SS
SecureSMTPMail · forms · delivery
Get started
Contact Form 7 SMTP

Fix Contact Form 7 not sending emails — without another SMTP plugin.

CF7 calls wp_mail() for every notification. SecureSMTP intercepts that call and routes the message through DKIM-signed, IP-warmed infrastructure. No Gmail OAuth, no SendGrid API key, no SMTP credentials. Drop the plugin in, flip a switch.

Fix CF7 delivery — freeFull 3-min setupHow it works

Free tier: 100 routed CF7 notifications / month · all 5 reliability layers · no SMTP credentials required.

securessmtp.com/app/forms/email-log

Last 10 CF7 submissions

Routing
CF7

New contact form submission

Contact form 1jenny@maplecreek.co

Sent
CF7

[Quote] Office relocation — Bramble

Quote requestsales@bramble.co

Sent
CF7

Thanks for subscribing

Newsletter signuphi@centrepoint.com

Sent
CF7

Your demo with us is confirmed

Demo requestbrian.k@gmail.com

Sent
CF7

New contact form submission

Contact form 1sarah.m@gmail.com

Sent
CF7

[Booking] Wedding — September 14

Booking requestadmin@harbour.studio

Sent
Authenticated · SPF + DKIM alignedwp_mail() → Resend
5M+
CF7 installs supported
every CF7 version works
0 lines
CF7 config changes required
no template edits
30 sec
Install time
plugin + API key, done
99.9%
Deliverability target
Resend infrastructure

CF7 delivery problems

Why your Contact Form 7 emails aren’t arriving.

CF7 has shipped on 5M+ WordPress sites, but it’s also the form plugin with the loudest "stopped sending emails" support thread. Three failure modes account for almost every complaint.

Silent failures — CF7 says "Sent", inbox says "Nothing".

CF7's green "Thank you" confirmation only proves wp_mail() returned true — it doesn't prove the email actually left your server. On shared hosting it usually didn't. You only find out weeks later when a customer says "I emailed you and never heard back".

Going straight to spam — sender reputation is shot.

Most WordPress hosts send mail from a shared IP with no SPF or DKIM record. Gmail and Outlook treat it as suspicious by default. Your CF7 notifications land in spam — or get dropped entirely by the recipient's mail server.

Lost leads = lost revenue. No alerts, no log, no recovery.

CF7 itself doesn't log delivery status. By the time you realise your contact form is broken, you've missed weeks of leads. Even if you switch SMTP plugins, you can't recover the missed messages.

How CF7 and SecureSMTP work together.

One hook, pre_wp_mail, is all it takes. Your CF7 forms keep working exactly as they do today — they just land in inboxes now.

  1. 01

    CF7 fires wp_mail()

    When a visitor submits your CF7 form, CF7 builds its standard notification message and calls wp_mail() — exactly as it has done for ten years. No CF7 template change needed.

  2. 02

    SecureSMTP intercepts the call

    The SecureSMTP plugin hooks pre_wp_mail — the canonical WP filter for capturing every outbound message. CF7’s headers, attachments, BCCs and reply-to all stay intact. We re-package the same payload for our relay.

  3. 03

    Resend delivers with DKIM signature

    Your message is sent through Resend's IP-warmed pools with a 2048-bit DKIM signature, aligned SPF, and a DMARC-honored sender. Recipients see authenticated mail; their inbox treats it as legitimate.

End-to-end CF7 path

CF7 form

Visitor submits

wp_mail()

CF7 native API

pre_wp_mail hook

SecureSMTP intercepts

SecureSMTP Mail Router

Quota + audit

Resend

DKIM-signed

Recipient inbox

Delivered

Fail-safe by design.

If the SecureSMTP platform is ever unavailable, your CF7 forms fall back to wp_mail() native delivery automatically. CF7 never silently drops a submission — your contact form keeps working even during maintenance.

4-step setup

From plugin install to first delivered CF7 email — three minutes flat.

