PHP Mail vs Professional SMTP — Email Deliverability
Overview
WordPress ships with a built-in email capability that uses PHP's mail() function. While functional in isolation, PHP mail is treated as spam by virtually all major email providers and should never be used in production. Any WordPress site sending form notifications, lead confirmations, or transactional emails via PHP mail is likely losing a significant portion of those messages before they reach the inbox.
This is a silent failure — the site appears to send email, the WordPress dashboard may even show a sent count, but deliverability is near zero.
"If you send an email using PHP, the internet says, oh, this looks like spam, and it blocks it."
— Mark Hope
The Problem: PHP Mail
- WordPress's default mailer uses the server's PHP
mail()function - Outbound messages carry no authentication headers (no DKIM, DMARC, or SPF)
- Receiving mail servers flag these as spam or reject them outright
- Impact on lead generation: If form submission notifications aren't delivered, the client never sees the lead — even though the entry exists in Gravity Forms
- A client site was observed with 9 logged failed emails and ~4,000 total sends through an unconfigured mail plugin, indicating widespread silent delivery failure
This is especially damaging when clients are running paid ad campaigns and expecting form leads to arrive via email notification.
The Solution: WP Mail SMTP Pro + SMTP.com
Plugin: WP Mail SMTP Pro
- Cost: ~$400–500/year (Asymmetric maintains a paid license)
- Replaces WordPress's PHP mailer with a proper SMTP relay
- Adds an email log to the WordPress dashboard: every outbound email is recorded with delivery status, recipient, subject line, and timestamp
- Supports multiple SMTP providers; recommended options: SendLayer, SMTP.com, Brevo
Provider: SMTP.com
Asymmetric's standard choice for client sites. Routes all WordPress email through a dedicated mail server with full authentication:
| Authentication | Purpose |
|---|---|
| DKIM | Cryptographically signs outbound mail to verify sender identity |
| DMARC | Policy layer that tells receivers how to handle unauthenticated mail |
| SPF | Authorizes specific servers to send mail on behalf of the domain |
Together these signals tell receiving mail servers the message is legitimate, dramatically improving inbox placement.
Setup Summary
- Install WP Mail SMTP Pro on the WordPress site
- Navigate to WP Mail SMTP → Settings
- Select SMTP.com as the mailer
- Enter the API key (stored in LastPass under the Asymmetric account)
- Verify with a test send
- Review the Email Log to confirm delivery
Diagnosing an Affected Site
Signs a site is using PHP mail and suffering from poor deliverability:
- WP Mail SMTP is absent from the plugin list (or present but unconfigured)
- Gravity Forms entries exist that the client claims they never received via email
- The client reports "not getting form leads" despite confirmed submissions in the database
- Email log (if any) shows a high rate of failed sends
Recommended check: Visit the site's WordPress admin → WP Mail SMTP → Email Log. If the plugin isn't installed, check Gravity Forms entries directly to see if leads are accumulating unseen.
Client Communication Guidance
When recommending this upgrade to a client:
- Frame it as a lead recovery issue, not a technical nicety — they are likely missing real inquiries right now
- Recommend a weekly Gravity Forms entry review as an interim measure: clients should log in, scan entries, and mark spam to train the filter — this also ensures no legitimate lead goes unnoticed while the email issue is being resolved
- Pair the SMTP upgrade recommendation with any [1] work — both address the same symptom (unreliable lead flow) from different angles
Related
- [2] — Blocking form spam with Akismet
- [3] — Click fraud protection for ad campaigns
- [4] — Notes on Wordfence and its tradeoffs