WooCommerce Email Deliverability
Your store sent the order confirmation, but your customer never got it.
It's in their spam folder between phishing emails and discount viagra ads. Meanwhile your inbox is filling up with "where's my order?" tickets, your customer thinks the payment didn't go through, and they're about to place a duplicate order or file a chargeback. Google tightened their sender requirements in 2024, Microsoft started outright rejecting non-compliant email in May 2025... and sites that haven't adapted are feeling it.
You've checked WooCommerce's email settings. You've tried an SMTP plugin. You've Googled it at 11pm but you're exhausted and not closing in on solutions.
By Valentin Bora. 25 years building for the web. Configured email infrastructure for sites handling 12M+ monthly visitors. 5.0/5 on Codeable (166 projects).
What it actually costs you
1 in 6 legitimate emails
never reaches the inbox.
That's not my number. Validity's 2025 benchmark report puts global inbox placement at 83.5%, and it's been getting worse... spam placement nearly doubled over the course of 2024. Microsoft's Outlook is the worst offender at just 75.6% inbox placement. Gmail dropped to 87.2% after they started enforcing stricter sender requirements in February 2024. The filters are tightening, and sites that haven't configured their email authentication properly are the ones getting caught.
When a WooCommerce order confirmation lands in spam, the customer doesn't think "email deliverability issue." They think "my order didn't go through." So they place it again (duplicate order, future dispute), email your support asking what happened (a problem that shouldn't exist), or just leave and buy from someone else next time. All three cost you money.
Shipping notifications are worse. Your customer doesn't know the package shipped, it shows up, and they've already filed a dispute with their credit card company because they assumed you never sent it. Each chargeback runs $15-25 in fees on top of the lost revenue... and too many chargebacks can get your payment processor to flag your account or drop you entirely.
Password reset emails that don't arrive mean locked-out customers who can't reorder. Subscription renewals that go to spam mean customers don't know they've been charged... and they dispute it when they see it on their statement. Refund confirmations that don't arrive mean people calling to ask if the refund actually happened. Same root cause, and it cascades through every email your store sends.
The thing that makes this especially frustrating is that your WooCommerce dashboard probably shows those emails as "sent." Your SMTP plugin says "delivered." But there's a massive gap between "the receiving server accepted it" and "it actually landed in the inbox." I've seen sites where the plugin dashboard showed 98% delivery rates while actual inbox placement was below 70%. The dashboard was green. The emails were in spam.
Why this happens
It's almost always the same
handful of problems.
Shared hosting, shared reputation
Your WordPress site is probably on a shared server with 200+ other sites. When any of those sites send spam... and some inevitably do... the IP gets flagged. Gmail and Outlook don't distinguish between your legitimate order confirmation and the junk from the site next door. Same IP, same reputation. Your emails are guilty by association, and you have no control over it.
WordPress sends email the wrong way
By default, WordPress uses PHP's mail() function. This is basically dropping a letter in a mailbox with no return address... there's no authentication, no verification that the email actually came from your domain, and no way for the receiving server to tell it apart from a forged message. Senders with full authentication (SPF + DKIM + DMARC) are roughly 2.7x more likely to reach the inbox than those without. PHP mail() gives you none of those.
Missing or broken DNS authentication
SPF, DKIM, and DMARC are DNS records that tell email providers "yes, this message really came from my domain." The scale of this problem is hard to overstate: a 2024 analysis of the top 1 million domains found that 39% lacked even a basic SPF record, and roughly 86% had no effective DMARC protection. I see this constantly on WooCommerce sites... no SPF at all, or one that's misconfigured because someone added SendGrid and never updated DNS. DKIM completely absent. DMARC missing entirely.
The rules just got stricter
Google and Yahoo started enforcing new sender requirements in February 2024... SPF and DKIM authentication, a published DMARC record, spam complaints under 0.3%. That drove about 500,000 new DMARC records in a single quarter, but most of them were set to p=none, which is the monitoring-only policy that provides zero actual protection. Then Microsoft followed in May 2025, starting to reject non-compliant mail outright from high-volume senders. If your WooCommerce store hasn't been configured for these requirements, your emails are increasingly likely to get filtered or bounced.
Transactional and marketing email on the same domain
Your WooCommerce order confirmations and your Mailchimp campaigns are both sending from the same domain. When someone marks your marketing email as spam (and this happens to every business), it damages the reputation for your entire domain. Now your transactional emails get caught in the crossfire. The fix is domain separation... transactional from one subdomain, marketing from another. But most WooCommerce stores never set this up because nobody tells them to.
