Skip to content

Plugin Review: WP Mail SMTP

WP Mail SMTP plugin logo

Back in the old days, the Wild West days, anyone could send email claiming to be from whoever and receiving email systems would accept it. But the mind-boggling gamut of spam and scam email has made people suspicious. Many servers won’t let just any incoming email past the gate. They want to make sure it’s not spoofed, with a fake “from” email address.

Your WordPress web server sends email. It alerts the administrator (you) that plugins were updated, that comments need moderation, and so on. Plugins might generate email of their own. By default, your server sends these in the Wild West way.

This email is not spoofed. It really does come from your domain. But because it was sent the old-fashioned way, it can’t show proper ID. Some email systems — more as time goes on — will reject it.

The easiest way to fix this problem is to have your email sent by a proper email server rather than your web server. WP Mail SMTP is the most popular plugin for this. It’s free, everyone likes it, me too. It sets up your website so email it sends is routed through an outside email server, which stamps each message “approved”. You can use your normal email account for this, or create a separate account just for this purpose.

To set up, you need some information about your email service provider’s SMTP server. This typically includes DNS name, port number, and authentication method. You can find this information in the email provider’s instructions for how to set up email clients. If you already have an email client set up to access that account — your phone’s email app, for instance — you can copy details from the email program’s settings. You also must enter your email user login name and password.

You can use a Google email account, but Google’s email is very security conscious. The setup procedure is more complicated.

Privacy Warning

If your website sends email to anyone but you, don’t use an email address you consider private to configure this plugin. See below for specifics.

Keeping your email address private

You can specify a different “from” address for your email than the email account you’re logging into to send it. However, recipients can find your real email address in the email headers.

Real email address of sender visible in email header
Real email address of sender visible in email header

To keep my real email address private, I create a “throwaway” mailbox in my domain, to use as the SMTP login. Set this address up to automatically discard incoming mail and/or automatically reply, referring people to an alternative means of contacting you. Name the account “noreply” or something similar, so nobody will expect email to that address will be read.

Apart from that, it doesn’t matter whether the “real” sender and the “from” line of the email are the same. You might decide to have different “from” addresses for different emails your site generates, some associated with a real mail file, others not.

Microsoft Mail users

This section applies if you’ve contracted with Microsoft for them to provide email service for your domain. So, someone sends email to, and you have to login to a Microsoft mail system — Outlook or — to read it.

In that situation, the free version of WP Mail SMTP can’t send email via these accounts. Instead, use the plugin Mail Integration for Office 365/Outlook by Edward Cross.

However: if you are in this situation, I’d like you to also consider dropping your Microsoft mail service and using the mail service of your hosting provider, if that’s included as part of the website hosting package. Microsoft is an evil monopolist who allows third party applications access to your email unless you’re really careful about how you set your security settings. In addition, they have faulty spam blocking rules that result in a lot of false positives — legitimate email sent to you gets flagged as spam because it comes from the same mail server that some spammer used. In an environment where web hosting providers use the same set of mail servers for all their clients — including you! — this is not a reasonable test.


Leave a Reply

Your email address will not be published. Required fields are marked *