Skip to main content
+44 7575 472931[email protected]
HostAccentKnowledge BaseHosting, websites, SEO, and growth

WordPress Emails Going to Spam? Here's the Actual Fix

Are your WordPress emails going to spam? Learn why contact forms, WooCommerce orders, and password resets land in junk—and how to fix email delivery.

WordPressTroubleshootingLinux Hosting
WordPress emails going to spam – fix SMTP deliverability settings properly

Your WordPress emails going to spam is a problem that costs you money. WooCommerce order confirmations land in junk — customers think their order didn't go through. Contact form submissions disappear — potential clients never hear back. Password reset emails never arrive — users can't log in and leave. The most common symptom is a WordPress contact form landing in the spam folder, where nobody ever sees it.

And you might not even know it's happening until someone tells you.

The reason is simple, and the fix isn't complicated once you understand what's going on.

Why WordPress emails go to spam

By default, WordPress sends email using PHP's mail() function. This sends emails directly from your server without any authentication. To email providers (Gmail, Outlook, Yahoo), these emails look exactly like what spammers send — no verified sender, no encryption, no proof that your domain authorized the email.

Think of it like sending a letter with no return address. It might arrive, but it'll probably be treated with suspicion.

Three things make this worse:

1. Shared hosting IP reputation. On shared hosting, hundreds of sites share one IP address. If anyone on that server sends spam, the IP gets blacklisted — and all your emails get flagged too. You didn't do anything wrong, but you share the punishment.

2. Missing DNS records. SPF, DKIM, and DMARC records tell email providers "yes, this server is authorized to send email for this domain." Without them, Gmail has no way to verify your emails are legitimate.

3. "From" address mismatch. WordPress often sends from [email protected] — an address that doesn't actually exist. Some email providers flag this immediately.

The fix: SMTP authentication

Instead of using PHP mail(), configure WordPress to send through a proper SMTP server that authenticates your emails. This is the same way your email client (Gmail app, Outlook) sends email — with login credentials and encryption.

Step 1: Choose an SMTP provider

Free options (good for most sites):

  • Brevo (formerly Sendinblue): 300 emails/day free
  • SMTP2GO: 1,000 emails/month free
  • Gmail SMTP: Use your existing Gmail account (limit ~500/day)

Paid options (for WooCommerce / high volume):

  • Amazon SES: $0.10 per 1,000 emails — cheapest at volume
  • Postmark: $1.25 per 1,000 — best deliverability
  • Mailgun: $0.80 per 1,000 — developer-friendly

For a WooCommerce store sending order confirmations, shipping updates, and marketing emails — you'll want a paid provider above ~500 orders/month.

Step 2: Install WP Mail SMTP plugin

bash
WordPress Admin → Plugins → Add New → Search "WP Mail SMTP" → Install → Activate

Go to WP Mail SMTP → Settings:

  • From Email: Use a real email address at your domain ([email protected])
  • From Name: Your business name
  • Mailer: Select your SMTP provider
  • Enter the SMTP credentials your provider gives you

Each provider has different settings. Example for a generic SMTP setup:

bash
SMTP Host: smtp.yourprovider.com
SMTP Port: 587
Encryption: TLS
Username: your-smtp-username
Password: your-smtp-password

Step 3: Set up DNS records

This is the step people skip — and it's the most important one for deliverability.

SPF record — tells email providers which servers can send email for your domain:

bash
Type: TXT
Name: @
Value: v=spf1 include:yourprovider.com ~all

DKIM record — cryptographic signature proving the email wasn't tampered with. Your SMTP provider gives you this value:

bash
Type: TXT
Name: mail._domainkey (or whatever your provider specifies)
Value: v=DKIM1; k=rsa; p=MIGfMA0GCS... (long key from provider)

DMARC record — tells providers what to do with emails that fail SPF/DKIM:

bash
Type: TXT
Name: _dmarc
Value: v=DMARC1; p=quarantine; rua=mailto:[email protected]

All three records go in your domain's DNS settings (Cloudflare, GoDaddy DNS, wherever your domain points).

Step 4: Test it

WP Mail SMTP has a built-in test: WP Mail SMTP → Tools → Email Test

Send a test email to your Gmail. Check:

  • ✅ Did it arrive in inbox (not spam)?
  • ✅ Click "Show original" in Gmail — does it show SPF: PASS, DKIM: PASS, DMARC: PASS?

If any show FAIL, your DNS records aren't set up correctly. DNS changes can take up to 24 hours to propagate.

External verification:

bash
# Check SPF record
dig TXT yourdomain.com | grep spf

# Check DKIM
dig TXT mail._domainkey.yourdomain.com

# Check DMARC
dig TXT _dmarc.yourdomain.com

WooCommerce-specific email issues

WooCommerce sends a lot of transactional emails:

  • New order confirmation (to customer AND admin)
  • Payment complete
  • Shipping notification
  • Refund notification
  • Account creation

If these go to spam, your customers think something went wrong. Some will initiate chargebacks or contact support — both cost you time and money.

Extra steps for WooCommerce:

1. Use a real "From" address. Not [email protected] — use [email protected] or [email protected]. "Noreply" addresses get flagged more often.

2. Customize email templates. WooCommerce → Settings → Emails. Plain text emails with minimal HTML perform better for deliverability than heavily branded HTML emails.

3. Separate transactional from marketing. Use your SMTP provider for order confirmations (transactional). Use a different service for newsletters and promotions (marketing). Mixing them hurts deliverability of your important transactional emails.

When your server IP is already blacklisted

If you're on shared hosting and the server IP is on a blacklist, even SMTP might not fully solve the problem — because some emails might still route through the server for non-WordPress functions.

Check your server IP: Go to mxtoolbox.com/blacklists.aspx and enter your server IP.

If it's listed on multiple blacklists, you have two options:

  1. Use an external SMTP provider (solves it for WordPress emails)
  2. Move to a VPS with a clean IP (solves it for everything)

On a VPS, you have your own IP address. Nobody else's behavior affects your email reputation.

Self-hosted SMTP on VPS (advanced)

If you're on a VPS, you can run your own mail server with Postfix:

bash
sudo apt install postfix -y
# Choose "Internet Site" during setup

Then configure SPF, DKIM (with OpenDKIM), and DMARC. This gives you full control but requires ongoing maintenance. For most people, an external SMTP provider is less work and more reliable.

Quick checklist

bash
□ Install WP Mail SMTP plugin
□ Configure with a real SMTP provider
□ Set "From" address to a real email at your domain
□ Add SPF record to DNS
□ Add DKIM record to DNS
□ Add DMARC record to DNS
□ Send test email to Gmail — check inbox, not spam
□ Verify SPF/DKIM/DMARC pass in email headers
□ Test WooCommerce order emails specifically

The hosting connection

Email deliverability starts with your server. Shared hosting's shared IPs are the #1 reason WordPress emails go to spam in the first place. A VPS with a dedicated IP removes the shared reputation problem entirely. Combine that with proper SMTP configuration and DNS records, and your WordPress emails reliably land in inbox — not spam.

Last updated

Jul 15, 2026

HostAccent Editorial Team publishes practical hosting guides, operations checklists, and SEO-focused tutorials for businesses building international web presence.

Discussion

Have a question or tip about this topic? Share it below — your comment will appear after review.

Your email stays private and is only used for moderation.

Write for the Community

Have a tutorial, tip, or insight to share? Get published on the HostAccent Blog with your name, bio, and website link.

Become a Contributor

Need a faster setup for this workflow?