Why your WordPress emails go to spam (and how to tell)

You send email from your inbox every day and it works. Then a customer says they never got their order confirmation, or a lead fills out your contact form and you never see it. The email your website sends is quietly failing, even though the email you send is fine.

These are two different things, and that trips almost everyone up.

One inbox, many senders

When you reply from Gmail or Outlook, that mail goes out through Google’s or Microsoft’s servers, which are set up to authenticate properly. But your WordPress site sends email through a completely separate path: WooCommerce receipts, form-plugin notifications, password resets. Each of those needs its own authentication in your DNS, and by default WordPress has almost none of it.

So Gmail and Microsoft look at your site’s mail, can’t confirm it’s really from you, and drop it in spam or reject it outright. Since 2024 they’ve tightened this hard: Google and Microsoft now reject mail that fails authentication instead of just spam-foldering it.

The three records that decide it

• SPF lists which servers may send for your domain.
• DKIM signs your mail so the receiver can confirm it wasn’t tampered with.
• DMARC ties the two together and tells receivers what to do on a failure.

In a scan of 4,673 small businesses across the US and Canada, more than half were missing at least one of these, most often DKIM. So if your site email is landing in spam, you’re in the majority, and it’s almost always a missing record, not a mysterious “reputation” problem.

How to check in 30 seconds

Don’t guess, and don’t trust a “send test email” button. That only proves the message left your site, not that an outside inbox would accept it. You need to see what Gmail and Microsoft actually check: your SPF, DKIM, DMARC, and MX records.

If something’s red, that’s your fix. If it’s all green and mail still lands in spam, the problem is deeper (sending reputation or content), and that’s worth a closer look.