So, you’re running WordPress and you want website visitors to easily email you through your contact form. Only you’re NOT receiving the emails and it’s a problem. Is there a solution?
I was suspicious because the plugin hadn’t been updated in a long time and the WP plugin repository suggested it “might not be compatible with your version of WordPress.”
That always raises a red flag.
Let me tell you about my host’s email spoofing policy as well as taking into account the fact I was using MX records from another email provider.
Contact Forms & Spoofing
When a user fills out a contact form on a website, they’re usually asked to enter the following details:
You receive the message in your email inbox and reply. Only it’s not as simple as that because this email could have been sent fraudulently using someone else’s email address.
Think about it. I could visit the website of a local business and send them a nasty email berating their services using the email address of a competitor.
- How would the recipient know it’s a spoof?
- An IP address lookup might only link to an ISP data center, not a machine/specific location
- It could lead to fraud
Some hosts (and this includes DreamHost) have a policy on this fraudulent sending of email. It’s called spoofing because, well, it’s a spoof!
You might not have encountered this yourself because you might be on a host that allows spoofing. But if you move to a different host you might be in for a rude awakening.
The usual way around this issue is to set up your contact form headers in such a way that the From email address is actually from your website domain.
Let me explain using the Contact Form 7 screenshot below:
Notice how in the screenshot, on the left lower side there is line that reads Sender: [email protected]
Well, that is an instruction to the host that says it’s okay to send the email because I know the email is originating from the contact form on my website, and that I’ll know to treat is as a possible spoof.
You see, the contactform inbox doesn’t exist. It’s just a pretext to use my own TLD (top level domain) and create a virtual email address to authenticate the sending of PHP mail.
Nine times out of ten, hosting tech support forums will recommend this approach to contact forms on WordPress sites. But because technology is constantly being upgraded, including hosts, plugins and WordPress itself, things can stop working.
And It DID Stop Working!
A few days ago, I stopped receiving email from the contact form despite using the anti spoofing email header in Contact Form 7. I knew the form had stopped working because I ran some tests. The reason I ran tests was because I’d stopped receiving general junk email, which is a general indicator.
I fired up an instant chat session with DreamHost to ask if they were experiencing downtime. I also made it clear I was using email headers as advised, and I throught I ought to make it clear the email service provider was in fact GoDaddy.
So, using GoDaddy MX records with DreamHost meant there was a bottleneck somewhere – it was one or the other.
I did some quick research on GoDaddy to see if there was any downtime – it was a possibility. I tried sending some mail from a 100% GoDaddy run website and it worked.
So it was a case of my web host and email provider having a tiff.
Here’s the transcript from my chat with DreamHost support. It solved everything and I took the recommendation to install the WP Mail SMTP plugin and send authenticated email as SMTP instead of PHP.
In plain English, this means I was having a trusted email provider (my Godaddy account) vouch for any email sent through Contact Form 7.
Here’s the chat:
DreamHost: You are now chatting with ‘Kan’
Kan: Hi Darren!
Kan: How can I help you today?
Kan: Let me take a look real quick at the site.
Darren: My email address ([email protected]) uses GoDaddy’s MX records. It COULD be there end but I doubt it
Kan: most likely not, one moment please!
Kan: Ok this is the error I’m seeing:
Kan: Remote-MTA: dns; smtp.europe.secureserver.net
Kan: Diagnostic-Code: smtp; 552 5.2.0 xnz61n00S15XP4o01 – xnz61n00S15XP4o01nz6mL
Kan: “IB212 msg rejected as spam”
Kan: Since GoDaddy is rejecting it from our web server
Kan: I would try a plugin like this this one to authenticate as a legitimate email user: https://wordpress.org/plugins/wp-mail-smtp/
Kan: That way, WordPress can send as one of your email addresses through an SMTP server.
Kan: Usually this clears up any problems
Darren: Could it not be email downtime from GoDaddy?
Darren: I’ve been looking at some downtime detectors today and it appears GoDaddy have had outages on a couple email servers
Kan: It’s possible, but it does say rejected as spam
Darren: This plugin doesn’t appear to have been updated in months.
Darren: Not sure I can trust this
Kan: The Plugin is good, I have it on one of my sites and doesn’t need to be updated cause it’s very simple
Kan: If you’re concerned, that is.
Kan: As far as why it’s being flagged as spam, that would be something you would consult GoDaddy for the answer.
Darren: Strange how it just stopped working. It was fine
Kan: I believe it’s likely due to the fact that PHP mail is not authenticated as an SMTP user.
Darren: What does contact form 7 send mail as?
Kan: PHP, so the web server is sending the email
Kan: If you authenticate the webserver by using that plugin, it no longer is trying to send as the webserver. It will send as the email user you authenticate as.
Darren: I’ve installed the plugin but I’m going to need to spend some time configuring it.
Darren: i’ll go do that
Kan: Alright, that should help!
Darren: thanks – I’m usually cautious about plugins
Kan: This one is very simple and safe. should be good!
Kan: Did you have any other questions for me at this time?
Darren: I might be back later! So maybe then!
Kan: Okay, have a good one Darren!
DreamHost: Chat session has been terminated by the site operator.
After the chat concluded I watched a few different videos about the plugin and read some forum posts too.
I now knew why I needed it but I needed to configure it. Once I’d got it working on one website the plan was to start installing it on others.
Why I Installed the Plugin
- Need to send emails as authenticated SMTP emails instead of PHP mail
- The email send request was being rejected by the DreamHost webserver as spam
- Seems like a very simple plugin with minimal code despite not being updated regularly
How I Installed the Plugin
- Set the plugin to send from the default From values in the Contact Form 7 I showed earlier
- Set the plugin to send all WordPress emails via SMTP
- Set the SMTP settings of the email server (smtpout.europe.secureserver.net)
- Used port 465 with SSL (This is standard for all SMTP email servers)
- Set to use SMTP authentication
- Entered my email username and password
You can see screenshots showing how to do this on the WP Mail SMTP screenshots page from the WordPress plugin directory.
I’m glad my email contact form stopped working when it did. I had already been working with some unrelated SMTP stuff that morning so I knew my contact forms needed the upgrade from PHP to SMTP.
I’m glad also because when I build WordPress websites for clients, I need them to be as future proof as possible.
There are some local WordPress developers I have spoken to who do not know what “spoofing” or “SMTP” is and I feel they are building a minimum viable product without considering the fact that all things WordPress are constantly subject to change.
My email form stopped working! What if that had been a client’s website? Thankfully, the WordPress websites I’ve built for others can be upgraded as part of the management I do for them. I’ll be adding this plugin as part of the “housekeeping” services I provide.
I won’t bother to explain the reasoning behind it, since most people just want to know something works. This plugin works.