You paid for premium forms — now match them with premium delivery. SecureSMTP routes every Gravity Forms wp_mail() call through DKIM-signed, IP-warmed infrastructure. Conditional logic, multi-page, partial entries, file uploads — all preserved.
Free tier: 100 routed emails / month · works with Gravity Forms 2.7+ on PHP 7.4+ · no Gravity SMTP add-on required.
Last 10 routed Gravity emails
Live[Quote] Office relocation — 18 desks
to admin@centrepoint.com
Multi-page application — Step 4 complete
to jenny@maplecreek.co
Partial entry resumed · Form 12
to sales@northwoodtools.com
Routed: Intake form → Brian (NJ)
to brian@harborlegal.com
Order confirmation · #G-4081
to maria@hotmail.com
Conditional notification: high-value lead
to audit@bramble-digital.com
The problem
Gravity Forms costs $59+/yr because it’s genuinely the most robust forms plugin in the ecosystem. But it still hands its emails off to whatever PHP mail() does on your server. Three failure modes account for ~95% of "Gravity said it sent but I never got it" reports.
Gravity Forms hands the notification to wp_mail(). wp_mail() hands it to PHP mail(). PHP mail() hits the open internet from a shared IP with no SPF record — and Gmail drops it on the floor. Gravity's own log shows 'sent' because Gravity did its job. The mail just didn't arrive.
A standard SMTP plugin intercepts every wp_mail() call indiscriminately. Gravity sends notifications at specific lifecycle points — submission, payment success, workflow approval, partial-entry save — and some plugins double-send, drop the routing header, or reorder recipients. SecureSMTP hooks at pre_wp_mail so all of Gravity's tag-merging and header logic runs first.
When Gravity attaches a 4 MB scanned contract or a signature PNG, your host's outbound SMTP often rejects the message size or trips DLP filters. Mail vanishes; user fills the form a second time; you look unprofessional. SecureSMTP supports attachments up to 30 MB per message — Gravity's file-upload field works unchanged.
One plugin. One toggle. Every Gravity Forms notification — and every other email your site sends — now goes through SPF-authenticated, DKIM-signed, DMARC-aligned infrastructure.
Free WordPress plugin v1.21.0, < 200 KB. Upload the zip from /downloads/securessmtp.zip?v=1.21.0 or search "SecureSMTP" in the WP plugin directory. No conflict with Gravity Forms itself — SecureSMTP sits at the pre_wp_mail filter, upstream of every Gravity notification.
In the SecureSMTP dashboard, copy your site API key. Paste it into Settings → QCS Forms in WP-admin. Toggle "Route wp_mail() through SecureSMTP" to ON. Gravity Forms doesn't need a single setting changed.
From this moment, Gravity's full notification stack — admin notifications, user auto-replies, conditional routing emails, payment receipts, workflow approvals, partial-entry resumption emails — all leave through SecureSMTP's authenticated infrastructure. Gravity's merge tags ({field:1}, {Entry ID}, etc.) are resolved by Gravity BEFORE we touch the message, so nothing breaks.
End-to-end Gravity Forms email path
Visitor
Submits Gravity form
Gravity Forms
Tag-merging + routing
wp_mail()
Native WP API
SecureSMTP plugin
Intercept + sign
Mail Router
Edge — securessmtp.com
SecureSMTP Platform
Quota + audit + log
Resend
IP-warmed, SPF + DKIM
Inbox
Delivered, on time
Fail-safe by design — Gravity won’t error out.
If the SecureSMTP platform is ever unavailable, WordPress falls back to its native mailer automatically. Gravity’s notification log still says "sent" because the message DID leave the server — and your customer still receives it via the host’s standard mail path. No email is silently dropped.
We hook at the pre_wp_mail filter, which means Gravity has already done its tag-merging, conditional-logic evaluation, and notification routing before SecureSMTP sees the message. The seven features below are the ones that most often "break" with generic SMTP plugins.
Gravity's calculation field computes the value before the notification is generated. Output values (totals, fees, scores) appear in the notification body exactly as Gravity formatted them.
Per-notification conditional logic fires exactly as Gravity defines it. If your "high-value lead" notification only sends when amount > $5k, only that notification fires — SecureSMTP sees one wp_mail() call and routes it.
Multi-page progression is a UX thing; emails only fire on final submission (or on partial-entry save). SecureSMTP routes the final-submission notifications normally — no special handling needed.
The resumption email Gravity sends ("click here to resume your application") routes through SecureSMTP automatically. The resume URL is preserved in the body. We tested with both the encrypted-token and standard-link variants.
Gravity's routing field (send to Brian if state=NJ, Sarah if state=CA, etc.) is honored. We respect the To header Gravity assembles, including comma-separated lists and BCC.
Attachments up to 30 MB per message, including the Gravity Signature add-on PNG. We forward the attachment intact to Resend — recipients see the same file you'd see if PHP mail() had worked.
Gravity's HTML notification format (full inline-styled email) is preserved exactly. Merge-tag rendering, conditional content blocks, and the "Disable Auto-formatting" toggle all behave as configured in Gravity.
If Gravity calls wp_mail(), SecureSMTP routes it. We’ve tested with all 22 Gravity add-ons that send email (User Registration, GravityFlow, GravityCharts, etc.). If you find a Gravity feature that doesn’t play nicely, email hello@securessmtp.com and we’ll fix it within a week.
Delivering an email is harder than it looks. Each layer below catches a different failure mode — together they're why SecureSMTP-routed Gravity mail lands in the inbox, not the spam folder.
Every email passes the SPF check at the recipient. Your sender domain is listed as authorized in our SPF record, so Gmail, Outlook, Yahoo and Apple Mail see the same answer: this server is allowed to send for SecureSMTP.
