Messages going to SPAM? See how to configure WP Mail SMTP, FluentSMTP, and correct DNS records in 2026.
EN

WordPress not sending emails? The definitive guide to SMTP, spf, and dkim (2026)

5.00 /5 - (22 votes )
Last verified: March 1, 2026
Experience: 5+ years experience
Table of Contents

The scenario is always the same: You launch a new site, install Contact Form 7 (or Elementor Forms), fill out a test form, see the green “Sent successfully” message… and silence. The email never arrives, or it lands in SPAM.

In 2026, Email Deliverability is one of the biggest challenges. The spam filters of Gmail, Outlook, and Yahoo are ruthless.

In this guide, I will explain why the default WordPress configuration is broken and how to fix it once and for all using professional tools.

Why doesn’t PHP mail() work?

By default, WordPress uses the ancient PHP function mail(). It works like this:

  1. WordPress tells the server (e.g., Apache/Nginx): “Send this text to the admin”.
  2. The server sends the email “from itself”, often using an address like wordpress@your-server.hosting.com.

The Main Problem: Lack of Identity (Spoofing) Your domain is mycompany.com, but the email technically leaves from server s123.hostingprovider.net. To Gmail, this looks suspicious: “Someone is impersonating the company but sending from a strange hosting server”.

Result? Bounce or SPAM Folder.

Step 1: Install an SMTP plugin

You must force WordPress to log in to a real mailbox, just like your email client (Outlook/Thunderbird) on your phone does.

  1. FluentSMTP (Free & Best) Lightweight, fast, has email logs, and supports native APIs (more on that in a moment). No paid version, everything is free.

  2. WP Mail SMTP (Most Popular) Market standard. The free version is enough for basic SMTP.

Configuration (data from hosting):

Log in to your hosting panel and find the details:

  • SMTP Server (Host): e.g., smtp.gmail.com, mail.yourdomain.com
  • Port: 465 (SSL) or 587 (TLS). Avoid port 25!
  • Authentication: Yes.
  • Login: Your full email address (e.g., notifications@yourdomain.com).
  • Password: Password for this mailbox.

After configuration, send a test email from the plugin. If it passes – you’re halfway there.

Step 2: Domain authentication (DNS)

This is the most important part that 90% of implementers forget. Sending via SMTP alone is not enough. You must prove to the world that this server has the right to send emails on your behalf.

You do this by adding TXT records in your domain’s DNS zone (e.g., in Cloudflare, GoDaddy, Namecheap).

1. Spf (sender policy framework)

Says: “Only these IP addresses can send emails from this domain”.

Example TXT record:

v=spf1 include:_spf.google.com include:spf.hostingprovider.com -all
  • include – you authorize Google and your hosting.
  • -all (minus all) – hard fail. Any other server should be rejected.

2. Dkim (domainkeys identified mail)

This is a digital signature for messages. The mail server “stamps” each email with a private key, and the recipient checks it with a public key from DNS.

You generate the DKIM key in your email hosting panel. TXT Record: usually named default._domainkey and contains a long string like v=DKIM1; k=rsa; p=MIIBIjANBgkqh....

3. Dmarc (domain-based message authentication)

This is an instruction for Gmail on what to do when SPF or DKIM fail. In 2026, Gmail and Yahoo require DMARC for large senders.

Basic TXT record for _dmarc:

v=DMARC1; p=none; rua=mailto:admin@yourdomain.com
  • p=none – initially just monitor, don’t block.
  • p=quarantine – put in spam.
  • p=reject – reject completely (the ultimate goal).

Step 3: SMTP vs API (why API wins?)

Sending via standard SMTP (login/password) has downsides:

  1. Slowness: SMTP is a “chatty” protocol. Sending an email takes 1-3 seconds.
  2. Password Lockout: If you change the mailbox password, the site stops sending emails.
  3. Limits: Standard hosts have limits, e.g., 500 emails/day.

Solution: Transactional email services (API)

Instead of a regular mailbox, use a dedicated service for “transactional emails” (notifications, password resets, orders). You connect via HTTP API (instant) instead of SMTP.

