February 20, 2018 by Paul G. | Blog

Your WordPress site is NOT designed to send emails

Shield Image

Do you know how spam works?

If you do, then you’ll already know that you shouldn’t be using your WordPress site to deliver emails.

Wait… you are using your WordPress site to deliver emails?!

Then you need to keep reading.

How Email Deliverability & SPAM works

Smart, hard-working people have put together several mechanisms to ensure reliable email deliverability for everyone.

These systems help legitimate emails get to where they’re going, while making it easier to identify and thwart spammers.

Some of these mechanisms include:

  • Sender Policy Framework (SPF)
  • DKIM
  • DMARC

Spammers that send your daily subscription to the latest viagra promotions don’t/can’t typically use these technologies consistently, and so it’s easier to identify them as SPAM.

You may not have heard of any of these systems, but if you’re not using them, then…

Your WordPress site looks just like a SPAMMER, too

Then, one fine day, you set up a WordPress site on a random server on the internet (probably one shared by many other sites that are also sending emails).

You feel that your WordPress site is different. It should be able to send emails – WordPress has an email feature, afterall. Why would WordPress include an email function if it’s not meant to send emails?

But it seemed to work, because you got an email from your site… yay! You’re lucky, this time. But not all your emails will get through.

You’re on the clock. Any day now, email sent from your WordPress site can (and frankly, should) be marked as SPAM.

Why? Some questions to consider are:

  • Did you go through the process of indicating to email providers that emails sent from your WordPress site are legitimate?
  • Did you fire up a WordPress site not knowing that there’s more to do?
  • Is what you did any different to what email spammers do?
  • What’s to stop someone else from setting up a separate WordPress site and sending emails using your domain name?
  • Why is your website any more legitimate than mine at sending emails from your domain?

Likely answers are:

  • Probably not.
  • Probably, yes.
  • No.
  • Nothing.
  • It’s not.

I don’t know you personally, but I have a feeling you’re not famous… yet (we all have our fingers crossed for you). That means that most email servers haven’t ever heard of you either.

At any time they choose, they can, and will, start marking your email as spam. Or better yet, just not delivering your email at all.

So you have several options to try to fix this:

  1. write a strongly worded email to all email servers in the land letting them know you’re really, really important
  2. write a scathing email to a WP plugin developer letting them know their plugin is terrible because you don’t receive emails you’re expecting.
  3. configure your email-sending domain DNS properly, so as to reliably send emails from your WordPress site representing your domain.
  4. use a 3rd party email service to deliver emails sent from your WordPress site (you’ll still need to configure your email-sending domain DNS)

Hopefully you can see that only the 3rd and 4th options are viable steps forward. Though we have evidence to show that not everybody thinks like you do …

I’m still not convinced. I still get email from my sites with no problems.

As I said earlier, you’re on the clock.

It might not be today, and it might not be tomorrow. It might not even be all of your emails.

Don’t worry – this is a common problem and you’re not alone in experiencing this pain.

Here, see for yourself

Okay, got it. So what can I do to more reliably send emails from my WordPress site?

By now we’ve established:

  • Email deliverability (i.e. legitimate email is not blocked/filtered out as spam) relies on indicators that state your email is legitimate.
  • Setting up a WordPress site isn’t enough to deliver reliable emails.

The only solution to move forward is to put in-place those “indicators” we mentioned earlier – i.e. indicators that tell email servers that email sent from your WordPress site is legitimate.

You have 1 of 2 options (as mentioned above):

  1. use a 3rd party email provider and configure these indicators with them.
  2. configure these indicators for your WordPress site hosting.

We highly recommend the 1st option – using a 3rd party email provider.

We’ve mentioned this in the past with MandrillApp (and Mailgun) and we have a guide here that outlines how to setup Mailgun for your domain and WordPress site.

In the strongest possible terms, we recommend everybody use a dedicated, 3rd party email service provider.

There’s no good reason not to, as prices range from completely free, all the way up to ‘cheap-as-chips’.

I don’t want to use 3rd party service providers for email

Then your other option is to configure your WordPress site for legitimate email delivery.

That’s a bigger topic than we can address in this article so we’ll talk about another time.

In Summary

WordPress websites in and of themselves are not suitable for reliable email delivery. There is much more that goes into the sending and delivery of email than just creating a WordPress site and using it.

If you’re relying on the emails sent from your WordPress website in any way, you need to configure your server as a reliable email sender for your domain.

If you do not do this, you are leaving your email delivery to chance.

If you’ve any comments or suggestions, please let us know below.

Hello dear reader!

If you want to level-up your WordPress security with ShieldPRO, click to get started today. (risk-free, with our no-quibble 14-day satisfaction promise!)

You'll get all PRO features, including AI Malware Scanning, WP Config File Protection, Plugin and Theme File Guard, import/export, exclusive customer support, and much, much more.

We'd be honoured to have you as a member, and look forward to serving you during your journey towards powerful, WordPress security.

Try ShieldPRO Today →

ShieldPRO Testimonials
@dwmr-director's Gravatar @dwmr-director

Simple is as Simple does

I like the simplicity of the tool and it’s reporting capabilities. I had a web developer put up our website on the 11/25/15 and by 11/28/15, it had been hacked by a brute force attack. The developer was building a new site for us and unbelievably put our site up…

@tofikhd's Gravatar @tofikhd

Very Useful Plugins

Thanks to the author. You guys make my task more easier and faster. This is absolutely a must installed plugins for any WordPress user.

@ukemeedet's Gravatar @ukemeedet

awesome

It does what is says it does.Favorite part is hiding my admin login directory-wp-admin.Simply awesome

@gmusso's Gravatar @gmusso

Great !

Esy to run. it’s doing it’s job.

Comments (3)

    I have learn so much with you guys, live longer and prosper my friends.

    Reply

    Thanks for sharing such great information with us.

    Reply

    thanks for share the plugin

    Reply

Leave a Comment

Your email address will not be published. Required fields are marked *

Main Sections

Related Stories

Shield Image
Sep 29, 2021 by Paul G.

Improve Your WordPress Website’s Performance with Image Optimization

Read More →
Shield Image
Apr 08, 2019 by Paul G.

The Bot Signals That Help You Track And Block Bad Bots

Read More →
Shield Image
Feb 20, 2023 by Paul G.

WP Shield Security PRO – Release 17.0

Read More →
Click to access the login or register cheese