Table of contents
WordPress sends email through the PHP mail() function by default — unauthenticated mail that Gmail, Yahoo, and Outlook increasingly junk or reject. The fix takes about 15 minutes: install a free SMTP plugin (FluentSMTP or WP Mail SMTP), connect it to an email service like Brevo, and your password resets, contact form messages, and order confirmations start landing in the inbox again.
Your WordPress site sends more email than you probably realize: password resets, new-user notifications, contact form submissions, comment alerts, WooCommerce order confirmations. And out of the box, a frightening number of those messages never arrive.
This guide explains what SMTP is in plain English, why WordPress email fails so often, and exactly how to fix it — for free.
What is SMTP, in plain English?
SMTP stands for Simple Mail Transfer Protocol. It's the set of rules mail servers use to hand email to each other — the postal system of the internet. When you hit send in Gmail, your message travels over SMTP through Google's mail servers to the recipient's mail server.
When people say a WordPress site "needs SMTP," they mean something specific: instead of letting your web server fling out unauthenticated messages, you install a plugin that routes every email WordPress generates through a real, authenticated mail server — Gmail's, Brevo's, your email host's. The receiving end can then verify the message is legitimate, and it gets delivered instead of trashed.
Why WordPress emails go missing or land in spam
By default, WordPress sends mail with the PHP mail() function (via wp_mail()). That means the email comes directly from your web server — a machine built to serve pages, not send mail. Three things go wrong:
- No authentication. Your web server usually isn't listed as an authorized sender for your domain, so messages fail SPF, DKIM, and DMARC checks (more on those below). To Gmail, an unauthenticated email claiming to be from your domain looks exactly like a phishing attempt.
- Shared-server reputation. On shared hosting, hundreds of sites send mail from the same IP address. If any of them spams, the IP gets blocklisted — and your perfectly legitimate password-reset emails go down with it.
- Hosts disable it entirely. Many managed WordPress hosts block or throttle PHP
mail()because of the abuse problem, so some emails are silently never sent at all.
In February 2024, Google and Yahoo began enforcing new sender requirements: mail must pass SPF or DKIM at minimum, and bulk senders must have SPF, DKIM, and a DMARC policy in place. Enforcement has only tightened since — non-compliant mail now faces outright rejection, not just the spam folder. Unauthenticated WordPress email went from "unreliable" to "effectively undeliverable."
SPF, DKIM, and DMARC — explained simply
These three acronyms are the heart of email authentication. You don't need to be a sysadmin to understand them:
- SPF (Sender Policy Framework) is a public list of servers allowed to send email for your domain — like a guest list at the door. If mail arrives from a server that isn't on the list, receivers get suspicious.
- DKIM (DomainKeys Identified Mail) is a tamper-proof digital signature added to each message — like a wax seal on a letter. It proves the email really came from your domain and wasn't altered in transit.
- DMARC (Domain-based Message Authentication, Reporting & Conformance) is your published instruction for what receivers should do when a message fails SPF and DKIM — deliver it anyway, quarantine it, or reject it. It also requires the visible "From" address to align with the domain that passed authentication.
Here's the key insight: when you route WordPress mail through a proper SMTP service, the service handles most of this for you. During setup, providers like Brevo walk you through adding a couple of DNS records that put their servers on your guest list (SPF) and enable the wax seal (DKIM). That's the moment your deliverability problem actually gets solved.
Choosing an SMTP plugin: an honest comparison
An SMTP plugin doesn't send email itself — it intercepts everything WordPress tries to send and hands it to the mail service you connect. Three plugins dominate in 2026, and all three do the core job well:
- FluentSMTP — completely free, with no Pro version or upsells. Includes email logging, multiple simultaneous connections (route different "From" addresses through different providers), and automatic failover. Supports Brevo, Gmail/Google Workspace, Outlook, Amazon SES, SMTP2GO, and generic SMTP. The best pick if you want everything free.
- WP Mail SMTP — the most-installed SMTP plugin in the world. The free Lite version has a polished setup wizard, 15+ mailers, and a test button; email logging, backup connections, and alerts are Pro (paid) features. The safest pick if you value the biggest ecosystem and don't mind paying for logs.
- Post SMTP — a strong middle ground: free email logging, delivery-failure alerts, and resend from the log. Popular with developers and agencies who diagnose delivery problems for clients.

We use FluentSMTP on our own sites and on client sites: the features that cost money elsewhere — logging, failover, multi-provider routing — are simply included, and the developers have committed to keeping it free.
Which email service should you connect it to?
The plugin is only half the equation — you also need a mail service to actually deliver the messages. Free options that hold up in 2026:
- Brevo (formerly Sendinblue) — the most generous long-standing free tier, allowing hundreds of emails per day. Our default recommendation for small sites.
- Gmail / Google Workspace — connect via OAuth or an app password. Fine for low-volume sites, and the mail comes from infrastructure Gmail obviously trusts. Daily sending limits apply, and Google accounts aren't designed as transactional mail pipes, so treat it as a small-site solution.
- SMTP2GO — a dedicated delivery service with a genuinely free plan and a reputation for painless setup and good deliverability.
- Your email host's SMTP server — if your domain email lives at your web host or Microsoft 365, you can often use its SMTP credentials directly. Works, but dedicated services usually deliver better and give you logs.
Free-tier limits change, but every service above comfortably covers a typical small site's transactional email — password resets and form notifications rarely exceed a few dozen messages a day. If you send newsletters to thousands of subscribers, that's a different job: use a proper email marketing platform, not your WordPress site.
How to set up SMTP in WordPress
The exact screens differ per plugin and mailer, but the flow is the same everywhere. Here's the general walkthrough:
From your dashboard, go to Plugins → Add New Plugin and search for FluentSMTP (or WP Mail SMTP). Click Install Now, then Activate. New to this? See our guide to installing a WordPress plugin.
Open the plugin's settings — FluentSMTP appears under Settings → FluentSMTP — and pick the service you'll send through: Brevo, Gmail, SMTP2GO, or "Other SMTP" for generic credentials. If you haven't already, create a free account with your chosen service first.
In your mail service's dashboard, verify your domain by adding the DNS records it gives you (this is the SPF/DKIM step — usually two or three copy-paste records at your domain registrar). Then copy the API key or SMTP credentials into the plugin. Set the From email to an address on your own domain, like noreply@yoursite.com — free addresses like @gmail.com in the From field will fail DMARC alignment.
Every SMTP plugin has a test tab — enter your address, hit send, and check that it arrives in your inbox, not spam. If it does, you're done: every email WordPress generates now flows through your authenticated service. If it fails, the plugin's error message (or email log) tells you exactly why — usually a typo'd credential or a DNS record that hasn't propagated yet.
Deliverability isn't the only reason emails "disappear" — sometimes WordPress is faithfully sending notifications to an inbox nobody checks. Take a minute to confirm your WordPress admin email address is one you actually read.
Test it where it matters
After the test email succeeds, exercise the real flows: submit your Contact Form 7 or other contact form, trigger a password reset, and place a test order if you run WooCommerce. Send to a Gmail address and a Yahoo or Outlook address if you can — those are the strict ones. With an SMTP plugin that logs email (FluentSMTP and Post SMTP do this free), you also get a permanent record of every message your site sends, which turns "did the email go out?" from a mystery into a ten-second lookup.
Fifteen minutes of setup, and the emails your site depends on start arriving again. If you'd rather have someone configure SMTP for you — or sort out a stubborn DNS record — that's exactly the kind of thing we help with in a tutoring session.


Leave a comment