A reader signs up for your Ghost newsletter. They never get the welcome email, so they never confirm. A returning member tries to log in with the magic-link email — but the link never arrives. Your subscriber list grows on paper, but engagement quietly tanks because half the people on it never actually completed signup.
Ghost transactional email delivery problems are subtle. Here’s why they happen and how to fix them in five minutes.
Why Ghost transactional email fails
Ghost has two distinct email layers:
- Transactional — magic-link logins, member signup confirmations, account welcome messages, password resets, abandoned cart reminders.
- Newsletter — bulk posts sent to your subscriber list when you publish.
Ghost Pro routes both through Mailgun by default. Self-hosted Ghost uses whatever SMTP you set in config.production.json. Three things commonly break the transactional layer:
1. Default sender domain isn’t verified
Ghost defaults to sending from noreply@yoursite.com but doesn’t automatically configure SPF or DKIM for that domain. Gmail and Outlook see an unauthenticated sender and route the magic-link to spam — or drop it entirely.
2. Mailgun’s free tier is throttled
Ghost Pro’s default Mailgun plan has strict rate limits and shared IPs. During traffic spikes (e.g. you publish a popular post and 200 people sign up in an hour), magic-link emails get queued and arrive minutes (sometimes hours) late — by which time the magic link has already expired (default: 24 hours, but practical attention span is much shorter).
3. Self-hosted Ghost has no SMTP configured
If you’re self-hosting Ghost on a VPS and didn’t configuremail.options in your config, Ghost falls back to sendmail— which on most VPS setups isn’t even installed, let alone configured to send authenticated mail. Result: transactional email sends are silently dropped.
Magic-link expiration is unforgiving
Diagnose your Ghost delivery problem
Six-minute checklist:
1. Trigger a magic-link login from a clean browser
Open an incognito window. Go to your Ghost site’s sign-in page. Enter a Gmail address you control. Wait 5 minutes. Check inbox + spam.
2. Check Ghost’s email delivery logs
Ghost Admin → Settings → Email newsletter → scroll to delivery history (Pro) or check content/logs/ghost.log (self-hosted). Look for failed sends, timeouts, or rate-limit errors.
3. Run mail-tester.com
Trigger a test transactional send to a mail-tester.com address. The report shows SPF/DKIM/DMARC status. Below 7/10 = delivery problem.
4. Check Mailgun dashboard (Ghost Pro)
If you’re on Ghost Pro, the underlying Mailgun account shows whether sends were accepted, queued, delivered, or rejected. Spike in rejections = rate-limit or reputation issue.
5. Inspect outbound DNS (self-hosted)
Run nslookup -type=TXT yourdomain.com from anywhere. Verify SPF record exists. Run nslookup -type=CNAME default._domainkey.yourdomain.comfor DKIM. Missing records = guaranteed delivery problems.
Two ways to fix Ghost email delivery
Option 1: Configure your existing Mailgun account properly (Ghost Pro)
Verify your custom domain in Mailgun, add the 4 DNS records they require, upgrade to a paid Mailgun plan for sender reputation isolation, and configure Ghost to use your verified domain.
Pros: Works if you’re willing to babysit Mailgun.
Cons: Mailgun paid plans start at $35/month. Domain verification takes 24–48 hours. DNS gymnastics. Two services to manage (Ghost + Mailgun).
Option 2: Use SecureSMTP as your SMTP provider (recommended)
Skip Mailgun entirely. Point Ghost at SecureSMTP for both transactional and (optionally) newsletter sending.
Setup (Ghost Pro or self-hosted):
- Sign up at securessmtp.com/signup.
- Dashboard → Domains → Add → enter your Ghost site domain. Add the 2 DNS records.
- Dashboard → Settings → SMTP credentials. Copy host, port, username, password.
- Self-hosted Ghost: edit
config.production.json:"mail": { "transport": "SMTP", "options": { "service": "SecureSMTP", "host": "smtp.securessmtp.com", "port": 587, "secure": false, "auth": { "user": "your-smtp-username", "pass": "your-smtp-password" } } }Then restart Ghost:ghost restart. - Ghost Pro: Settings → Email newsletter → Advanced → Custom SMTP → paste credentials → Save.
- Test by triggering a magic-link login. Should arrive within 5 seconds.
Why this works
Ghost default vs SecureSMTP
| Feature | Ghost default (Mailgun shared) | SecureSMTP |
|---|---|---|
| Magic-link delivery time | 30s–5min | < 5 seconds |
| SPF / DKIM / DMARC | Manual setup required | Automatic on verification |
| Sender reputation | Shared | Dedicated by domain |
| Rate-limit transparency | Limited | Real-time dashboard |
| Setup time | 1–2 hours | 5 minutes |
| Cost (small site) | Free tier limited | Free up to 100/mo |
| Cost (1K members) | $35+/mo Mailgun | $7/mo SecureSMTP Starter |
Frequently asked questions
Does this work for Ghost Pro (managed) AND self-hosted Ghost?+
Yes, both. Ghost Pro uses Mailgun by default for transactional mail. Self-hosted Ghost uses whatever SMTP you configure in config.production.json. SecureSMTP works as a drop-in SMTP provider in either case — for Ghost Pro, you can override the default Mailgun config; for self-hosted, you point your config at smtp.securessmtp.com. The setup is the same 6 lines of config either way.
Will this affect my newsletter (bulk) sending?+
Ghost separates transactional (login, signup, member emails) from newsletter (bulk to subscribers). This guide covers the transactional layer. For newsletter bulk sending, Ghost Pro uses Mailgun by default and self-hosted Ghost can use any SMTP service. SecureSMTP is built for transactional/form mail — for high-volume newsletter sending (10K+ recipients), a dedicated newsletter tool like Mailgun Bulk or Postmark Broadcasts is usually a better fit.
What about magic-link login emails?+
Those are exactly the kind of transactional mail SecureSMTP handles best — single-recipient, time-sensitive, must-arrive-immediately messages. Once SecureSMTP is configured as your Ghost SMTP provider, magic links deliver in under 5 seconds with full SPF + DKIM + DMARC alignment. No more "member submitted email but never got the link" complaints.
What about Mailgun? Ghost Pro uses Mailgun by default.+
Mailgun works well at scale but requires its own domain verification, DKIM setup, and a $35+/month plan for sender reputation isolation. SecureSMTP's free tier covers most Ghost site transactional needs (100 emails/month), and our paid tiers stay simpler — single dashboard, one signup, no separate billing for transactional vs marketing. If you're a big publication doing 100K+ newsletter sends, stay on Mailgun for the newsletter and use SecureSMTP for transactional. If you're a smaller site or hobby publication, just use SecureSMTP for everything.
Do I need to verify my domain?+
For the cleanest sender reputation, yes — verify your domain in the SecureSMTP dashboard (1 TXT + 1 CNAME, automatic after DNS propagates). For a quick test or low-volume site, you can use our zero-config sender (noreply@send.securessmtp.com) without any DNS changes, but emails will come from a SecureSMTP-controlled address.
Will this break my existing newsletter subscribers?+
No. Subscriber lists, post drafts, members, and theme settings all live in Ghost's database — independent of which SMTP service sends the email. Switching SMTP only changes how a message is delivered, not who receives it or what it contains.
Ready to fix it?