Live Direct Marketing logo
Inbox Placement Test
WooCommerce8 min read

WooCommerce order emails: diagnose and fix the spam problem

Order confirmations, processing notices and invoices from WooCommerce stores land in spam surprisingly often. PHP mail, unauthenticated From domains and shared host IPs are usually the cause. Here is how to test the full flow and fix it.

You just opened a support ticket from a customer asking "did my order go through?" Orders are placed correctly in WooCommerce, the payment is captured, stock is reduced — but the customer never received the confirmation email. Again. You check the store email log and see a row marked "sent". It was sent. It just did not arrive in the inbox.

WooCommerce order emails are one of the most common spam-folder offenders on the open web. Not because WooCommerce is broken — because the default PHP mail path that WordPress uses is effectively unauthenticated mail from a shared host IP. In 2026 that is a near-guaranteed spam placement at Gmail, Outlook and Yahoo.

The quick answer

Replace PHP mail with authenticated SMTP (or an API provider), align the From domain with SPF + DKIM + DMARC, and seed-test the full order flow end to end. Checkout to processing to completed to invoice — each template gets verified in a real inbox before you trust it.

WooCommerce email anatomy

WooCommerce ships with roughly a dozen transactional templates. Most stores use five of them heavily:

  • New order — admin notification when a customer places an order. Goes to the store email, so it often "works" even when customer emails fail.
  • Processing order — customer notification that the order has been received and payment is being processed.
  • Completed order — customer notification that the order has shipped or the digital download is ready.
  • Customer invoice — manual invoice with a pay link, triggered by admins when payment is pending.
  • Refunded order — refund confirmation.

All of these funnel through the same wp_mail() function. That is important. Fix wp_mail() once and every template benefits. Leave it broken and every template fails.

Why WooCommerce emails spam so often

There are three overlapping problems, and the severity compounds when they combine.

1. PHP mail() from a shared host

By default, WordPress calls PHP's mail() function, which hands the message to the host's local MTA (usually Postfix or Exim). That MTA sends from the server's own IP — an IP shared with hundreds of other sites on the same cPanel or plesk node. One bad neighbour trips a blocklist and everyone's orders spam.

2. From-address misalignment

WordPress defaults to wordpress@yourhost.com as the sending address. Store owners change it to shop@store-domain.com in WooCommerce settings but never add SPF or DKIM records for that domain on the sending host. The result: an SPF softfail, a DKIM "none", and a DMARC policy that either publishes p=none (useless) or does not exist.

3. No bounce / complaint handling

PHP mail discards bounces silently. If a customer mistypes their email at checkout, you never see the bounce. Over time your sending reputation accumulates invisible failures.

Symptoms to look for
  • Customers email you asking "did my order go through" minutes after paying.
  • Test orders you place from your own Gmail land in Spam or Promotions — but you assumed that was normal.
  • Headers show Received-SPF: softfail or dkim=none.
  • Support tickets mentioning the word "junk" in the last 30 days.

The SMTP plugin + DNS fix

There are two parts. Neither is optional. Do both or do not bother.

Part 1: Route wp_mail through authenticated SMTP

  1. Install an SMTP plugin. WP Mail SMTP, FluentSMTP and Post SMTP are the three mainstream options. FluentSMTP is free and fine. WP Mail SMTP has the most polished UI. Pick one.
  2. Pick a sending provider — Amazon SES, Postmark, SendGrid, Mailgun, or Brevo. For transactional order mail, Postmark and SES are the cleanest options. Postmark for simplicity, SES if you already have AWS.
  3. In the SMTP plugin, configure API key or SMTP credentials from your provider. Set the From Name to your store name and the From Email to something like orders@store.com. Enable Force From Email so that plugins that try to override it (looking at you, payment gateways) cannot break alignment.
  4. Send the plugin's built-in test email to a Gmail or Outlook address you own. Confirm it arrives in the inbox and that the headers show spf=pass and dkim=pass aligned with store.com.

Part 2: DNS authentication records

Your sending provider will give you records to add. The shape of a correct setup for store.com looks like:

; SPF — whichever provider you chose
store.com.           IN  TXT  "v=spf1 include:amazonses.com ~all"

; DKIM — example selector from SES; your provider will give you 3 CNAMEs
abc123._domainkey.store.com.  IN  CNAME  abc123.dkim.amazonses.com.

; DMARC — start with quarantine and a reporting inbox
_dmarc.store.com.    IN  TXT  "v=DMARC1; p=quarantine; rua=mailto:dmarc@store.com; pct=100; adkim=r; aspf=r"

Publish, wait 10 minutes for propagation, then re-send the test. The goal is spf=pass, dkim=pass and dmarc=pass all three. Anything less and you are not done.

WordPress integration in beta

A native WordPress plugin with WooCommerce hooks is in private beta — schedule placement tests from wp-admin and alert on drops to processing or completed order emails before customers complain.

→ Join the beta waitlist

Seed-test the full order flow

Running a single test email through your SMTP plugin only proves the transport works. It does not prove your order confirmation template lands in the inbox, because WooCommerce templates have extra content — product tables, prices, links — that change the spam score.

The discipline is simple: place a real test order in staging (or a free product in production) and watch each template arrive at a panel of seed inboxes.

  1. Create a test product priced at 0.00 or use a 100%-off coupon to keep the flow free.
  2. Open your placement tester. At check.live-direct-marketing.online, generate 20+ seed addresses covering Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX and ProtonMail. Copy the list.
  3. Place an order using the first seed address. You will see the processing order email fan out to that seed. Check the dashboard: Inbox, Spam, Promotions placement per provider.
  4. In WooCommerce admin, mark the order completed. That triggers the completed order template. Use the next seed address and re-test.
  5. Finally, issue a manual invoice from admin. That exercises the customer invoice template with its pay-link, which scans differently than the confirmation.

You should aim for 95%+ inbox placement across the main consumer providers. Anything below 80% needs another look at authentication, content and warm-up.

Keeping it fixed

Deliverability is not "set it and forget it". Three things slip over time:

  • DNS drift. A developer rotates a DKIM key on the sending provider and forgets to update DNS. Suddenly DKIM fails and DMARC bounces your mail.
  • Template edits. A marketer adds a promotional banner to the order template. The banner image is hosted on a new subdomain without a clean reputation. Spam score rises.
  • Provider blocklists. Your sending provider gets a bulk sender listed. Your transactional mail is caught in the crossfire.

Schedule a weekly placement test against each major order template. If any drop below 90%, open a ticket. The cost of spam-folder confirmations is measured in refund requests.

FAQ

Does WooCommerce have a built-in SMTP setting?

No. WooCommerce uses WordPress's wp_mail() function, which on a default install calls PHP mail(). You need an external SMTP plugin or a custom mu-plugin to change that.

Do I need a paid sending provider for a small store?

Amazon SES costs roughly ten cents per thousand emails. Postmark's free tier covers 100 emails per month. For most small stores, transactional sending is under a dollar per month. The cost of lost orders from spam-folder confirmations is far higher.

Can I use my Gmail account as the SMTP server?

Technically yes, via an app password or OAuth. For a test site or very small store it works. For any store doing more than a few orders per day, Gmail's sending limits and lack of bulk reputation will catch up. Use a dedicated transactional provider.

The plugin test arrives in Gmail inbox, but real orders still spam. Why?

Two likely causes. First, the plugin test sends a minimal email — real order emails carry product tables, prices and links that raise spam score. Second, something downstream is overriding the From address (a payment gateway or a subscription plugin). Enable Force From Email and re-run a real order through the seed panel.
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required