Each message is cryptographically signed with a 2048-bit DKIM key before it leaves our infrastructure. Recipients verify the signature against our published DNS record — proving the email wasn't tampered with in transit.
Our SPF and DKIM are aligned to the sending domain, so DMARC policy at the recipient is honored. Bring your own domain via DKIM and you can publish a strict DMARC policy — Gravity Forms emails still pass.
If SecureSMTP is ever unavailable, WordPress's native mailer takes over automatically. Gravity's notification log still says 'sent' because the message DID leave — and your customer still receives it via the host's normal path.
Each customer's site has its own quota window. If something on your site goes haywire (a bot brute-forcing a Gravity quote form), we throttle before reputation damage spreads to other customers on the platform.
All five layers ship on every plan — including the free one. Reliability isn’t a paywalled feature.
WP Mail SMTP is the popular generic option. Gravity ships its own paid SMTP add-on. SecureSMTP is the hosted-relay option that requires zero credential management. All three work — but they trade off differently.
| Feature | Gravity + SecureSMTP | Gravity + WP Mail SMTP | Gravity + Gravity SMTP add-on |
|---|---|---|---|
| Setup time | 30 sec | 15–60 min | 15–60 min |
| Requires you own/manage SMTP credentials | — | ||
| Requires DNS / domain verification | Optional (DKIM) | ||
| Email log dashboard | Pro only ($49+/yr) | ||
| DKIM signing built-in | DIY per mailer | DIY per mailer | |
| AI bot/abuse scan on form submissions | — | — | |
| Cross-site dashboard (multiple WP sites) | — | — | |
| Fail-safe fallback to native | — | — | |
| Free tier | 100/mo, all features | Limited | — |
| Cost (paid) | $7+/mo | $49+/yr | $59+/yr add-on |
Comparison reflects each vendor’s default behaviour as of 2026-06. Pricing and feature availability change frequently — verify on the vendor’s page before committing. WP Mail SMTP and the Gravity SMTP add-on are independent products of their respective vendors.
The Gravity SMTP add-on is a legitimate, well-built product. It bolts an SMTP credentials panel onto Gravity Forms’ settings. If you already have SendGrid, Mailgun, SES or Office 365 credentials and don’t mind managing them, it works fine.
SecureSMTP is structured differently. We’re a hosted relay — you don’t bring your own SMTP credentials, you don’t verify your own domain (unless you want to via DKIM), and you get a dashboard that aggregates email + forms + QR scans across every WordPress site you own.
Real differences
Cross-site dashboard
Manage email + spam quarantine across all your WP sites from a single SecureSMTP account. The Gravity add-on lives per-site in WP-admin.
AI abuse scan
Each Gravity submission can be auto-classified by Claude before email goes out — catches subtle spam keyword filters miss.
Hosted relay (zero credentials)
No SendGrid/Mailgun account, no API keys to rotate, no domain to verify. Just paste the SecureSMTP API key.
Other plugins included
SecureSMTP catches WooCommerce receipts, password resets, comment notifications too. The Gravity add-on only handles Gravity’s own emails.
Email-relay quotas below come straight from our plan-limits source-of-truth file — they apply to Gravity, WooCommerce, password resets, every wp_mail() call. No per-email markup, no separate add-on fee.
Free
$0 /mo
For solo users and side projects.
Email relay
100
routed emails / month
Starter
$7 /mo
For small businesses & creators.
Email relay
2k
routed emails / month
Pro
$19 /mo
For growing teams that care about brand.
Email relay
20k
routed emails / month
Business
$49 /mo
For high-volume teams & multi-brand campaigns.
Email relay
100k
routed emails / month
Every paid plan has a 14-day free trial — no credit card required.
Scenarios that reflect the most common pain points described to us during onboarding.
We use Gravity for our intake forms with conditional routing to seven attorneys. Before SecureSMTP, three out of seven never received their assignments. The first week after switching, every single submission landed.
Gravity's payment-confirmation emails were going to spam on Outlook 365. Our finance team kept missing $4k+ invoices. Switched to SecureSMTP, configured DKIM with our domain, problem went away.
I had WP Mail SMTP and the Gravity SMTP add-on installed. They conflicted on multi-recipient routing. SecureSMTP replaced both — Gravity emails finally route to all four department inboxes.
These are composite scenarios reflecting common customer pain points described during onboarding, not direct verbatim quotes. Real, attributed testimonials will replace these as customers opt into public attribution after launch.
The eight questions we hear most from Gravity Forms users before flipping Email Delivery on.
SecureSMTP email-delivery pages for other form plugins and the WordPress core.
SecureSMTP SMTP overview
The main email-delivery page
3-min setup guide
Step-by-step install walkthrough
Contact Form 7 SMTP
CF7 + SecureSMTP email delivery
Forminator SMTP
Forminator + SecureSMTP email delivery
WPForms SMTP
WPForms + SecureSMTP email delivery
Elementor Forms SMTP
Elementor Pro Forms + SecureSMTP
Fluent Forms SMTP
Fluent Forms + SecureSMTP email delivery
WooCommerce SMTP
Order receipts + Woo email
WordPress SMTP
WP core + every plugin
AI SMTP / spam-aware mail
Claude-classified outbound mail
SecureSMTP vs WP Mail SMTP
Apples-to-apples comparison
Install SecureSMTP, flip Email Delivery on, get back to growing your business. 30 seconds, no credit card, no Gravity-side configuration.
Free tier · 100 routed emails / month · all 5 reliability layers · works on Gravity Forms 2.7+ on PHP 7.4+.