Your WordPress emails going to spam is a problem that costs you money. WooCommerce order confirmations land in junk — customers think their order didn't go through. Contact form submissions disappear — potential clients never hear back. Password reset emails never arrive — users can't log in and leave. The most common symptom is a WordPress contact form landing in the spam folder, where nobody ever sees it.
And you might not even know it's happening until someone tells you.
The reason is simple, and the fix isn't complicated once you understand what's going on.
Why WordPress emails go to spam
By default, WordPress sends email using PHP's mail() function. This sends emails directly from your server without any authentication. To email providers (Gmail, Outlook, Yahoo), these emails look exactly like what spammers send — no verified sender, no encryption, no proof that your domain authorized the email.
Think of it like sending a letter with no return address. It might arrive, but it'll probably be treated with suspicion.
Three things make this worse:
1. Shared hosting IP reputation. On shared hosting, hundreds of sites share one IP address. If anyone on that server sends spam, the IP gets blacklisted — and all your emails get flagged too. You didn't do anything wrong, but you share the punishment.
2. Missing DNS records. SPF, DKIM, and DMARC records tell email providers "yes, this server is authorized to send email for this domain." Without them, Gmail has no way to verify your emails are legitimate.
3. "From" address mismatch. WordPress often sends from [email protected] — an address that doesn't actually exist. Some email providers flag this immediately.
The fix: SMTP authentication
Instead of using PHP mail(), configure WordPress to send through a proper SMTP server that authenticates your emails. This is the same way your email client (Gmail app, Outlook) sends email — with login credentials and encryption.
Step 1: Choose an SMTP provider
Free options (good for most sites):
- Brevo (formerly Sendinblue): 300 emails/day free
- SMTP2GO: 1,000 emails/month free
- Gmail SMTP: Use your existing Gmail account (limit ~500/day)
Paid options (for WooCommerce / high volume):
- Amazon SES: $0.10 per 1,000 emails — cheapest at volume
- Postmark: $1.25 per 1,000 — best deliverability
- Mailgun: $0.80 per 1,000 — developer-friendly
For a WooCommerce store sending order confirmations, shipping updates, and marketing emails — you'll want a paid provider above ~500 orders/month.
Step 2: Install WP Mail SMTP plugin
bashWordPress Admin → Plugins → Add New → Search "WP Mail SMTP" → Install → Activate
Go to WP Mail SMTP → Settings:
- From Email: Use a real email address at your domain ([email protected])
- From Name: Your business name
- Mailer: Select your SMTP provider
- Enter the SMTP credentials your provider gives you
Each provider has different settings. Example for a generic SMTP setup:
bashSMTP Host: smtp.yourprovider.com SMTP Port: 587 Encryption: TLS Username: your-smtp-username Password: your-smtp-password
Step 3: Set up DNS records
This is the step people skip — and it's the most important one for deliverability.
SPF record — tells email providers which servers can send email for your domain:
bashType: TXT Name: @ Value: v=spf1 include:yourprovider.com ~all
DKIM record — cryptographic signature proving the email wasn't tampered with. Your SMTP provider gives you this value:
bashType: TXT Name: mail._domainkey (or whatever your provider specifies) Value: v=DKIM1; k=rsa; p=MIGfMA0GCS... (long key from provider)
DMARC record — tells providers what to do with emails that fail SPF/DKIM:
bashType: TXT Name: _dmarc Value: v=DMARC1; p=quarantine; rua=mailto:[email protected]
All three records go in your domain's DNS settings (Cloudflare, GoDaddy DNS, wherever your domain points).
Step 4: Test it
WP Mail SMTP has a built-in test: WP Mail SMTP → Tools → Email Test
Send a test email to your Gmail. Check:
- ✅ Did it arrive in inbox (not spam)?
- ✅ Click "Show original" in Gmail — does it show SPF: PASS, DKIM: PASS, DMARC: PASS?
If any show FAIL, your DNS records aren't set up correctly. DNS changes can take up to 24 hours to propagate.
External verification:
bash# Check SPF record dig TXT yourdomain.com | grep spf # Check DKIM dig TXT mail._domainkey.yourdomain.com # Check DMARC dig TXT _dmarc.yourdomain.com
WooCommerce-specific email issues
WooCommerce sends a lot of transactional emails:
- New order confirmation (to customer AND admin)
- Payment complete
- Shipping notification
- Refund notification
- Account creation
If these go to spam, your customers think something went wrong. Some will initiate chargebacks or contact support — both cost you time and money.
Extra steps for WooCommerce:
1. Use a real "From" address. Not [email protected] — use [email protected] or [email protected]. "Noreply" addresses get flagged more often.
2. Customize email templates. WooCommerce → Settings → Emails. Plain text emails with minimal HTML perform better for deliverability than heavily branded HTML emails.
3. Separate transactional from marketing. Use your SMTP provider for order confirmations (transactional). Use a different service for newsletters and promotions (marketing). Mixing them hurts deliverability of your important transactional emails.
When your server IP is already blacklisted
If you're on shared hosting and the server IP is on a blacklist, even SMTP might not fully solve the problem — because some emails might still route through the server for non-WordPress functions.
Check your server IP: Go to mxtoolbox.com/blacklists.aspx and enter your server IP.
If it's listed on multiple blacklists, you have two options:
- Use an external SMTP provider (solves it for WordPress emails)
- Move to a VPS with a clean IP (solves it for everything)
On a VPS, you have your own IP address. Nobody else's behavior affects your email reputation.
Self-hosted SMTP on VPS (advanced)
If you're on a VPS, you can run your own mail server with Postfix:
bashsudo apt install postfix -y # Choose "Internet Site" during setup
Then configure SPF, DKIM (with OpenDKIM), and DMARC. This gives you full control but requires ongoing maintenance. For most people, an external SMTP provider is less work and more reliable.
Quick checklist
bash□ Install WP Mail SMTP plugin □ Configure with a real SMTP provider □ Set "From" address to a real email at your domain □ Add SPF record to DNS □ Add DKIM record to DNS □ Add DMARC record to DNS □ Send test email to Gmail — check inbox, not spam □ Verify SPF/DKIM/DMARC pass in email headers □ Test WooCommerce order emails specifically
The hosting connection
Email deliverability starts with your server. Shared hosting's shared IPs are the #1 reason WordPress emails go to spam in the first place. A VPS with a dedicated IP removes the shared reputation problem entirely. Combine that with proper SMTP configuration and DNS records, and your WordPress emails reliably land in inbox — not spam.











Discussion
Have a question or tip about this topic? Share it below — your comment will appear after review.