By default, WordPress emails spoof the sender, and if the domain's SPF record doesn't trust the sending server, email providers are likely to mark the emails as spam because of the spoofing.
The best (not easiest) way to ensure trusted email delivery is to send the emails using authenticated SMTP.
Authorizing the WordPress Server to Send Emails
This is the easiest way to get mailboxes to receive emails from WordPress, but it's only one thing email providers check to verify the sender. If the instructions in this section don't fix your problem, try the "Configuring Authenticated SMTP Email in WordPress" section in addition to this section.
WordPress only knows how to use mail()
in PHP, which spoofs the "From" header. If you're sending From: WordPress <wordpress@example.com>
from anywhere, but the SPF (TXT) record for example.com
is v=spf1 -all
(do not permit any senders), email providers know they shouldn't deliver emails from anyone claiming to be @example.com
.
Your SPF record should look like this already, according to Microsoft:
v=spf1 include:spf.protection.outlook.com -all
include:spf.protection.outlook.com
ensures that Outlook is authorized to send emails as your domain.
-all
means fail the SPF check for any other sender. This is supposed to prevent anyone, even your WordPress site, from spoofing emails supposedly sent from your domain.
All you need to do to let recipients know to accept emails for your domain sent by your WordPress server is to add its IP address (e.g. 10.0.0.2
) to the SPF record like so:
v=spf1 +ip4:10.0.0.2 include:spf.protection.outlook.com -all
Alternatively, if your address (A or AAAA) record happens to be your WordPress site, it is sufficient to add +a
instead of +ip4:10.0.0.2
. This is useful if you ever migrate your site to another IP address and forget to update your SPF record. Example usage:
v=spf1 +a include:spf.protection.outlook.com -all
The SPF record is a TXT record that you need to set at your DNS provider. You should know how to do this already; it's the same interface you used to set up your Outlook DNS records.
Configuring Authenticated SMTP Email in WordPress
Because WordPress only knows how to use mail()
in PHP, you need a plugin to send authenticated SMTP emails. Two popular plugins are WP Mail SMTP and Easy WP SMTP.
If you want WordPress to send emails from wordpress@example.com
, create that email address in Outlook (the email provider for example.com
).
Then, configure the SMTP plugin (your choice) to send emails from that account.
What this does is delegate email sending to a provider that is already trusted to send emails on behalf of your domain. In your case, that email provider is Outlook.
Since Outlook will then be responsible for sending emails from an Outlook address to another Outlook address, email delivery is much more likely to succeed.
Note: using
+a +mx
in SPF record isn't optimal since it involve extra DNS queries for receiving server and if there would be more than 10 lookups in total then it will return permanent error. Such solution works for huge email providers with rolling IPs, but if one using own email server(s) than it better to use IP of sending email server directly likeip4:1.2.3.4
, BTW,+
prefix in front ofa
andmx
is optional. – Alex – 2018-08-13T19:07:55.987Also don't start with
-all
qualifier until you completely sure that your email passing through successfully, otherwise all emails would be rejected. Start with qualifier~all
and if email headers on receiving side doesn't show any errors than go with-all
– Alex – 2018-08-13T19:08:19.573@Alex: What you said is true; however, in my experience with shared hosting users,
+a +mx
is a fire-and-forget setting that works for most people, and-all
is especially useful when users ask why they get spam emails apparently from themselves. Nevertheless, I've updated this answer to be more tailored towards OP's email service provider. – Deltik – 2018-08-13T21:13:21.047Well, you right, on shared hosting
a mx
might be an easy and even the only solution since one on mercy of shared hosting. The issue with such settings on shared hosting that almost all of them using pretty insecure setups.When a hacker get in to some1's account he can see all neighbors on the same machine (it could a thousands) and since all neighbors using the same mail server, he would be able to send on behalf of any nearest accounts and SPF wouldn't trigger an error, but I guess it is off-topic subject to discuss it here. – Alex – 2018-08-13T21:43:00.980