No SMTP credentials. No DNS work. No CF7 template edits. The summary below covers most installs; for stuck-points and edge cases see the full setup guide.

  1. 01

    Install SecureSMTP plugin

    Upload qcs-form.zip (v1.21.0) from our downloads page via WP-admin → Plugins → Add New → Upload. Activate.

  2. 02

    Create a free SecureSMTP account, copy your API key

    Sign up at securessmtp.com/signup. Go to Forms → Sites → New Site. Copy the API key.

  3. 03

    Paste API key into WP-admin → QCS Forms

    In WP-admin, open SecureSMTP settings. Paste the API key. Flip "Route wp_mail() through SecureSMTP" to ON.

  4. 04

    Submit a CF7 form to verify

    Submit any CF7 form on your site. Open SecureSMTP dashboard → Email log. The row appears in real time.

Read the full setup guideDownload plugin v1.21.0

Every CF7 feature you rely on — still works.

SecureSMTP hooks WordPress at the wp_mail() layer — not inside CF7 — so CF7’s entire feature surface keeps working. Here are the integrations our customers ask about most.

File uploads + attachments

CF7's file upload field works exactly as before — uploaded files are attached to the notification and forwarded by SecureSMTP without re-encoding. Max attachment size matches your PHP upload_max_filesize setting. No size cap on our end up to Resend's 40MB raw-message limit.

Flamingo (CF7 submission storage)

If you use Flamingo to archive CF7 submissions in your WP database, SecureSMTP doesn't change that. CF7 still writes the submission to Flamingo before calling wp_mail() — your archive stays intact. The notification email is what we re-route; the database row is untouched.

Additional headers (X-Whatever passthrough)

Any extra headers you've added to CF7's mail template (X-Mailer-Reference, X-Custom-Tag, In-Reply-To, etc.) are forwarded verbatim. We don't strip or rewrite headers — Resend sends exactly what your CF7 template produced.

CC, BCC, and reply-to logic

Multi-recipient notifications stay multi-recipient. CF7's "Additional headers" Cc: and Bcc: are preserved across the relay. Reply-To: works as expected — when the recipient hits Reply, it goes to the form submitter, not to SecureSMTP.

Conditional fields (CF7 conditional plugin)

CF7's conditional-fields add-on alters which fields are submitted before wp_mail() is even called — meaning the final email body only contains the fields the visitor saw. SecureSMTP receives the same final payload, so conditional logic just works.

Akismet integration (Layer 2 on top)

CF7's optional Akismet check runs before submission. SecureSMTP adds a second pass: a content heuristic + AI classifier on the outbound notification. If a spam-bot submission slips through Akismet, our outbound scan catches it before it lands in your inbox — and our classifier costs you nothing extra.

CF7 + SecureSMTP vs the alternatives

WP Mail SMTP is a fine plugin — we’re not here to trash it. But it solves a narrower problem (raw SMTP credentials in WP), and the platform-level features SecureSMTP adds (cross-site dashboard, outbound AI, hosted relay) live on a different axis.

FeatureCF7 + SecureSMTPCF7 + WP Mail SMTPCF7 alone (default wp_mail)
Setup time~3 min15–60 min0 min, but broken
Needs SMTP credentialsYes (Gmail/SES/...)
DKIM signing built-inDIY config
Email log dashboardPro only
Cross-site visibility (multi-site)
Outbound AI abuse detection
Per-site rate limiting
Fail-safe fallback to nativeN/A — native is the failure mode
CF7 file uploads supported
Flamingo + Akismet compatible
Free tier — paid featuresAll 5 layersLimitedFree, unreliable

Comparison based on default configuration of each option as of 2026-06. Verify on each vendor’s page before committing.

"Our CF7 contact form had been quietly dropping leads for months. Reception kept blaming the customer — 'must have got the email wrong' — until I noticed our own internal test submissions weren’t arriving either. Installed SecureSMTP, flipped the toggle, and every CF7 submission since lands in our inbox. The email log alone paid for the plan."

