Specific emails always go to Junk Email in Outlook

1

I receive status emails from my Websites regularly that Outlook always sends to Junk Email, even though I've told it to "Always trust emails".

The emails are from WordPress wordpress@<mydomainname>.com - Emails from one domain are being sent to another email address on the same domain (email is hosted by Outlook.com if that's relevant), the other domain is being sent to email address on a different domain (also hosted by Outlook.com)

What do I need to do to force Outlook to remember that these emails are wanted and to put them in the Inbox? I am not having this trouble with any other emails going to or not going to Junk Email.

Midavalo

Posted 2018-08-13T16:31:14.980

Reputation: 213

Answers

0

By default, WordPress emails spoof the sender, and if the domain's SPF record doesn't trust the sending server, email providers are likely to mark the emails as spam because of the spoofing.

The best (not easiest) way to ensure trusted email delivery is to send the emails using authenticated SMTP.

Authorizing the WordPress Server to Send Emails

This is the easiest way to get mailboxes to receive emails from WordPress, but it's only one thing email providers check to verify the sender. If the instructions in this section don't fix your problem, try the "Configuring Authenticated SMTP Email in WordPress" section in addition to this section.

WordPress only knows how to use mail() in PHP, which spoofs the "From" header. If you're sending From: WordPress <wordpress@example.com> from anywhere, but the SPF (TXT) record for example.com is v=spf1 -all (do not permit any senders), email providers know they shouldn't deliver emails from anyone claiming to be @example.com.

Your SPF record should look like this already, according to Microsoft:

v=spf1 include:spf.protection.outlook.com -all
  • include:spf.protection.outlook.com ensures that Outlook is authorized to send emails as your domain.
  • -all means fail the SPF check for any other sender. This is supposed to prevent anyone, even your WordPress site, from spoofing emails supposedly sent from your domain.

All you need to do to let recipients know to accept emails for your domain sent by your WordPress server is to add its IP address (e.g. 10.0.0.2) to the SPF record like so:

v=spf1 +ip4:10.0.0.2 include:spf.protection.outlook.com -all

Alternatively, if your address (A or AAAA) record happens to be your WordPress site, it is sufficient to add +a instead of +ip4:10.0.0.2. This is useful if you ever migrate your site to another IP address and forget to update your SPF record. Example usage:

v=spf1 +a include:spf.protection.outlook.com -all

The SPF record is a TXT record that you need to set at your DNS provider. You should know how to do this already; it's the same interface you used to set up your Outlook DNS records.

Configuring Authenticated SMTP Email in WordPress

Because WordPress only knows how to use mail() in PHP, you need a plugin to send authenticated SMTP emails. Two popular plugins are WP Mail SMTP and Easy WP SMTP.

If you want WordPress to send emails from wordpress@example.com, create that email address in Outlook (the email provider for example.com).

Then, configure the SMTP plugin (your choice) to send emails from that account.

What this does is delegate email sending to a provider that is already trusted to send emails on behalf of your domain. In your case, that email provider is Outlook.

Since Outlook will then be responsible for sending emails from an Outlook address to another Outlook address, email delivery is much more likely to succeed.

Deltik

Posted 2018-08-13T16:31:14.980

Reputation: 16 807

Note: using +a +mx in SPF record isn't optimal since it involve extra DNS queries for receiving server and if there would be more than 10 lookups in total then it will return permanent error. Such solution works for huge email providers with rolling IPs, but if one using own email server(s) than it better to use IP of sending email server directly like ip4:1.2.3.4, BTW, + prefix in front of a and mx is optional. – Alex – 2018-08-13T19:07:55.987

Also don't start with -all qualifier until you completely sure that your email passing through successfully, otherwise all emails would be rejected. Start with qualifier ~all and if email headers on receiving side doesn't show any errors than go with -all – Alex – 2018-08-13T19:08:19.573

@Alex: What you said is true; however, in my experience with shared hosting users, +a +mx is a fire-and-forget setting that works for most people, and -all is especially useful when users ask why they get spam emails apparently from themselves. Nevertheless, I've updated this answer to be more tailored towards OP's email service provider. – Deltik – 2018-08-13T21:13:21.047

Well, you right, on shared hosting a mx might be an easy and even the only solution since one on mercy of shared hosting. The issue with such settings on shared hosting that almost all of them using pretty insecure setups.When a hacker get in to some1's account he can see all neighbors on the same machine (it could a thousands) and since all neighbors using the same mail server, he would be able to send on behalf of any nearest accounts and SPF wouldn't trigger an error, but I guess it is off-topic subject to discuss it here. – Alex – 2018-08-13T21:43:00.980

Asked: 2018-08-13T16:31:14.980

Viewed: 125 times

Active: 2018-08-13T21:12:38.103