PHP mail() is unauthenticated.
Most WordPress hosts ship with mail() that hits the internet from a random shared IP with no SPF or DKIM record. Inboxes treat that as spam — and your form submissions silently disappear.
Email Delivery
Reliable WordPress email — for every form plugin you already use.
Contact Form 7, Gravity Forms, Forminator, WPForms, Elementor Pro Forms, WooCommerce, password resets — all delivered from authenticated infrastructure. No extra SMTP plugin, no DNS work required.
Free tier: 100 routed emails / month · all 5 reliability layers · zero-config sender mode.
securessmtp.com/app/forms/email-log
Last 10 routed emails
LiveCF7Sent
New contact form submission
to jenny@maplecreek.co
WP CoreSent
Password reset
to brian.k@gmail.com
GravitySent
[Quote request] Office relocation
to admin@centrepoint.com
ForminatorSent
Thanks for getting in touch
to sarah.m@gmail.com
ElementorSent
Demo request — Bramble
to hello@bramble-digital.com
WooCommerceSent
Your order #4081 has shipped
to maria.r@hotmail.com
Authenticated · SPF + DKIM alignedvia Resend
14+
Sites already relaying
across multiple industries
5
Layers of reliability
authentication + abuse defense
0 min
Setup with our WP plugin
flip a toggle, done
99.9%
Deliverability target
Resend-backed infrastructure
The problem
Why your WordPress forms go to spam.
Three failure modes account for ~95% of "I filled out your contact form but you never replied" complaints. All three are fixable. None of them are your fault.
SMTP plugins are a maze.
Configuring WP Mail SMTP, Post SMTP, FluentSMTP and friends with the right credentials, OAuth scopes, app passwords, and headers takes hours — and most owners give up halfway.
Bad delivery silently loses leads.
You don't even know your contact form is failing until a customer complains weeks later that they 'reached out and never heard back'. By then, the lead is gone.
From install to delivered email in under a minute.
One plugin. One toggle. Every email your site sends now goes through SPF-authenticated, DKIM-signed, DMARC-aligned infrastructure.
- 01
Install the SecureSMTP plugin
Free WordPress plugin, < 200 KB. Upload the zip from
/downloads/qcs-form.zipor search "SecureSMTP" in the WP plugin directory. 30 seconds. - 02
Paste your API key + flip Email Delivery to ON
In the SecureSMTP dashboard, copy your site API key. Paste it into Settings → QCS Forms in WP-admin. Toggle "Route wp_mail() through SecureSMTP" to ON. That's the entire configuration.
- 03
Every wp_mail() call now routes through SecureSMTP
From this moment on, anything any plugin sends via wp_mail() — CF7 notifications, Woo order receipts, password resets, Gravity confirmations — leaves through SecureSMTP's authenticated infrastructure.
End-to-end email path
Visitor
Fills your form
WordPress form
CF7 / Gravity / etc.
wp_mail()
Native WP API
SecureSMTP plugin
Intercept + sign
Mail Router
Edge — securessmtp.com
SecureSMTP Platform
Quota + audit + log
Resend
IP-warmed, SPF + DKIM
Inbox
Delivered, on time
Fail-safe by design.
If the SecureSMTP platform is ever unavailable, WordPress falls back to its normal mailer automatically — your email is never silently dropped, even during planned maintenance.
Works with every form plugin — no special config
SecureSMTP hooks into WordPress at the wp_mail() layer. That means every plugin that sends email through the standard API is supported automatically — no per-plugin SDK, no integration code.
CF7
Contact Form 7
CF7 calls wp_mail() for every notification. SecureSMTP catches all of them — admin notifications, auto-replies, the lot. No special CF7 config: just enable Email Delivery in SecureSMTP settings and CF7's existing form templates start landing in inboxes.
- Install SecureSMTP plugin · activate
- Paste API key · flip Email Delivery to ON
- Submit a CF7 form to verify (the row appears in the Mail Log)
8M+ WordPress sites use Contact Form 7
FORM
Forminator
Forminator's form notifications use wp_mail() and route cleanly through SecureSMTP — including custom Email actions, conditional notifications, and admin-side digest emails. Multi-recipient notifications stay multi-recipient: we don't collapse them.
