Live Direct Marketing logo
Inbox Placement Test
Joomla7 min read

Joomla email deliverability: why they spam and how to fix it

Joomla ships with PHP mail as the default transport. The result is unauthenticated sending from a shared host IP, which in 2026 means spam almost every time. Here is the anatomy and the fix.

Joomla is still powering a surprising slice of the membership, education and small-business web. It is stable, flexible, and has a strong extensions ecosystem. What it does not have is a modern default mail transport. Out of the box, Joomla hands every outgoing message — registration confirmations, password resets, contact form notifications, newsletter opt-ins — to PHP mail().

In 2026, PHP mail from a shared web host is effectively synonymous with "spam folder". Gmail, Outlook, Yahoo and the European providers (GMX, Web.de, Yandex) all require authenticated sending with aligned SPF and DKIM. Joomla's default does not provide that. Users stop confirming registrations, support tickets dry up, and you assume the site is quiet. It is not quiet — the emails are silently spamming.

The quick answer

Switch Joomla's Mailer from PHP mail to SMTP with authentication, point it at a transactional provider (Postmark, SES, Mailgun, Brevo), publish SPF + DKIM + DMARC for the From domain, then seed-test every template. Registration, password reset and contact form each behave differently — test them all.

Symptoms: how you know it is mail, not the site

The classic tells:

  • New registrations stall at "please confirm your email". Users email support asking where the confirmation is. You find it in their Gmail spam folder.
  • Password resets "do not arrive" — but your Joomla log says the mail was sent successfully.
  • Contact form submissions come through irregularly. Some days zero, some days a flurry. This is inbox placement varying by recipient.
  • Headers on received messages show Received-SPF: none or softfail, and dkim=none.

Why the default configuration fails

Joomla's Global Configuration → Server → Mail Settings tab has three Mailer options: PHP mail, sendmail, and SMTP. The default on most installs is PHP mail.

When Joomla uses PHP mail, the web server's local MTA sends the message on the server's own IP. That IP is almost always:

  1. Shared with hundreds of other sites on the same hosting node.
  2. Not listed in the SPF record of your From domain.
  3. Not publishing DKIM signatures for your From domain.

Result: SPF fails (the sending IP is not authorised for your domain), DKIM is absent (no signing), and DMARC — if you have it — rejects. Even without DMARC, Gmail and Outlook downgrade unauthenticated mail aggressively.

A common red herring

Admins sometimes "fix" this by switching Mailer to sendmail. This does not help. Sendmail just hands the mail to the same local MTA, from the same shared IP, still unauthenticated. The only fix is SMTP to an authenticated relay.

The SMTP fix inside Joomla

Walk through Global Configuration → Server → Mail Settings:

  1. Set Mailer to SMTP.
  2. Set From Email to a mailbox on a domain you control and will authenticate, e.g. noreply@yoursite.com.
  3. Set From Name to the public name of your site. Keep it recognisable — this appears as the sender name in recipient inboxes.
  4. Enable SMTP Authentication, set SMTP Security to TLS, and set SMTP Port to 587.
  5. Enter the SMTP Host, Username and Password from your transactional provider. For Postmark that is smtp.postmarkapp.com with the server API token as both user and password. For SES it is email-smtp.<region>.amazonaws.com with SES-specific SMTP credentials.
  6. Save, then use Joomla's built-in Send Test Mail button (Mail Settings tab) to send yourself a test.

DNS records

Publish SPF, DKIM and DMARC. A minimal correct setup:

; SPF — one TXT record per domain
yoursite.com.          IN  TXT  "v=spf1 include:sendgrid.net ~all"

; DKIM — provider-specific selector, usually a CNAME
s1._domainkey.yoursite.com.  IN  CNAME  s1.domainkey.u1234.wl.sendgrid.net.

; DMARC — quarantine with a reporting mailbox
_dmarc.yoursite.com.   IN  TXT  "v=DMARC1; p=quarantine; rua=mailto:dmarc@yoursite.com; adkim=r; aspf=r"

Give DNS 10 minutes to propagate. Then re-run Joomla's test mail and inspect the received headers. Look for spf=pass, dkim=pass, dmarc=pass.

Joomla integration in beta

A native Joomla extension is in private beta — schedule placement tests from admin and alert on drops.

→ Join the beta waitlist

Seed-test each template

Joomla's test-mail button proves the transport works. It does not prove that your registration template, password reset template or contact notification template actually reach the inbox. Each of those has different content, different links, and scans differently at Gmail and Outlook.

  1. Generate 20+ seed addresses at check.live-direct-marketing.online spanning Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, Web.de and ProtonMail.
  2. Trigger a new registration from a seed address. Watch the confirmation email fan out to the panel. Check placement per provider.
  3. Trigger a password reset for an existing account using another seed. The content differs — a single link, no branding clutter — so scan scores differ.
  4. Submit a contact form as a seed address, then check how the notification lands at the store mailbox.

Aim for 95%+ inbox placement across consumer providers. Anything lower, iterate on DNS, content and provider choice.

Helpful Joomla extensions

Joomla core supports SMTP without any extra extensions. Still, a few are useful:

  • Email Logger or Email Log style extensions let you see every sent message and any SMTP error. Invaluable for debugging "the email did not send" vs "the email sent and was spammed".
  • Advanced Mailer extensions can add DKIM signing inside Joomla itself, useful if your provider does not do DKIM for you (most do).
  • JComments, Community Builder, VirtueMart and other extensions all route mail through Joomla's configured mailer. Fix the core mailer once and they all benefit.

FAQ

Do I need a paid SMTP provider for a small Joomla site?

Postmark's free tier covers 100 emails per month. Brevo's free tier covers 300 per day. For most small Joomla sites (registrations, password resets, contact forms) you will stay under the free tier and pay nothing.

I set SMTP correctly in Joomla but mail still spams. What now?

Check three things. First, headers on a received message — you need spf=pass, dkim=pass, dmarc=pass (or at least spf+dkim both pass). Second, the From domain in headers matches the domain with DKIM. Third, no extension is overriding the From address downstream.

Can I just use my hosting provider's SMTP server?

If your host runs authenticated SMTP for your domain with DKIM signing, yes. Most shared hosts do not. Assume you need an external provider unless you have explicitly verified DKIM signing on the host.

How is this different from the WordPress situation?

The problem is identical — PHP mail by default, no authentication — but WordPress has a mature ecosystem of SMTP plugins (WP Mail SMTP, FluentSMTP, Post SMTP) that make the fix a two-click install. Joomla requires a trip into Global Configuration. Same outcome, slightly more manual.
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required