A common issue faced by WordPress website owners is emails not sending properly. Often seen with contact-forms, email notifications or password resets etc, this problem can cause significant and frustrating issues to your business.
Generally it is not a problem on the server that hosts your website. When an email is sent, it leaves the server your site is hosted on and is routed and processed through many other mail systems before it reaches the intended recipient. There is no foolproof way of telling if your mail lands in the recipients mailbox.
These mail systems that route your mail impose very strict standards on allowing your mail to pass through their systems. These strict standards is a way of controlling the emails they receive as a way to combat spam, spoofing, and phishing emails. Due to the huge increase in email based crime these systems do their best but it does mean that sometimes legitimate emails get caught up in the system. So the onus is on the sender of the email to go to extra effort to add stricter control at their end to improve mail delivery.
Why isn’t WordPress sending emails
It may not even be a WordPress issue. Your DNS records for your domain play a major part in the deliverability of your emails. Furthermore, if you have installed a basic WordPress site and not given any particular attention to the mail settings in WordPress, the chances of issues are quite high. These are the most common reasons:
- Email authentication. Your domains settings are not configured for optimal email authentication and verification
- WordPress Email Configuration. Your email configuration in WordPress is not configured correctly
- WordPress Email Optimisation. Your email configuration in WordPress is not configured optimally
1. Email authentication
Over the years mail has been the number one tool to facilitate cyber based crime. Called email spam, spoofing, and phishing, hackers impersonate and hijack other peoples domain names. In other words they forge emails coming from your domain. To combat this, mail providers are using increasingly complex methods and tools to control mail as it gets routed through their systems. The most common control method is email authentication. Think of email authentication as a digital signature for your domain, put in place to protect your brand, identity, content, and reputation which is very hard to spoof.
To implement email authentication you have to take some extra steps in configuring your domains DNS records so that when you send mail from your domain, you provide additional information in the headers of your email. This additional information can then be checked and verified to prove it came from an authorized mail server or IP address associated with your domain.
While this authentication is not mandatory, it means that your mail has a much better chance of reaching your recipient’s mailbox. The most common authentication tools used today are, SPF, DKIM and DMARC.
Sender Policy Framework (SPF)
SPF is a form of email authentication that defines a process to validate an email message that has been sent from an authorized mail server in order to detect forgery and to prevent spam. The owner of a domain can identify exactly which mail servers they are able to send from with SPF protocols. Google has some good information about setting up SPF.
DomainKeys Identified Mail (DKIM)
DKIM is a form of email authentication that allows an organization to claim responsibility for a message in a way that can be validated by the recipient. DKIM uses “public key cryptography” to verify that an email message was sent from an authorized mail server, in order to detect forgery and to prevent delivery of harmful email like spam. Google has some good information about setting up DKIM.
Domain-Based Message Authentication Reporting and Conformance (DMARC)
DMARC is an added authentication method that uses both SPF and DKIM adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email. Google has some good information about setting up DMARC.
While these may not be easy to configure, the effort of setting them up however, is well worth the investment. You also need a good understanding of how they inter-relate and complement each other with their protective features.
2. WordPress Email Configuration
By default WordPress installation use the build in PHP mail() function. These days its often not enough to rely on for optimal mail delivery.
Once you have all the authentication setup correctly, its a good idea to run a test on your WordPress site with the free Check Email plugin. This is a basic plugin designed to test if your WordPress installation and/or server can send emails.
Once installed, go to Tools > Check Email in your WordPress dashboard. Enter in an email address to send a test to, and click on Send test email. Check your email client to see if you received the test email. The subject line will appear as Test email from https://yourdomain.com.
If you have not received the email then you need to diagnose the issue. Follow theses steps as a guide.
- If your site is hosted on cPanel, login to your cPanel account and navigate to Track Delivery. This gives you a report about email message deliveries from your account. Tracing the route of the test email you sent can help you find delivery problems if they were sent successfully or not. If your mail was not sent, then details about the problem will be shown here.
- If your email looks to be sent OK from your cPanel account, and you cannot find it in your inbox, it indicates a problem with the recipients mail server. You really have no option here but to work with the recipients mail server administrator because only they will know why your mail has not been delivered to your mailbox.
Be sure to check your spam or junk mail folder. If you still aren’t receiving emails, this means it is most likely a misconfiguration with your WordPress plugins or an incompatibility with other plugins.
3. WordPress Email Optimisation
If you’ve run all the tests above then its likely to be a problem with the plugin that’s sending emails from your WordPress site. Each plugin works differently on WordPress, and if you use multiple plugins, they all have to play nicely with each other, but this is not always the case. As plugins evolve and get updated, they may cause issues with other plugins. So a good understanding of each of your plugins and dhow they are configured is vital.
Configuration issues with plugins that send emails can be the cause of some issues. If not configured optimally emails, may be flagged as suspicious or spoofing by clients. For instance contact form plugins often rewrite the address of the From: field or modify other fields which may be treated suspicious. Below is a list of commonly used contact form plugins.
Lastly, your emails may very well be fine but still treated as suspicious for the following reasons.
- Your WordPress site may be sending too much emails. Many mail providers look at the volume and frequency of of incoming emails. If they deem that you are sending too much mail they will flag your mail as suspicious and take evasive action.
- The content of your mail could cause issues. Often providers mail systems look at the content or body of your email, and if you use a certain words, or a combination of words it may resemble spear-phishing flagged as suspicious. These systems are far from perfect and often get it wrong often.
Transactional Email
If you really want to take email delivery seriously, then you must consider a transnational email solution. Transactional email offloads your mail delivery to a third party mail provider dedicated and focused on mail delivery. It requires a WordPress plugin that takes control of your WordPress mail sending function without the use of mail servers or SMTP. The plugin communicates via an API to your transactional email provider, who manage the delivery.
Apart from better email delivery you can review the emails that are being sent out, and see if they are being opened and/or clicked. If an email has failed they provide an easy way to resend it.
While there are many providers we generally use Mailgun or SendGrid. Both work well and have some different features.
Mailgun
Mailgun bills itself as “the email service for developers.” It offers both SMTP relay functionality and API integration options. The platform offers some of the best tools in the field for email validation too, which helps improve deliverability.
SendGrid
SendGrid is a platform that offers a great mix of features. With SendGrid, you also get to choose between using SMTP relay or the platform’s API. SendGrid also has a powerful set of tools for email marketing design and customization.
The processes of configuring either of these is very similar when using the API integration. However, Mailgun’s interface is arguably the more user-friendly option.