Composite scenario based on common customer pain points

We’re holding off on named testimonials until each customer has opted into public attribution. Real customer testimonials coming soon.

Fix CF7 for free — scale when you outgrow it.

Every plan includes all 5 reliability layers, the email log, cross-site dashboard, and AI abuse detection. The only thing that changes between tiers is your monthly routed-email quota.

See full pricing

Every paid plan has a 14-day free trial — no credit card.

CF7 SMTP — questions answered

The CF7-specific compatibility questions we hear before someone switches.

  • Does SecureSMTP work with Flamingo?
    Yes — fully. Flamingo writes CF7 submissions to your WordPress database before CF7's notification email is even built, so SecureSMTP doesn't interact with Flamingo at all. Your CF7 archive in WP-admin → Flamingo → Inbound Messages stays exactly as it was. We re-route the notification email, not the database row.
  • Does it work with CF7's conditional fields plugin?
    Yes. Conditional fields modify which CF7 form fields are submitted before wp_mail() fires — so the final notification email already reflects the visitor's conditional path. SecureSMTP receives the same final payload CF7 hands to wp_mail(), meaning conditional logic just works without any extra config.
  • Can I keep CF7's existing spam filter / Akismet?
    Yes — and you should. CF7's Akismet integration runs at submission time against the form payload, which catches a different class of spam than our outbound scan does. SecureSMTP adds a second pass (content heuristic + AI classifier) on what's about to be emailed. Defence in depth, not replacement.
  • Will my multi-language CF7 site (Polylang / WPML) still work?
    Yes. CF7's WPML/Polylang integration produces a localized notification template, which is what gets passed to wp_mail(). SecureSMTP doesn't care about language — we route whatever CF7 produces. UTF-8 subject lines and bodies are preserved verbatim, including non-Latin scripts.
  • What if I'm migrating from CF7 Submissions DB or to Gravity Forms?
    SecureSMTP routes any wp_mail() call, regardless of which form plugin sent it. You can install SecureSMTP today on a CF7-only site, then add Gravity Forms next week, and both plugins' notifications will route through the same relay with no extra config. Migrations don't break the email path.
  • Do I need to change my CF7 form templates?
    No. CF7's mail template (in WP-admin → Contact → Mail tab) is what builds the notification before wp_mail() is called. SecureSMTP receives the finished message. You can leave [your-name], [your-email] and every other CF7 mail-tag exactly as they are.
  • What if CF7 sends to multiple recipients?
    Preserved. CF7's 'Additional headers' Cc: and Bcc:, plus the second 'Mail (2)' notification you may have configured, are all routed through SecureSMTP as separate authenticated messages. Multi-recipient stays multi-recipient — we don't collapse or dedupe.
  • Does SecureSMTP break CF7's reply-to logic?
    No. CF7 sets Reply-To: [your-email] in its default mail template — that header is forwarded verbatim by SecureSMTP. When a recipient hits 'Reply' in their inbox, the reply goes to the form submitter, not to securessmtp.com or to your CF7 admin. Your existing CF7 reply-to behaviour is unchanged.

Related SMTP pages

CF7 isn’t the only form plugin that breaks delivery. Same fix, same plugin — different surface area.

SecureSMTP SMTP — umbrella overview

Every form plugin, every wp_mail() call, one relay.

Read more

Forminator SMTP

Same fix for WPMU DEV's Forminator forms.

Read more

WordPress SMTP (umbrella)

The modern alternative to WP Mail SMTP / Post SMTP.

Read more

AI-powered SMTP

How we use Claude Haiku to read outbound mail.

Read more
Contact Form 7

Stop losing CF7 leads to spam folders.

Install SecureSMTP, paste your API key, flip Email Delivery on. Three minutes — your CF7 contact form is back in the inbox.

Start freeDownload plugin v1.21.0

Free tier · 100 routed CF7 emails / month · all 5 reliability layers included.