Best Providers in 2026:

  1. Brevo (formerly Sendinblue): Good free limits (300/day).
  2. Postmark: Highest deliverability, but paid.
  3. MailerSend: Great free plan.
  4. Amazon SES: Cheapest, but hard to configure.

The FluentSMTP plugin supports these APIs natively. Just paste the API Key and you’re done.

How to test deliverability?

Don’t guess. Use Mail-Tester.com.

  1. Go to the site, copy the weird email address.
  2. Send an email to it from your WordPress site.
  3. Check the result (Score).

If you have less than 9/10, read the report. It usually shows missing SPF, DKIM, or Blacklist presence.

Contact form 7 – Specific issues

CF7 has its quirks.

  1. “From” Field: Must contain an address in YOUR domain!
    • WRONG: [your-email] (You cannot send “as the customer”).
    • RIGHT: Notifications <no-reply@mycompany.com>
  2. “Additional Headers” Field:
    • Put this here: Reply-To: [your-email]. This way, when you click “Reply”, the email goes to the customer.

Summary

The battle for email deliverability is an ongoing process. you cannot rely on php mail(). Professional minimum kit:

  1. SMTP Plugin (FluentSMTP).
  2. External API Provider (Brevo/MailerSend) OR correct Hosting SMTP.
  3. Full DNS records: SPF, DKIM, and DMARC.

Only this gives you the assurance that a quote request from a client won’t get lost in the digital abyss.

Article FAQ

Frequently Asked Questions

Practical answers to apply the topic in real execution.

SEO-ready GEO-ready AEO-ready 5 Q&A

Popular questions

Why does WordPress email go to SPAM? How do I fix WordPress email deliverability? What's the best SMTP plugin for WordPress? Do I need a transactional email service? Can I use Gmail for WordPress emails?
Why does WordPress email go to SPAM?
#
WordPress uses PHP mail() which lacks proper authentication. Emails from shared servers have poor IP reputation and no SPF/DKIM/DMARC records. Gmail and other providers reject these as spam.
How do I fix WordPress email deliverability?
#
Install an SMTP plugin like FluentSMTP, configure proper authentication with your email provider, add SPF/DKIM/DMARC DNS records, and use a dedicated email address from your domain instead of the server's default address.
What's the best SMTP plugin for WordPress?
#
FluentSMTP is the best choice in 2026 - lightweight, free version with excellent email logging, supports native APIs for Brevo/MailerSend, and handles complex authentication scenarios. WP Mail SMTP is the most popular alternative.
Do I need a transactional email service?
#
For high-volume sites (>100 emails/day), use Brevo, Postmark, or Mailgun. For standard WordPress notifications (comments, forms), FluentSMTP free plan handles up to 300 emails/month perfectly.
Can I use Gmail for WordPress emails?
#
Gmail SMTP is not recommended for production sites. It has strict sending limits (500/day), inconsistent policies, and Google may suspend accounts for "bulk" sending even if legitimate WordPress notifications.

Need an FAQ tailored to your industry and market? We can build one aligned with your business goals.

Let’s discuss

Related Articles

Exhaustive comparison of WordPress hosting architectures in 2026. Learn when to choose Cloud, Edge, or Managed Traditional hosting for enterprise.
hosting

WordPress hosting for 2026: Cloud vs. Edge vs. Traditional hosting compared

Choosing the right server architecture in 2026 is a multi-million dollar decision. This 2000+ word guide compares Cloud, Edge, and Traditional hosting.

How to alternate background colors in an ACF Repeater loop? Using $i % 2 variable to add CSS classes dynamically.
development

ACF repeater fields - How to style unique rows?

Developers guide: Mastering the ACF loop. How to use PHP modulo operator to create "Zebra" striping or unique styles for specific rows.

Use $wp_filter global variable to debug actions and filters. See priorities and callback functions instantly.
development

How to debug WordPress hooks? (List all actions/Filters)

Developers nightmare: 'Which plugin hooked into the_content and broke my layout?'. A snippet to list all hooked functions for any hook.