Has your WordPress site ever sent an email which never arrived?
Thereβs a simple explanation for this β default WordPress websites arenβt correctly configured to send emails.
This includes your WordPress website. It also includes this WordPress site.
In this article weβll outline the exact nature of the problem β WordPress email delivery β and our solution to it β SureSend.
Understanding WordPress Email Delivery Problems
Have you ever received email SPAM? You probably have, since 45% of all email is actually SPAM.
Thatβs a lot of SPAM! And thereβs a good reason why SPAM is such a huge problem: because itβs easy to send emails, to anyone, from anywhere.
You donβt need a special, so-called βemail serverβ to send an email. You can do it from practically any device connected to the internet.
Sending an email is really very easy.
But, sending an email with the correct signals that indicate to recipient mail servers that itβs a legitimate email is separate challenge entirely.
Letβs consider how email works with WordPress.
A WordPress website comes with PHP code that makes sending emails easy. You just plug-in the information for from, to, subject, and email body, and off it goes to send the email.
Letβs say, for example, your site admin email address is set to [email protected]. Then letβs say a user canβt login and requests a password reset. Your WordPress site will then try to send a password reset link to that user, saying that itβs coming from the sender above.
Before accepting the email from your WordPress site, the mailbox provider for that user will try to determine if the server trying to send the email (i.e. your WordPress site) is actually authorized to do so, for the shieldsecurity.io domain.
And typically, it isnβt authorized (unless youβve made it so).
The recipient mail server can then decide how it wants to handle the email. Itβll normally take 1 of 3 paths:
- Accept the email regardless (not likely)
- Accept the email and flag it as SPAM
- Outright reject the email.
From the perspective of the recipient mail server, the following statement describes this scenario:
A completely random device on the internet is trying to send an email from the domain
shieldsecurity.ioto a mailbox I host.
Whatβs to stop an email SPAMer doing exactly the same thing?
Absolutely nothing.
For email to be considered legitimate, the sender of the email must be verified. The WordPress site/server that is sending email on the part of shieldsecurity.io must be recognised as a legitimate sender for that domain.
And how do you setup a sender as a legitimate sender?
That is where the real work takes place. And is the piece of the puzzle that most WordPress administrators never put into place.
Itβs only when important emails stop arriving that an administrator realises that something might be wrong.
How To Improve Email Deliverability For WordPress
The steps to perform this task arenβt within the scope of this article, but we go into some detail on this problem and possible solutions to it here.
We recommend using a dedicated email service provider. They provide a reliable email platform that you can use across all sites in your portfolio. They also normally come with logs and debugging tools which you can use to investigate problems as they arise.
What Is SureSend And What Problem Does It Solve?
Setting up email delivery for your sites can be quite involved, though it isnβt complex. It just takes a some time, the first time around.
So itβs understandable that even knowing about this email deliverability problem, many admins still donβt do anything about it.
It is for those admins that we created SureSend.
SureSend wont solve all your WordPress email problems, but it will step-in to ensure particular critical emails are delivered as expected.
To start with, weβve integrated SureSend into the ShieldPRO plugin for 2-factor authentication emails.
If you try to log into a WordPress site with Shieldβs 2FA protection and you donβt get the email, you canβt complete your login. SureSend can act as the sender for the email (instead of your WordPress site). It uses a correctly configured email domain (sure-send.com) so that the chances of successful email delivery are much higher.
No email delivery is 100% reliable, but weβve put all the necessary signals in-place to ensure that our emails will get through to your mailbox.
Why Do 2FA Emails Suffer From Deliverability Issues?
As you can imagine, it makes sense that an email originating from an unverified source, containing a login code or such-like, is more likely to be flagged as SPAM or completely rejected altogether.
Itβs no accident that itβs the 2FA emails that are most problematic.
This is why weβre adamant that WordPress admins employ a dedicated email service for their websites. Using WordPress alone is rolling the dice, without being able to see what the result of the roll actually is.
If an email is rejected by a recipientβs email provider, how would you ever know?
When Can You Get SureSend?
We released SureSend for ShieldPRO in version 10.
Currently it only supports emails for 2FA codes, but weβll expand this over time as we monitor its uptake.
What Are The Future Plans For SureSend?
Weβll monitor how SureSend is used within Shield and gauge the demand for a service that makes it easy to offload emails from a WordPress site.
We feel thereβs a real need for something like this for those that donβt want the hassle of setting up a dedicated service provider.
But weβll monitor and see how things go.
What Considerations Are There For Privacy And GDPR?
Emails and privacy is an important concern.
Currently with SureSend, we donβt log emails sent through our service, though they will be logged through whichever email service provider we employ to send these emails.
To review our privacy policy and those of the service providers we employ, please see here.
At the time of writing, we donβt log any email address sent through our API, but this may change in the future. You can follow the link above to see our latest privacy policy details, and contact us if you have any questions.
The simplest way to not be affected by any privacy concerns you may have is to not enable SureSend in the Shield Security plugin (which isnβt enabled by default), and instead configure your WordPress email delivery correctly, either directly for the hosting server, or using a 3rd party provider.
Questions and Suggestions
As always we value your thoughts and any suggestions you have around SureSend and any new feature we introduce to ShieldPRO.
Is SureSend something youβd find useful? How could it be adjusted to be more useful to you?
Please leave any questions in the comments below and weβll update the article if needed.
Thank you!
