'YOUR_API_KEY'; // Postmark API key as username
$phpmailer->Password = 'YOUR_API_KEY'; // Postmark API key as password
$phpmailer->From = 'noreply@yourdomain.com';
$phpmailer->FromName = 'Your Site Name';
} );
The manual code method is functional but requires direct code editing and is not updateable through the WordPress admin. SMTP plugins provide the same configuration through the WordPress admin interface without code editing — recommended for most WordPress operators.
Recommended SMTP Plugins
WP Mail SMTP (by WPForms): The most widely installed WordPress SMTP plugin with 3M+ active installations. Supports all major SMTP providers through a guided setup wizard: Gmail/Google Workspace, SendGrid, Mailgun, Postmark, SparkPost, and custom SMTP. Includes email logging (stores sent email records in WordPress database), a deliverability test tool, and email failure alerts. Free version covers basic SMTP configuration; paid version adds advanced features including email log alerts and additional provider integrations. Best for: most WordPress sites, especially those using WooCommerce or contact form plugins that generate high email volume.
FluentSMTP: Free, open-source SMTP plugin with multi-provider support including Postmark, Amazon SES, Mailgun, Brevo, and custom SMTP. Includes email logging without the paid upgrade barrier that WP Mail SMTP requires for logging. Supports routing different email types through different SMTP connections — WooCommerce transactional email through Postmark, newsletter email through Brevo. Best for: developers and advanced users who want more control than WP Mail SMTP's free tier provides without a paid subscription.
Post SMTP (formerly Postman SMTP): An alternative to WP Mail SMTP with Gmail OAuth support and email logging. Free plugin with good reputation for reliability. Best for: sites specifically using Gmail Workspace for their sending domain where OAuth authentication is preferred over app passwords.
WooCommerce Email Configuration
WooCommerce sends a large volume of transactional email — order confirmations, order status updates, shipping notifications, customer invoices, and new order admin notifications. WooCommerce uses WordPress's wp_mail() function for sending, so the SMTP plugin configuration in the previous section applies directly to WooCommerce email as well. Once an SMTP plugin is configured, all WooCommerce transactional email automatically routes through the configured SMTP relay.
WooCommerce-specific email configuration: WooCommerce → Settings → Emails provides a list of all WooCommerce email types with the ability to configure each independently. Review and configure: (1) Sender name and email address — set to the store's name and a branded email address (noreply@store.com, orders@store.com) rather than the WordPress admin email. (2) Email header image — upload the store's logo for consistent branding. (3) Email footer text — include customer service contact information. (4) Test email button — available for each email type to send a test to the admin email address and verify delivery before customers receive these emails.
For high-volume WooCommerce stores (above 1,000 orders per month generating significant transactional email), consider routing WooCommerce email through a dedicated transactional ESP (Postmark or Mailgun) via their specific WooCommerce integration plugins. These dedicated transactional ESPs provide better delivery speed, better per-message delivery logging, and dedicated IP pools for transactional email — important for stores where order confirmation delivery speed directly affects customer experience.
Authentication for WordPress Sending Domains
Once an SMTP plugin routes WordPress email through an external SMTP relay, the authentication configuration depends on the relay provider. For each provider, the authentication DNS records must be published on the WordPress site's sending domain:
Postmark: Provides custom domain DKIM (d=yourdomain.com), SPF include mechanism (include:spf.mtasv.net), and DMARC alignment. Configure in the Postmark account → Domains section. After publishing the provided DNS records, verify in Postmark's domain verification tool. Result: all WordPress email from the Postmark relay is DKIM-signed, SPF-passing, and DMARC-aligned.
Mailgun: Configure domain authentication in Mailgun → Sending → Domains. Mailgun provides DKIM and SPF records for the sending domain. Custom domain DKIM (d=yourdomain.com) is available on Flex and Scale plans — verify the plan includes custom DKIM before configuring.
Gmail Workspace (SMTP relay): When using Google Workspace SMTP relay for WordPress email, the sending domain must have Google's SPF mechanism (include:_spf.google.com) in the SPF record and Google's DKIM selector configured. Google Workspace SMTP relay provides DKIM signing from Google's infrastructure when sending through smtp.gmail.com — this aligns with the domain's authentication if correctly configured.
