Is WordPress not sending emails? Or are the emails your WordPress site sends getting flagged as spam? In this post, we’ll cover how to fix both issues related to WordPress email deliverability. We’ll explain why WordPress email problems frequently happen and offer some strategies for increasing email deliverability.
WordPress Email Issues: WordPress Not Sending Emails or Emails Ending Up in Spam
Why won’t emails from WordPress come to my inbox? It’s a common problem. Why do WordPress emails from contact forms, ecommerce orders and other WordPress functions sometimes end up in the spam folder or not get delivered at all?
The simple answer is the ongoing battle between spammers and email providers. Spammers want their messages to be delivered to the inbox and email providers want to filter out as much spam as possible.Spam emails are generated by (often compromised) servers sending millions of emails each minute.
In an effort to combat spam, email service providers (like Gmail, Office 365, corporate email systems, etc.) tighten restrictions on server-generated email. In order for server-generated emails to be delivered to an inbox, it’s common for an email provider to require some kind of authentication. Since server-generated emails often spoof email addresses and lack this authentication, much spam can be eliminated.
However, since legitimate WordPress emails are also server-generated, they can be categorized as spam by an email provider and either be placed in the spam folder or not delivered at all. These legitimate emails from WordPress can include password resets, contact form notifications, order notifications, etc.
Why Do WordPress Emails Get Flagged as Spam?
WordPress includes a built-in function called wp_mail. The wp_mail function called by WordPress core as well as plugins to generate an email when required in a transaction with the user. When you read transaction, don’t think ecommerce. Think about any interaction with the user (or “transaction”) from password resets, to notifications of form entries and orders.
Automatically-generated (transactional) emails from your WordPress site frequently lack the verification credentials possessed by “real” email sent by webmail or an email app. If emails lack the proper credentials, they are frequently caught in spam filters employed by email providers.
How to Certify Emails Sent From a WordPress Website
To understand what’s really going on behind the scenes with email deliverability, let’s go over some technical details of email certification. Don’t worry if this seems overwhelming or you get an acronym headache, as we’ll cover more straight-forward ways to solve email deliverability issues later in the post.
There are three ways to certify emails to avoid spam filters:
DKIM – DomainKeys Identified Email
DKIM is a protocol that allows an organization to authenticate to email providers that a message is legitimate. Here’s an excellent explanation for how to explain dkim in plain English. DKIM is a very complicated process, and is usually set up as a TXT record in a domain’s DNS settings.
SPF – Sender Policy Framework
SPF is also typically a TXT record in a domain’s DNS settings, and indicates which servers are authorized to send main for a domain.
DMARC – Domain-based Message Authentication, Reporting and Conformance
DMARC is also typically a TXT record in a domain’s DNS settings, and serves as another authentication protocol designed to prevent email address spoofing. DMARC extends DKIM and SPF by making sure an email’s FROM address is aligned with a domain that the server can “legally” send email from. It also gives instructions on how to handle messages that fail authentication, and provides an email address for feedback about messages using a domain name.
The Difference Between DKIM, SPF and DMARC
- Basically, DKIM validates the message itself while SPF validates the server it was sent from. DMARC uses them both and also offers some policies and a feedback mechanism.
- So, you need all three to properly certify emails.
- Here’s a good summary if you want more detail: Understanding SPF, DKIM & DMARC.
How to Set Up DNS Records
Now that we’ve covered email certifications, what do you do? If you’re still attempting to send emails from your WordPress site (from your server), you’re going to need DNS records properly configured for your domain.
How to Check if DNS Records Exist Already
If you’re using cPanel for your hosting, find the DNS area, and find the Zone editor.
- Check your domain’s DNS settings and look for existing records. You’ll see SPF, DKIM, and DMARC at the beginning of the entry. They will likely be TXT records.