Installing an SMTP plugin alone doesn't fix this. It routes your email through a better service, which helps, but if the DNS authentication isn't configured properly the receiving server still can't verify the message is legitimate. You need both the routing and the authentication working together... and that's what I set up.
The numbers
The math on broken email gets ugly fast.
Klaviyo analyzed 143,000 abandoned-cart flows and found the average revenue per recipient is $3.65. But top-decile senders... the ones with good inbox placement and proper authentication... pull $28.89 per recipient. That's an 8x gap, and it tracks almost directly with whether the email actually reaches the inbox. If your recovery emails land in spam, you're leaving the entire gap on the table.
The broader context: about 70% of shopping carts get abandoned (Baymard Institute, 49-study meta-analysis). That's a massive pool of recoverable revenue, and email is the primary tool for clawing it back. A 3-email cart recovery sequence generated $24.9M across Klaviyo's sample compared to $3.8M for single emails. But all of this assumes the emails arrive. If they don't, the sequence might as well not exist.
Say you're doing 500 orders a month and 5% of your transactional emails hit spam. That's 25 customers per month who didn't get their order confirmation. Support time, duplicate orders, chargebacks from those 25 people adds up to $500+/month easily. And that's just the direct cost... it doesn't count the customers who never tell you there's a problem. They bought once, the confirmation went to spam, the experience felt unreliable, and they quietly moved on to a competitor whose emails actually arrive. You never know they left.
avg cart recovery RPR (Klaviyo 2024)
top-decile RPR with good deliverability
of shopping carts abandoned (Baymard)
inbox rate with full authentication
The process
Six steps from broken to fixed.
This is the same process I follow on every engagement. Most fixes are done within 48 hours.
Run the free scan
Enter your domain on this site. You'll see exactly which SPF, DKIM, DMARC, and MX records are missing or broken.
Full diagnostic
I run SPF, DKIM, DMARC, MX, reverse DNS checks, scan 120+ blacklists, and assess your sending reputation.
You share DNS access
I'll need login or delegate access to wherever your DNS is managed... Cloudflare, GoDaddy, Namecheap, Bluehost, SiteGround, Hostinger, or Squarespace Domains.
DNS + sending service fixed
I configure SPF, DKIM, DMARC records and set up your sending service... SendGrid, Postmark, SES, or SMTP plugin.
Inbox placement verified
I send test emails to Gmail, Outlook, and Yahoo and confirm they land in the inbox. You get screenshots as proof.
Report + walkthrough
Loom video explaining what was broken and what I changed, plus a written report with all DNS records for your files.
About DNS access: I work with all major providers. If you're not sure where your DNS is managed, I'll help you figure it out. If you'd rather not share credentials, I can give you exact records to add yourself... but direct access means faster turnaround and fewer back-and-forth messages.
Next step
Find out what's broken
in 30 seconds.
Run a free scan on your domain. Checks SPF, DKIM, DMARC, MX, and who manages your DNS. Plain English, no account required.
Issues found? I'll fix them for $59.
- ✓ SPF, DKIM, DMARC, and MX record fixes
- ✓ DNS published and re-scanned to confirm
- ✓ 24–48 hour turnaround
- ✓ Money-back if I can't improve your setup
Complex multi-sender or WordPress SMTP setups? Book a call and we'll scope it together.
100% money-back guarantee
If you're not happy with the result for any reason, you get a full refund. No conditions, no hoops.
Who's fixing this
Valentin Bora
I've been building and managing web infrastructure for 25 years. I've configured email systems for sites handling 12M+ monthly visitors, including G4Media (Romania's largest independent news group, 3M+ monthly readers). Email infrastructure is something I deal with on nearly every project because it's one of the first things that breaks when a site scales... and one of the last things anyone bothers to check until customers start complaining.
I work through Codeable, an exclusive freelancer network where only 2% of applicants get in. Codeable holds a 4.8/5 on Trustpilot. My personal rating across 166 projects is 5.0/5.
years in web infrastructure
projects on Codeable
client rating
monthly visitors managed
"I've worked with many developers and engineers throughout my career. Valentin is amazing. I could sense his talent, knowledge, and experience immediately; which is typical of extremely bright developers yet also very rare."
