Almost all websites need to send out emails for one reason or another, whether you are sending out emails from WordPress or any other CMS system, the most common reason being your contact form, but there are plenty of other emails which website owners often do not consider when checking email deliverability, such as:-
- Notifications to your blog or newsletter subscribers.
- Plugin notifications
- Notifications, warnings or reports from your security plugins
- comments on blog posts
- Register emails
- Password reset emails
There are many issues which can affect your outgoing email deliverability and getting your website to send out emails reliably can sometimes be a problem.
Some of the common questions I see on my WordPress groups include:-
- “why are emails from my website going into junk mail folder”
- “I am not receiving emails from my contact form”
- “emails from my website have vanished”
Here I will cover some of the things you need to check and configure to ensure that email from your website is sent reliably.
Check email FROM address
This is one of the most common causes I find when troubleshooting email issues for clients.
When you send out email from your website, you must make sure that the email is sent FROM your own domain, i.e. the domain of the website where the email is being sent from.
I will often find that clients have set their forms to use the email address of the person filling in the form. As a result, the email is going to fail any authentication checks and will be flagged as spam or blocked (see below).
If you want to be able to reply directly to the person who completed the form, then you should set their email as the REPLY-TO header instead. Most form plugins will allow you to do this.
One of the key factors in making sure your email does not get flagged as spam and your domain does not get blacklisted is email authentication. There are multiple authentication methods available, which include SPF, DKIM and DMARC.
Getting all of this setup is referred to as domain alignment, and this is something most website designers and owners do not understand and do not do, and is thus the most common reason for emails being flagged as spam and also for emails being spoofed from your domain.
SPF is the most widely deployed solution and should suffice for the purpose of this article, so is the only one I will discuss here. However, I would suggest that you follow the links above and educate yourself on all the methods to further mitigate spam and blacklisting problems.
SPF (Sender Policy Framework)
What it is: SPF is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send mail from that domain.
How it works: Brands sending an email will publish SPF records in the Domain Name System (DNS). These records list which IP addresses (servers) are authorized to send email on behalf of their domains.
During an SPF check, email providers (MTA’s) verify the SPF record by looking up the domain name listed in the “envelope from” address in the DNS. If the IP address sending the email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication and thus receive a spam score.
There are no specific rules about how to treat an email failing an spf check. Different providers (MTA’s) will apply different rules, some will just give it a spam score and some will reject the email altogether.
Why it matters: An SPF-protected domain is less attractive to phishers, and is, therefore, less likely to be blacklisted by spam filters, ensuring legitimate email from that domain is delivered.
Your SPF records must cover all servers/IP’s that will send mail for your domain. You can use the SPF wizard to create your SPF record.
Blacklists are another common issue that most website owners are not aware of. Server IP addresses and domain names often get blacklisted due to sending spam, which results in your emails being blocked.
If you have not done your domain alignment, anyone can spoof emails from your domain, this could be spam, phishing emails, scam emails etc.
Most mail servers (MTA) will be set to check a number of blacklists for each incoming email, and if either the sending MTA or domain is on any of those blacklists, this will increase the spam score. Different providers will use different blacklists and apply different scores.
This is a common problem for hosting providers, especially where everything related to your domain is hosted on the same server, which is the setup for most cpanel hosts.
So if any other customer on the same server is sending out spam, or their website gets hacked, then this will affect your domain reputation as well.
I recommend that you set up blacklist monitoring for your domain in order to keep tabs on this problem.
This is one reason why I do not recommend to use your web server for sending email, instead use an external service (see below).
The default when sending email is to use PHP Sendmail, this will result in emails being sent from the default server address instead of your own domain, which if you have done your domain alignment, which causes the emails to then fail authentication/alignment checks at the receiving MTA.
To ensure proper authentication of your outgoing mail and also for better reliability, you should send out emails using SMTP, from a mailbox setup specifically for this purpose. E.g. website@yourdomain.
Due to the reasons mentioned above, for the best reliability and business continuity, I generally recommend separating your email from your website hosting and using an external email provider such as Google G Suite or at the very least an SMTP relay service for your website email.
Gmail or G Suite
If you use Gmail or g suite, then you can use this account for relaying email from your website too. However you should be aware of the following caveats.
- The Gmail sending limit is about 100-150 emails per day via SMTP. The limit via the Gmail interface is 500 per day.
- The limit for Google Workspace accounts is 2000 emails per day, which is more than enough for most sites. See here for more details.
- If you use your own email account to send smtp mail, remember that changing your email password will break outgoing email from your website, so you must remember to also change it on your website too. It is better to have a separate email account just for sending email from the website.
- Setting up a dedicated mailbox will incur addiitonal cost as you will need to use up a workspace license.
If you are a G Suite customer, then you can also use their SMTP relay service instead, which would be preferable.
If you use WordPress then I suggest using the gmail-smtp plugin, which uses OAuth to send emails instead of authenticating with your username and password, however be aware that will still stop working if that user changes their password.
Other SMTP Relays
There are a ton of other SMTP relay providers out there to choose from such as Mailersend, Mailgun, Sendgrid, sendinblue, mailchannels, smtpauth etc, depending on your requirements and budget. Just do a Google search and take your pick.
I use Mailersend these days, which has proved to be very reliable, gets blacklisted far less frequently than othe rI have used, and has a free plan with 120,000 emails per month.
You also get lots of advanced features with these services, such as mailing lists, tracking, bounce processing, logs, analytics and more.
As with any bulk email relay service, they are sending millions of emails per hour, and their IP’s do get blacklisted, which can cause some issues as they do not always do a brilliant job of monitoring the blacklists and getting IP’s removed.
However most do have the option of a dedicated IP address if you are willing to pay, which means you are the only domain sending email from that IP address, so the only person that can get you blacklisted is you.
Once you have everything setup, you then need to test your domain alignment and that emails sent from your website are not being flagged as spam.
This handy mail tester tool from Mailgenius makes that super easy.