- A typical SPF record looks something like this: v=spf1 +a +mx +ip4:192,168.1.1~all
- A typical DKIM record looks like this (you probably won’t have this): v=DKIM1; k=rsa; p= RcWG3v2kuwyGThCVUjQtTM40M3yi3dNjoHT5OezyldVrTRcefT0E34T7GiMAo572Nh85SC0NgZt1ZJJ
- A typical DMARC record looks like this: v=DMARC1;p=none;sp=quarantine;pct=100;rua=mailto:firstname.lastname@example.org;
What if DNS Scares You?
Yep, it should. The screw-up-ability factor in DNS settings is high. You can really make a mess if you don’t know what you’re doing with DNS records. This is where it pays to have a host with phenomenal support (like Liquid Web). A good host should have no problem helping you get your DNS settings correct.
For New Accounts
If you’re setting up a new account in cPanel, make sure you check the boxes under DNS Settings to Enable DKIM and Enable SPF on this account.
- You’ll still need to set up a DMARC record and cPanel can’t do this automatically because it contains information about policies and the reporting email address.
- But cPanel does give you something of a wizard in the Zone Editor. Click Manage beside the domain in question then click the dropdown beside the Add Record button and choose DMARC.
- Note: some cPanel installs may not give you DMARC as an option so you’ll have to reach out to your web host to add DMARC for you or give you the option in cPanel.
For Existing Hosting Accounts
- You can set up DMARC using the same process above.
- You can set up SPF and DKIM in cPanel under Email Deliverability.
- This wizard will analyze your existing records, show any problems that exist, and allow you to install the correct records.
- NOTE: If you’re using third-party email services like Google Apps, Office 365, Zoho Mail, etc., you’ll want to get your SPF and DKIM records from them (you probably added those when you set up those services).
- cPanel may want to try to overwrite those with its own, which can cause deliverability problems. So don’t overwrite them.
Emails From My WordPress Site Aren’t Being Delivered. How Do I Fix This Issue?
Now that we understand the fundamentals of email deliverability, let’s go through another set of questions to help explain why your WordPress emails aren’t being sent (or delivered).
Have You Been Blacklisted?
If spam complaints have been made against your server’s IP address, your server could get blacklisted. If this happens, ALL email coming from your server’s IP address will be considered suspect by email providers and end up in spam folders or not delivered at all.
You can check to see if your server’s IP is blacklisted here: http://mxtoolbox.com/blacklists.aspx
If you’re not sure what your server’s IP address is, a simple way to find it is to open a Command Prompt in Windows or a Terminal in MacOS and type ping domain.com (obviously replace domain.com with the domain name in question).
A Popular Option: Using WordPress SMTP Plugins
WordPress SMTP plugin sare one option for solving the transactional email problem. A plugin like WP Mail SMPT will allow you to use the SMTP settings of an existing email account like Gmail to replace the standard wp_mail function.
Unfortunately, the wide use of plugins like these has resulted in Gmail and others to crack down on this use of their SMTP servers for this purpose. If you’re using a Gmail account for SMTP, you might find your account shut down without warning (ask me how I know this) . What’s worse, you probably won’t know your account has been shut down other than your website fails to send email. So, if you’re looking for reliability, this is not the best option.
Better Than WordPress SMTP Plugins: Transactional Email Services
A better approach to sending transactional email in WordPress is using one of the many third-party services that specialize in this area. Transactional email services are superior to using a regular SMTP server because they provide reporting (some are better than others). Email reporting is critical when you want to check on the status of a particular email, whether it was delivered, undeliverable, opened, bounced, etc.
Comparing 4 Transactional Email Services for WordPress
There are lots of different options available for a third-party transactional email service. Below are some that are more common in the WordPress space.
1. Amazon SES
- Like most Amazon Web Services, SES is very inexpensive for light use ($0.10 per 1000 emails). No free level for using SES to send WordPress emails (unless your site is hosted on Amazon EC2). But pricing is cheap at $0.10 per 1000.
- Reporting isn’t great. You can only see send statistics as a count, not the status of individual emails (was it opened or did it bounce?)