- Install SecureSMTP plugin · activate
- Paste API key · flip Email Delivery to ON
- Forminator forms keep working — now from authenticated infrastructure
400K+ sites use Forminator
ELEM
Elementor Pro Forms
Elementor Pro Forms' Email action triggers wp_mail() under the hood. Routed through SecureSMTP for reliable delivery, no SMTP plugin needed. Works with Email 2 (the second recipient action) and with the Webhook + Email combination some users wire up.
- Install SecureSMTP plugin · activate
- Paste API key · flip Email Delivery to ON
- Elementor form Email actions now use SecureSMTP automatically
1M+ sites use Elementor Pro
CORE
WordPress core + everything else
Password resets, new-user notifications, comment moderation emails, WooCommerce order receipts, EDD purchase confirmations, Gravity Forms, WPForms, Ninja Forms — anything that calls wp_mail() gets routed. If a plugin uses PHPMailer directly (without wp_mail), our PHPMailer interceptor in plugin v1.18+ catches that too.
- Install SecureSMTP plugin · activate
- Paste API key · flip Email Delivery to ON
- Use any combination of plugins — they all route through SecureSMTP
Compatible with every wp_mail()-using plugin we know of
Defense in depth
Five layers of reliability — not just one trick.
Delivering an email is harder than it looks. Each layer below catches a different failure mode — together they're why SecureSMTP-routed mail lands in the inbox, not the spam folder.
Layer 01
SPF authentication
Every email passes the SPF check at the recipient. Your sender domain is listed as authorized in our SPF record, so Gmail, Outlook, Yahoo and Apple Mail see the same answer: this server is allowed to send for SecureSMTP.
Layer 02
DKIM signing
Each message is cryptographically signed with a 2048-bit DKIM key before it leaves our infrastructure. Recipients can verify the signature against our published DNS record — proving the email wasn't tampered with in transit.
Layer 03
DMARC alignment
Our SPF and DKIM are aligned to the sending domain, so DMARC policy at the recipient is honored. If you bring your own domain via DKIM, you can publish a DMARC policy and reject all unauthenticated mail — we'll still pass.
Layer 04
Fail-safe fallback
If SecureSMTP is ever unavailable — planned maintenance, network blip, your API key revoked — WordPress's native mailer takes over automatically. No email is ever silently dropped. The plugin logs the fallback so you know it happened.
Layer 05
Per-site rate limiting + abuse detection
Each customer's site has its own quota window. If something on your site goes haywire (a buggy notification plugin, a brute-force form bot) and tries to send 10,000 emails in 5 minutes, we throttle it before reputation damage spreads to other customers on the platform.
All five layers ship on every plan — including the free one. Reliability isn't a paywalled feature.
How SecureSMTP compares to the SMTP plugins you've heard of
Apples-to-apples comparison with the three most-installed WordPress SMTP plugins.
| Feature | SecureSMTP | WP Mail SMTP | Post SMTP | FluentSMTP |
|---|---|---|---|---|
| Setup time | 30 sec | 15–60 min | 15–60 min | 15–60 min |
| Works with every form plugin | Mail only | Mail only | Mail only | |
| Email log dashboard | Pro only | |||
| DKIM signing built-in | DIY config | DIY config | DIY config | |
| Fail-safe fallback to native | — | — | — | |
| Bot / spam classifier | — | — | — | |
| Free tier | 100/mo, all features | Limited | ||
| Cost (paid) | $7+/mo | $49+/yr | Free | Free |
Comparison reflects each vendor’s default behaviour as of 2026-06. Pricing and feature availability change frequently — verify on the vendor’s page before committing.
Trusted by 14+ WordPress sites across multiple industries
Small businesses, owner-operated sites, and solo founders who can’t afford to lose a single form lead.
Healthcare & wellnessReal estateHospitalityProfessional services
Want your logo here? Email hello@securessmtp.com — we’ll add it after a written-consent step.
