Skip to main content
Pofii
Log In

WordPress SMTP Setup (No Spam, No Headaches)

eCommerce
9 months ago
0
0
0
Emma Collins
Author
Emma Collins

If your WordPress emails land in spam or never arrive (orders, resets, contact forms), you need a real mail sender—not PHP mail(). This guide shows how to wire WordPress to a transactional email service via SMTP or API, align your domain, and test the result. It’s fast, safe, and works with WooCommerce.

Pick the right sender (before you touch plugins)

Use your own domain

Send from [email protected] (or a mail subdomain like [email protected]). Avoid free webmail senders.

Choose a transactional provider

Any reputable ESP is fine (Postmark, Mailgun, SendGrid, SES, etc.). You’ll get SMTP credentials and/or an API key.

Authenticate the domain (non-negotiable)

Add SPF, DKIM, and DMARC DNS records for your sender. This is what inboxes trust. Full, plain-English setup here:
Email Deliverability for Stores: SPF, DKIM, DMARC

Tip: Use a mail subdomain (mg.yourstore.com). It keeps mail reputation separate from your main domain.

Option A: SMTP plugin setup (simple & effective)

Step 1: Install a mail plugin

Use a lightweight SMTP plugin (e.g., WP Mail SMTP or Post SMTP). Activate it.

Step 2: Enter SMTP credentials

  • SMTP host: from your ESP (e.g., smtp.sendprovider.com)
  • Port: 587 (TLS/STARTTLS) is the safe default; 465 for SSL if required
  • Auth: On (username = full email or provided username; password = SMTP/API password)
  • From email: your domain address (e.g., [email protected])
  • From name: your brand (e.g., Pofii)
  • Force From: enable, so plugins don’t override it

Step 3: Encryption & timeouts

  • Use TLS/STARTTLS on 587
  • Timeout 10–20s to avoid false failures on slow networks

Step 4: Send a test

The plugin’s “Email Test” should show SPF/DKIM/DMARC: PASS in the message headers (see testing section below).

Many ESPs offer WordPress plugins or integrations that send mail via HTTPS API instead of SMTP. Benefits: fewer firewall issues, faster, more reliable.

Steps

  1. Generate an API key in your ESP dashboard.
  2. Install your ESP’s official plugin or a generic “provider” add-on.
  3. Paste the API key; select your From email (use your authenticated domain).
  4. Send a test.

If your ESP supports both, start with API; fall back to SMTP only if needed.

Wire WooCommerce and forms (so the right emails send)

WooCommerce email settings

  • WooCommerce → Settings → Emails: set From name and From address to your domain sender.
  • Preview the “New Order” and “Customer Processing Order” templates; tweak if needed.

Forms (Contact, Quote, Support)

  • Set form notifications to your domain sender as the “From” and the customer as Reply-To.
  • This avoids “spoofing” the visitor’s address, which fails DMARC.

DMARC alignment & real-world testing (5 minutes)

Send to Gmail and Outlook, then open the original

Look for Authentication-Results in headers:

  • SPF: PASS (domain matches your Return-Path or envelope From)
  • DKIM: PASS (signed by your domain/subdomain)
  • DMARC: PASS (alignment: either SPF or DKIM matches your visible From domain)

If DMARC fails, revisit the DNS setup here:
SPF, DKIM & DMARC guide

Troubleshooting (copy/paste fixes)

“Could not connect / timed out”

  • Port 587/TLS first. If blocked, try 465/SSL.
  • Check host firewall rules; some servers block outbound SMTP except to allow-listed hosts.

“535 Authentication failed”

  • Wrong user/pass or you’re using your login password instead of an SMTP/API password.
  • Reset the SMTP password in the ESP dashboard.

“550/554 rejected / SPF or DMARC fail”

  • Your From address must be on the authenticated domain.
  • Don’t let forms send as the visitor’s email; use Reply-To instead.

Duplicates or missing emails from plugins

  • Disable overlapping mailers (don’t run two SMTP plugins).
  • Some security plugins throttle email—whitelist wp_mail() calls or your SMTP host.

Performance & reliability tips

  • API if possible, SMTP if not.
  • Keep the SMTP/API plugin lightweight; no huge mail logs on production.
  • If you use a CDN/DNS proxy, remember mail auth lives in DNS. The guidance here helps:
    Cloudflare: Get Maximum Out of It
  • Secure login endpoints (rate limits, CAPTCHA after failures) so bots don’t create CPU spikes that delay sending:
    WordPress Security Hardening

Minimal checklist (2 minutes)

  • Use orders@yourdomain (or @mg.yourdomain) as the From
  • Add SPF + DKIM + DMARC for that domain
  • Configure SMTP (587/TLS) or API in your plugin
  • WooCommerce & forms use domain From + customer as Reply-To
  • Test Gmail/Outlook → SPF/DKIM/DMARC: PASS
  • Monitor bounces; fix alignment before turning DMARC to p=reject

FAQ

SMTP or API—what’s better?
API is usually faster and more reliable. Use SMTP when your provider lacks a good API plugin.

Do I need BIMI for a logo in inbox?
Nice to have, not required. Ship SPF/DKIM/DMARC first.

Can Cloudflare break email?
Email auth is DNS-based. Just add TXT/CNAME at your DNS host. Proxying web traffic doesn’t change SMTP/API sending.

Do I need a second domain for mail?
Not required, but a mail subdomain (e.g., mg.yourstore.com) is a clean practice.

Final word (and a speed note)

Once SMTP/API is set and your domain is authenticated, WordPress emails become dependable. On Pofii’s Pofii-Tuned LiteSpeed stack your site is already quick; pairing that speed with proper deliverability means orders, resets, and support emails just work.

Related guides:

Related Tags:
5 min read
Share this post:

0 comments

Leave a Comment

Please, enter your comment.
Please, enter your name.
Please, provide a valid email address.
Enjoy this post? Join our newsletter
Don’t forget to share it

Related Articles

All posts