Mike C."Above & beyond what was required. Not just capable but reliable and most of all, an absolute genuine pleasure to work with. Of all the developers I've worked with, this is an absolute 1st!"
Kiran B."This guy is a lifesaver! My business was crippled for almost three weeks. Once Valentin and I connected he had my problem solved in a few hours of work."
Tara N.All reviews from Codeable
Frequently asked questions
Things people usually ask me about this.
Why are my WooCommerce order emails going to spam?
Nine times out of ten it's an authentication problem. Your WordPress site is sending email through PHP's mail() function on a shared server where hundreds of other sites share the same IP. Gmail and Outlook check that IP's reputation, and if even a few of those other sites have been sending junk... your order confirmation gets lumped in with them. On top of that, most WooCommerce sites are missing SPF, DKIM, and DMARC records. A 2024 analysis of the top million domains found 39% lacked even a basic SPF record, and about 86% had no effective DMARC. This has gotten worse since Google and Yahoo started enforcing stricter sender requirements in February 2024, and Microsoft followed in May 2025. If your site hasn't been configured for these rules, you're increasingly likely to get filtered.
Will this fix all WooCommerce emails, not just order confirmations?
Yes. The fix is at the infrastructure level... DNS authentication and sending configuration. Once that's set up properly, every email your WordPress site sends goes through the same clean pipe: order confirmations, shipping notifications, password resets, new account registrations, refund confirmations, subscription renewals, and anything sent by plugins like WooCommerce Subscriptions or AutomateWoo. If WordPress sends it, the fix covers it.
Do I need an SMTP plugin like WP Mail SMTP or FluentSMTP?
Probably. An SMTP plugin replaces WordPress's default PHP mail() function with a proper authenticated connection to a real email service, which is a big improvement. But here's where I see people get stuck... they install the plugin, connect it to SendGrid or Postmark, and think they're done. They never add the DNS records. The plugin routes the email through a better service, but without SPF and DKIM records the receiving server still can't verify it's legitimate. Senders with full authentication (SPF + DKIM + DMARC at enforcement) are roughly 2.7x more likely to reach the inbox. The plugin alone gets you maybe halfway there.
What about transactional email services like SendGrid, Postmark, or Amazon SES?
I configure all three regularly and they're all solid choices. Each has different strengths... Postmark has probably the best deliverability reputation and is purpose-built for transactional email, SendGrid has a generous free tier and good analytics, and SES is the cheapest if you're sending at scale. The service you pick matters less than how it's configured. I'll recommend the best fit for your volume and budget, set everything up, configure all DNS records, and verify it delivers cleanly.
How fast will this be fixed?
Most fixes are done within 24-48 hours. Run the free scan first; if issues are found, I'll fix them for $59, or book a call for complex multi-sender setups.
What if my emails still go to spam after the fix?
Then I keep working. It's not done until your emails actually arrive in the inbox. Most issues are resolved with DNS authentication and proper sending configuration, but sometimes there's something deeper... a blacklisted IP, a content filtering problem, or reputation damage from past sending behavior. I'll find it and fix it. If for some reason I can't solve it, you get a full refund. That hasn't happened yet.
Do I need to change my hosting?
Usually not. The fix works regardless of who hosts your site... shared hosting, VPS, managed WordPress hosting like Kinsta or WP Engine, doesn't matter. The one exception is if your host's mail server IP is on a major blacklist and they won't get it delisted. In that case I route your email through an external service like Postmark or SendGrid, which bypasses the hosting IP entirely. Problem solved without migrating anything.
I'm also sending marketing emails through Mailchimp or Klaviyo. Will this affect those?
It can, and usually in a good way. When I set up DMARC properly, it creates an alignment policy for your entire domain. If your marketing platform already handles its own SPF/DKIM (Mailchimp and Klaviyo both do), DMARC ties everything together under one policy and actually improves trust signals across all your email. If your marketing emails are also having issues, book a call after the scan and we can scope a multi-sender setup together.
Your emails might be going to spam right now.
Find out in 30 seconds.
Run a free scan on your domain... checks SPF, DKIM, DMARC, blacklist status, and who manages your DNS. Instant results, plain English, no account required.
Every day your emails land in spam is a day you're losing revenue.
Based in Europe (EET/EEST). Working hours overlap with US East Coast, UK, and Australia. Most fixes delivered within 24-48 hours regardless of timezone.
Last updated: May 2026