Testing WordPress Email Delivery
After configuring the SMTP plugin, test WordPress email delivery to confirm authentication is working correctly:
WP Mail SMTP test tool: WP Mail SMTP → Tools → Email Test. Enter a Gmail address and send a test. Review the test result page — WP Mail SMTP reports whether the test email was accepted by the SMTP relay. Then check the Gmail address to confirm the email arrived in the inbox (not spam) and view the full headers to verify dkim=pass, spf=pass, and dmarc=pass.
Mail-tester.com: Get a test address from mail-tester.com. Use WP Mail SMTP's Test Email feature to send a test to the mail-tester.com address. View the score report — 8-10/10 is acceptable. Any deductions for authentication indicate configuration issues to address. Deductions for blacklisted IP indicate the SMTP relay's IP pool has reputation issues — consider switching to a different SMTP provider or upgrading to a plan with better IP pool management.
Common WordPress Email Problems and Fixes
WordPress email not sending at all after SMTP plugin installation: Check the SMTP plugin's email log (if logging is enabled) for error messages. Common causes: incorrect SMTP credentials, incorrect SMTP hostname or port, hosting provider blocking outbound port 587 (contact host to unblock), or SSL/TLS mismatch (try switching between TLS and SSL settings).
WordPress email going to spam despite SMTP configuration: Verify authentication records are correctly published in DNS (check with MXToolbox). Verify the From: address domain matches the authenticated domain — using noreply@wordpress-admin-email.com as From: when the SMTP relay is authenticated for yourdomain.com creates DMARC misalignment. Check the SMTP provider's dashboard for any reputation warnings or policy violations on the account.
WooCommerce order emails not arriving: Check the WooCommerce → Settings → Emails configuration to confirm emails are enabled. Check the SMTP plugin's email log to confirm WooCommerce email is being submitted to the SMTP relay. If emails appear in the log but do not arrive, the SMTP relay is accepting but potentially filtering — check the SMTP provider's sent email log for delivery status.
WordPress contact form emails not delivering: Contact form plugins (WPForms, Gravity Forms, Contact Form 7) use wp_mail() which routes through the SMTP plugin configuration. If contact form emails are not delivering after SMTP plugin configuration, check the contact form plugin's spam filter settings — contact forms often include built-in spam filtering (Akismet integration, honeypot fields) that may be catching legitimate submissions before they generate an email. Review the contact form's submission log to determine if the submission is being recorded (then email is the problem) or not recorded (the form spam filter is rejecting the submission).
WordPress email deliverability is primarily a configuration problem rather than a platform limitation. PHP mail() is the problem; SMTP with a reputable provider is the solution. The configuration takes less than 30 minutes with an SMTP plugin; the deliverability improvement is immediate and substantial. Any WordPress site that sends commercially important email — WooCommerce order confirmations, contact form responses, account management email — deserves the SMTP configuration that makes that email reliably reach its recipients.
WordPress Email Security Considerations
SMTP plugin security is important -- the plugin stores SMTP credentials (API keys, passwords) in the WordPress database. Use WordPress best practices to protect these credentials: (1) Use an API key (not a password) where the SMTP provider supports API key authentication -- API keys can be revoked and regenerated without changing the account password. (2) Store credentials using WordPress constants in wp-config.php rather than in the WordPress database (WP Mail SMTP Pro supports this). Constants stored in wp-config.php are accessible from filesystem but not from the WordPress database -- a database compromise does not expose SMTP credentials. (3) Limit WordPress admin access to trusted users only -- the SMTP plugin credentials are visible to any WordPress admin who can access the plugin settings. (4) Rotate SMTP API keys annually or after any suspected security incident.
SMTP relay provider selection for WordPress should also consider account security -- most dedicated transactional ESPs (Postmark, Mailgun) allow sending IP restrictions and webhook signatures that provide additional security. Configuring sending IP restrictions (only allow API usage from the WordPress site's hosting IP) prevents credential theft from being used to send email from other IP addresses.
WordPress email, correctly configured with an SMTP plugin and authenticated through a reputable transactional ESP, becomes one of the more reliable email delivery configurations available -- because it routes through purpose-built transactional email infrastructure rather than through general-purpose web hosting infrastructure that was never designed for reliable email delivery at scale. The configuration investment is one-time; the deliverability benefit is ongoing for the lifetime of the WordPress installation.