Even though the default WordPress wp_mail function has been a staple for years, mail clients are not as accepting as they used to be. Now, messages from your WordPress website are starting to get marked as spam, dangerous (phishing), or even not being delivered at all.
The immediate fix to WordPress email deliverability issues is to make sure you are using contact form best practices. The more long-term approach is to get off of PHP mail and use SMTP and Custom Domain Authentication through an email service provider. Many web hosts have this built-in.
Custom Domain Authentication is important. By default, emails from your site come from your host’s server and not your domain. Therefore, your email provider, like Gmail, will warn users that the email sent from field does not match where it actually came from. Furthermore, Gmail will also show images by default on authenticated senders.
Table of Contents
What is SMTP?
SMTP means Simple Mail Transfer Protocol. This is a universal service for sending email, meaning it is widely used and accepted way more than a simple PHP library within WordPress.
By default, PHP mail within WordPress handles not only your account emails, but also contact forms, membership plugin emails, and WooCommerce transaction emails.
The default mailing service is great to start out with, but there are inherent problems with WordPress mail that require you to use SMTP. The biggest item here is security. WordPress just doesn’t have the security and authentication features by default to secure email and deliver reliably. On top of that, many hosts have email sending limits in order to fight spam.
Using a Mail Service Provider
Finding a mail service provider is easy enough. As we mentioned before, SMTP is widely used and there are many mail providers that offer mail services. When you use SMTP on your website, the mail function that is built into WordPress is replaced.
Flywheel, for example, uses Sendgrid. They allow their users to authenticate their email with SendGrid.
Any plan with Flywheel already has Sendgrid built into their plan.
Users just need to set up Custom Domain Authentication to set up the service. This is much easier to do than it sounds and you will be able to help fight spam, phishing, and more!
DNS Settings
Custom Domain Authentication is done through your registrar’s DNS section. Again, it is much easier than it sounds. You are just adding some text to your DNS settings, verifying settings, and that’s it.
Besides domain keys, you would also set up SPF (Sender Policy Framework) records here.
Any other systems that send emails on your behalf besides email services (like CRMs) would also be added to your domain’s DNS.
Contact Form Best Practices
Besides general email and domain setup, you also need to consider how your contact forms send email.
From Address
Your contact form should have the From field set to an address that matches your domain. Be sure to put the full email address here, as a shortcode like ‘[admin_email]’ or ‘{admin_email}’ would not translate. Shortcodes can still remain in the body.
Never ever use a free email provider address in your from field. They simply will not go through. And finally, do not use your from address as the form submitter.
Reply-to Address
Make sure your reply-to field is different from your from field. Having the same email address for both can cause messages to be flagged as spam depending on how spam checks are done.
Conclusion
That’s all for now. Authenticate your domain today!