- Using Amazon’s AWS Simple Email Service (SES) is an option for WordPress with two plugins. Just note that even with these plugins, it’s hard to set up.
- Solid, reliable transactional email delivery with good reporting features.
- Send 10,000 emails free each month.
- Downside is that setup is complicated. Involves validating the account with a credit card and SMS code, setting up a subdomain on your server, validating the server with SPF and DKIM records, and setting up MX records.
- Once set up, Mailgun can be implemented via an API key in WordPress with their official plugin:
- Currently my service of choice for client WordPress websites.
- Send 100 emails per day free. Plenty for most basic websites.
- Setup is simple, just create an API key and copy and paste into WordPress.
- Reporting UI is excellent. You can see all information for emails sent within the last 3 days. For 30 days of history, you have to upgrade to a paid plan.
- Implement Sendgrid in WordPress with their official plugin:
- I have not tried this option personally, but it comes highly recommended from sources I trust.
- Send 300 emails each day free.
- Setup is reported to be simple, like Sendgrid, with good reporting.
- Sendinblue also integrates email marketing and SMS marketing services free.
- This is definitely an option to investigate.
- Integrate with WordPress using their official plugin:
Transactional Email Services Comparison Chart
|Service||Free Tier||Paid Tier||Setup||Reporting|
|Amazon SES||None||$0.10 per 1,000||Difficult||Poor|
|Mailgun||10,000/mo||100,000 @ $79/mo||Difficult||Good|
|Sendgrid||100/day||60,000 @ $14.95||Easy||Great|
|Sendinblue||300/day||40,000 @ $25/mo||Easy||Good|
More Tips for Transactional Email
Here are a few more tips to make sure emails are being delivered via a transactional email service.
Check Your Form Notification Settings
It’s common to set up form entry notifications with the From as the email address of the user who filled out the form. However, what you’re actually doing here is spoofing an email address because the notification is sent from the server, not the actual user. As a result, notifications with the user as the From are frequently marked as spam or not delivered at all. You need to make the From an email address that you control so that it’s validated by DKIM and/or SPF. Quality form plugins (like Gravity Forms) allow you to specify different email addresses for From and Reply to .
- Form notification is sent to the recipient from email@example.com.
- Form reply to is set to the user’s email address.
- This way, the notification is sent from an address that can be validated, and if you reply to the notification, the email goes to the user.
- Note: The noreply address does not even need to exist. If it does, make sure there’s an autoresponder telling anyone who emails it that the mailbox is not monitored. Also, be sure that mail doesn’t collect in the noreply inbox and is automatically deleted.
Check Your Third-Party Email Service Settings
If you’re using something like Google GSuite or Microsoft Office 365 for your emails, adding DMARC, DKIM and SPF records is part of the set-up process. If you don’t add those records, your emails will not be correctly signed and will likely end up in spam folders.
If you’ve been using one of these services for a long time and set them up before DMARC, DKIM and SPF records were part of the process, be sure to go back and add them or your emails might not be delivered.
Schedule a Blacklist Check Regularly
Schedule a (monthly?) reminder to check MXToolbox’s blacklist for the IP addresses of all servers where you have websites. Go to https://mxtoolbox.com/blacklists.aspx.
Bonus Tips for Transactional Email When Working with Clients
Reference Email Delivery in Your Contract or Terms of Service
Nobody wants to be sued by a client who claims to have missed a million-dollar deal because a contact form notification didn’t appear in their inbox. Since there is a potential liability here, you want a strong disclaimer in your contract. State that you can only control the sending but not the receipt of emails. You’ll want a local attorney to review this statement.
Include Transactional Email Setup in Your Launch Process
I set up a separate transactional email service account for each client when a site launches. By setting up a separate account for each client, you’ll have access to reports specific to them (showing sends, receipts, and opens) should an issue with deliverability ever arise. You’ll also more easily be able to stay under the daily send limit for free transactional email services.