How to reliably send email from your website 3
Solving email delivery problems

Almost all websites need to send out emails for one reason or another, the most common reason being your contact form, but there are plenty of other emails which website owners often do not consider when checking email deliverability, such as:-

  • Notifications to your blog or newsletter subscribers.
  • Plugin notifications
  • Notifications, warnings or reports from your security plugins
  • comments on blog posts
  • Register emails
  • Password reset emails

There are many issues which can affect your outgoing email deliverability and getting your website to send out emails reliably can sometimes be a problem.

Some of the common questions I see on my WordPress groups include:-

  • “why are emails from my website going into junk mail folder”
  • “I am not receiving emails from my contact form”
  • “emails from my website have vanished”

Here I will cover some of the things you need to check and configure to ensure that email from your website is sent reliably.

Check email FROM address

This is one of the most common causes I find when troubleshooting email issues for clients.

When you send out email from your website, you must make sure that the email is sent FROM your own domain, i.e. the domain of the website where the email is being sent from.

I will often find that clients have set their forms to use the email address of the person filling in the form. As a result, the email is going to fail any authentication checks and will be flagged as spam or blocked (see below).

If you want to be able to reply directly to the person who completed the form, then you should set their email as the REPLY-TO header instead. Most form plugins will allow you to do this.

Email Authentication

One of the key factors in making sure your email does not get flagged as spam and your domain does not get blacklisted is email authentication. There are multiple authentication methods available, which include SPF, DKIM and DMARC.

SPF is the most widely deployed solution and should suffice for the purpose of this article, so is the only one I will discuss here. However, I would suggest that you follow the links above and educate yourself on all the methods to further mitigate spam and blacklisting problems.

SPF (Sender Policy Framework)

How to reliably send email from your website 4

What it is: SPF is an email authentication protocol that allows the owner of a domain to specify which mail servers they use to send mail from that domain.

How it works: Brands sending an email will publish SPF records in the Domain Name System (DNS). These records list which IP addresses (servers) are authorized to send email on behalf of their domains.

During an SPF check, email providers (MTA’s) verify the SPF record by looking up the domain name listed in the “envelope from” address in the DNS. If the IP address sending the email on behalf of the “envelope from” domain isn’t listed in that SPF record, the message fails SPF authentication and thus receive a spam score.

There are no specific rules about how to treat an email failing an spf check. Different providers (MTA’s) will apply different rules, some will just give it a spam score and some will reject the email altogether.

Why it matters: An SPF-protected domain is less attractive to phishers, and is, therefore, less likely to be blacklisted by spam filters, ensuring legitimate email from that domain is delivered.

Your SPF records must cover all servers/IP’s that will send mail for your domain. You can use the SPF wizard to create your SPF record.

Backlist Monitoring

is your domain blacklisted
Is your domain blacklisted

Blacklists are another common issue that most website owners are not aware of. Server IP addresses and domain names often get blacklisted due to sending spam, which results in your emails being blocked.

Most mail servers (MTA) will be set to check a number of blacklists for each incoming email, and if either the sending MTA or domain is on any of those blacklists, this will increase the spam score. Different providers will use different blacklists and apply different scores.

This is a common problem for hosting providers, especially where everything related to your domain is hosted on the same server, which is the setup for most hosts.

So if any other customer on the same server is sending out spam, or their website gets hacked, then this will affect your domain reputation as well.

I recommend that you setup blacklist monitoring for your domain in order to keep tabs on this problem.

There are a ton of blacklist monitoring services out there, but the ones I use are MX Toolbox and Hetrix Tools.

This is one reason why I do not recommend to use your web server for sending email, instead use an external service (see below).

Use external SMTP relay service

SMTP Relay Services

Due to the reasons mentioned above, and for general email reliability and business continuity, I generally recommend separating your email from your website hosting and using an external email provider such as Google G Suite or at the very least an SMTP relay service for your website email.

There are several SMTP plugins available for WordPress which make this extremely easy.

If you choose to send through SMTP using your an email account that is hosted on the same server as your website, this may not solve your problem due to the reasons mentioned above.

Gmail or G Suite

If you use Gmail or g suite, then you can use this account for relaying email from your website too. However you should be aware of the following caveats.

  • The Gmail sending limit is about 100-150 emails per day via SMTP. The limit via the Gmail interface is 500 per day.
  • The limit for G Suite accounts is 2000 emails per day, which is more than enough for most sites. See here for more details.
  • If you use your own email account to send smtp mail, remember that changing your email password, this will break outgoing email from your website, so you must remember to also change it on your website too. It is better to have a separate email account just for sending email from the website.

If you are a G Suite customer, then you can also use their SMTP relay service instead, which would be preferable.

If you use WordPress then I suggest using the gmail-smtp plugin, which uses OAuth to send emails instead of authenticating with your username and password, which solves a number of issues, including the one mentioned above.

Mailgun

Mailgun is a popular solution, as they allow up to 10,000 emails per month for free, which is more than enough for most websites. You also lots of advanced features such as mailing lists, tracking, bounce processing, logs, analytics and more.

As with any bulk email relay service, they are sending millions of emails per hour, and their IP’s do get blacklisted, which can cause some issues as they do not do a brilliant job of monitoring the blacklists and getting IP’s removed.

However they do have the option of a dedicated IP address if you are willing to pay, which means you are the only domain sending email from that IP address, so the only person that can get you blacklisted is you.

Other SMTP Relays

There are a ton of other SMTP relay providers out there to choose from such as Sendgrid, sendinblue, mailchannels, smtpauth etc, depending on your requirements and budget. Just do a Google search and take your pick.

If you need any help with email authentication, blacklist removal, mailing lists or anything mentioned here, feel free to get in touch.

%d bloggers like this: