Part of my main job is to run and maintain WordPress installations and with it also all its ins and outs. Clients I recently started working with – were complaining that emails send from their website were not send correctly. Google has put them in spam.
Well – who is running a mailserver and some websites knows that google is very sensitive when it comes to emails.
What’s the difference between using just WordPress and its emails and using a real SMTP?
Well, emails send via the default WordPress setup will be send via PHPMail. Which is a fantastic tool to run lots of cool things – but it can cause your emails to be send straight into spam instead of the inbox. PHPMail sends emails using a script into the internet instead of straight to the correct provider. (MX Record)
I could setup a script on my site to send emails pretending to originate from a completely different website and feed it with thousands of email accounts and abuse it for spam and so can others do with my domain – when a minimum of DNS records are not set or not set correctly.
Using a real SMTP Mailbox does things different. Sending a mail from a real SMTP box will sent the email using a real MTA (MailTransportAgent) thus you can expect a correct email header. The MTA communicates directly with the receiving MTA. The receiving MTA is given the opportunity to verify your Email header and your DNS records. When all things are fine, the receiving MTA will tell your MTA that the mail is cool and has been accepted.
DNS records you should set at least for your domain are: MX Record, SPF Record. The MX record tells everyone which mail server is in charge to handle your incoming emails and the SPF record tells the receiving MTA which IP’s and or domains are allowed to send out emails using your domain. Plus you have to make sure the SMTP you are using has a correct ReverseDNS entry.
Google for example, is very strict with emails. In case a record is not setup correctly it assumes one is abusing a domain and therefore it flags the mail as spam. Full stop.
Additionally you should use DKIM. DKIM signs every single email with a crypto key and when you send a mail to google, it will be able to check and verify the key that email has been signed with. In case something is wrong with the key google will not accept the mail. In case things are fine – it will be delivered straight in the inbox.
Now here you can have a look at my DNS settings for you to compare. In case you want to check and verify your own things, I can highly recommend using mxtoolbox.com.
Back to WordPress. Any WordPress setup I am in charge with – I supply it with a SMTP mailbox. Mails from a shop system like woocommerce will be send into the inbox instead of spam because it uses a real MTA, its header will get the DKIM signature, the receiving MTA can verify the signature, it checks if the mail came from a authorized mail server and its send using a real MTA. I’m using the plugin Easy WP SMTP for this.
Thanks for the image: https://pixabay.com/de/users/jackmac34-483877/