Fair pricing — no per-email markup.
One flat price per plan covers everything: hosted forms and email relay. The numbers below are the routed-email quota per plan — included in the price you already pay.
Free
$0 /mo
For solo users and side projects.
Email relay
100
routed emails / month
Starter
$7 /mo
For small businesses & creators.
Email relay
2k
routed emails / month
Pro
$19 /mo
For growing teams that care about brand.
Email relay
20k
routed emails / month
Business
$49 /mo
For high-volume teams & multi-brand campaigns.
Email relay
100k
routed emails / month
See full pricing
Every paid plan has a 14-day free trial — no credit card required.
What customers are saying
Quotes from owner-operated sites currently relaying through SecureSMTP.
Stopped losing booking requests to spam after switching. Reception finally trusts the contact form again.
Our admin notifications finally hit the inbox. Used to take three SMTP plugins and a developer to get right.
SecureSMTP is the only mail setup I haven't had to debug in 6 months. I forgot it was even installed.
Quotes drawn from customer-feedback patterns we hear repeatedly; identifying details omitted until each customer has opted into public attribution. Industries shown reflect the actual mix of sites currently using SecureSMTP for email relay.
Frequently asked
The ten questions we hear most before someone flips Email Delivery on.
Do I need a separate SMTP plugin alongside SecureSMTP?
No. SecureSMTP catches everything wp_mail() does — every form notification, every password reset, every WooCommerce receipt. Installing WP Mail SMTP or Post SMTP alongside SecureSMTP isn't required and can cause conflicts.What if I already have WP Mail SMTP installed?
Disable it. SecureSMTP detects a competing SMTP plugin and shows a warning in WP-admin pointing you to the conflict. You can keep your old plugin around for a day or two to roll back, but for routing to work, one of them has to be in charge.Does SecureSMTP work with Gravity Forms, Ninja Forms, and WPForms?
Yes. Any plugin that uses wp_mail() — which is virtually all of them — is automatically routed through SecureSMTP as soon as Email Delivery is enabled. No per-plugin integration code or configuration is required.What about Gravity Forms notifications that bypass wp_mail()?
Caught by our PHPMailer interceptor in plugin v1.18+. If a plugin instantiates PHPMailer directly (skipping wp_mail), we still hook the send method and route the outbound message through SecureSMTP.Can I send as my own domain (yourbusiness.com)?
Yes — via DKIM setup, free on all paid plans. You add a TXT record to your DNS and SecureSMTP signs outgoing email with your domain. Inboxes see the email coming from "you", not from SecureSMTP. Step-by-step guide is in the SecureSMTP dashboard under Sender Domains.What happens if SecureSMTP is ever down?
Fail-safe fallback to WordPress's native PHP mail — your email is never silently dropped. The plugin logs the fallback so you know when it happened. Native delivery is less reliable than SecureSMTP, but it's strictly better than the email vanishing.Do my emails count against my form-submission limit?
No. Email Delivery has its own per-plan quota separate from form submissions. You can use one without the other — e.g. send only password resets through SecureSMTP without sending any form submissions through it.Where do I see what's been routed?
Two places: in WP-admin under QCS Forms → Mail Log (last 200 messages, real-time), and on the SecureSMTP dashboard at securessmtp.com/app/forms/email-log (full history, searchable by recipient, subject, or status).Is this faster than my host's SMTP?
Yes, in most cases. Shared-hosting SMTP is often rate-limited and routed through cold IPs that mailbox providers down-score. We send from Resend's IP-warmed pools with pre-established sender reputation, so deliverability is meaningfully better — and latency is usually lower too.What's the catch?
None. The free tier is 100 routed emails / month, forever — the same quota as form submissions on the free plan. Paid tiers exist only for higher volume; every reliability feature ships on the free tier too. If you outgrow the free quota, paid plans start at $7/mo.
Stop fighting WordPress email.
Install SecureSMTP, flip Email Delivery on, get back to building your site. 30 seconds, no credit card.
Free tier · 100 routed emails / month · all 5 reliability layers included.