InspectWP Logo
Fix Guide

How to configure WordPress email sending via SMTP

May 20, 2026

WordPress sends emails by default via the PHP function mail(), which uses the local sendmail binary of the web server. This approach has a delivery rate of around 60 to 80 percent because the messages lack SPF, DKIM and DMARC alignment, often come from shared IP addresses with bad reputation, and get filtered as spam by Gmail, Outlook and Apple Mail. Configuring SMTP (Simple Mail Transfer Protocol) routes WordPress mail through an authenticated mail server like Gmail, Microsoft 365, your own hosted SMTP relay or a transactional service such as SendGrid, Mailgun, Amazon SES, Postmark or Brevo. This raises delivery to over 99 percent and gives bounce tracking, open analytics and a clear log of every sent message.

Why does WordPress need SMTP instead of PHP mail()?

  • Authentication: SMTP servers require username and password, so the sender is verified. mail() sends without authentication.
  • SPF and DKIM: a dedicated SMTP provider signs outgoing mail with DKIM and is listed in your SPF record. Without these signatures, Gmail rejects mail since February 2024.
  • Reputation: shared web server IPs are often blacklisted on Spamhaus or Barracuda. Transactional services maintain clean dedicated IP pools.
  • Logging: SMTP plugins keep a log of every sent email so you see if password resets, WooCommerce order confirmations or contact form submissions actually went out.
  • TLS encryption: SMTP uses STARTTLS or implicit TLS on port 465, so credentials and message bodies are encrypted in transit.

What is the easiest way to set up SMTP in WordPress?

Install the free plugin WP Mail SMTP by WPForms (over 4 million active installations, 4.9 star rating with more than 4,000 reviews). Alternatives are FluentSMTP (free, over 400,000 installs, also supports Amazon SES and Sendinblue), Easy WP SMTP (over 500,000 installs) and Post SMTP Mailer (over 400,000 installs with built in email log and Gmail OAuth).

Which SMTP provider should I choose?

ProviderFree tierBest for
Brevo (Sendinblue)300 emails/daySmall sites, newsletters
SendGrid100 emails/day (Free plan, 2025)Developers, scaling SaaS
Mailgun100 emails/day on Flex trialTransactional, API first
Amazon SES62,000/month if sent from EC2High volume, cheapest at scale
Postmark100 emails/monthTransactional only, fastest delivery
Microsoft 365 SMTPIncluded in M365 planBusiness mail tied to your domain
Gmail SMTP500 recipients/day (free Gmail), 2000 (Workspace)Small business, low volume

Step by step: configure WP Mail SMTP with Brevo

  1. Sign up at brevo.com and verify your sender domain by adding the DKIM and Brevo code TXT records to your DNS.
  2. In Brevo go to SMTP and API » SMTP and generate an SMTP key. Note the server (smtp-relay.brevo.com), port (587) and login (your Brevo account email).
  3. In WordPress install and activate WP Mail SMTP.
  4. Open Settings » WP Mail SMTP » Settings.
  5. Set From Email to a verified domain address like noreply@yourdomain.com. Tick Force From Email.
  6. Set From Name to your site name and tick Force From Name.
  7. Choose mailer Brevo (or Other SMTP for manual entry).
  8. Enter SMTP host smtp-relay.brevo.com, port 587, encryption TLS, authentication on, username and the SMTP key as password.
  9. Click Save Settings.
  10. Open the Email Test tab, enter your address, send a test email and check the inbox.

How do I add SPF, DKIM and DMARC records?

Mail authentication requires three DNS records that your SMTP provider will give you exact values for:

# SPF (TXT record on yourdomain.com)
v=spf1 include:spf.brevo.com ~all

# DKIM (TXT record on mail._domainkey.yourdomain.com)
v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBi...

# DMARC (TXT record on _dmarc.yourdomain.com)
v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; pct=100

Start with DMARC policy p=none for at least two weeks to monitor reports, then move to p=quarantine and finally p=reject. Since February 2024, Gmail and Yahoo require a valid DMARC record for bulk senders (5,000+ messages per day to their domains).

Configure SMTP without a plugin via wp-config.php

If you do not want a plugin, you can override wp_mail() with the phpmailer_init action. Add this to your child theme functions.php or a small mu-plugin:

add_action('phpmailer_init', function ($phpmailer) {
    $phpmailer->isSMTP();
    $phpmailer->Host       = 'smtp-relay.brevo.com';
    $phpmailer->SMTPAuth   = true;
    $phpmailer->Port       = 587;
    $phpmailer->Username   = 'your-login@example.com';
    $phpmailer->Password   = defined('SMTP_PASS') ? SMTP_PASS : ';
    $phpmailer->SMTPSecure = 'tls';
    $phpmailer->From       = 'noreply@example.com';
    $phpmailer->FromName   = 'My Site';
});

Store the password in wp-config.php:

define('SMTP_PASS', 'xxxxxxxxxxxxxxxx');

Never commit credentials to the repository, never paste them into a public Pastebin or GitHub gist.

Use Gmail SMTP with App Password

  1. Enable 2 step verification on your Google account.
  2. Open myaccount.google.com/apppasswords and create an App Password named "WordPress".
  3. In WP Mail SMTP choose Other SMTP, host smtp.gmail.com, port 587, TLS, username your full Gmail address, password the 16 character App Password (spaces are ignored).
  4. For free Gmail accounts the daily limit is 500 recipients. Workspace allows 2000. Above that, Google throttles or blocks the account.

Use Amazon SES (cheapest at scale)

SES costs 0.10 USD per 1,000 emails sent from anywhere and is free for the first 62,000 messages per month if sent from an AWS EC2 instance. Setup steps:

  1. Create an AWS account and request production access in the SES console (sandbox mode only sends to verified addresses).
  2. Verify your domain in SES » Verified identities and add the three Easy DKIM CNAME records to DNS.
  3. Create an IAM user with policy AmazonSesSendingAccess and generate SMTP credentials (not the regular AWS access keys).
  4. In WP Mail SMTP choose Amazon SES, enter SMTP host like email-smtp.eu-central-1.amazonaws.com, port 587, TLS, IAM SMTP username and password.

How do I troubleshoot SMTP errors?

  • Could not authenticate: wrong username, wrong password or 2FA enabled without App Password.
  • Connection timed out: hosting provider blocks outgoing port 25, 465 or 587. Ask support to whitelist or use a different port. Many shared hosts (SiteGround, Bluehost) block 25 completely.
  • SSL handshake failed: outdated PHP or OpenSSL on the server. Update to PHP 8.1 or higher.
  • Mail goes to spam: missing DKIM, missing SPF, mismatched From address or sending domain not warmed up.
  • Test mail arrives, real mail does not: another plugin overrides wp_mail(). Check WP Mail SMTP log to see what got dispatched.

How does InspectWP help with SMTP?

InspectWP analyzes the public DNS records of the domain and reports whether SPF, DKIM and DMARC are configured correctly. Missing or misaligned records are flagged in the security section so administrators know which records to add before email deliverability degrades.

Previous article

How to Block readme.html and license.txt in WordPress

Next article

How to Disable WordPress Automatic Updates (Core, Plugins, Themes)

Related Articles

How to enable Brotli compression on nginx and Apache

How to Set Up HTTP Security Headers via .htaccess vs Nginx

How to Install a WordPress Child Theme (Step by Step)

View all articles

Check your WordPress site now

InspectWP analyzes your WordPress site for security issues, SEO problems, GDPR compliance, and performance — for free.

Analyze your site free