Setup guide · 3 min · works with any form plugin

Set up SecureSMTP SMTP in 3 minutes

Install the plugin, paste your API key, flip a switch — done. Every email your WordPress site sends (Contact Form 7, Gravity Forms, Forminator, WPForms, Elementor Pro, password resets, WooCommerce receipts) now ships through our DKIM-signed relay.

Start at step 1 About SecureSMTP SMTP

Free plan: 100 emails/month — no card required

Before you start

WordPress admin access

You can install plugins and edit options.

A free SecureSMTP account

(Optional) DNS access

Only needed if you want mail to come FROM your own domain.

Install the SecureSMTP plugin

Download the latest plugin zip (v1.21.0) and upload it to WordPress like any other plugin.

Option A — Direct download

Download qcs-form.zip

~150 KB · WordPress 5.8+ · PHP 7.4+

Option B — WordPress.org

Search “SecureSMTP” in Plugins → Add New inside your WP admin. Submission to the directory is in progress.

One-click install, no zip-juggling.

Then in WordPress:

Plugins → Add New → Upload Plugin
Pick the downloaded zip and click Install Now
Activate.

Connect with your API key

SecureSMTP authenticates each WordPress site with a per-site API key. Generate one in your dashboard, then paste it into the plugin.

In SecureSMTP dashboard

Go to Forms → API keys
Click New site, name it, paste the site URL
Copy the key shown — you only see it once

In WordPress

Go to QCS Forms → Settings
Paste the API key
Save. The connection badge turns green.

Settings → QCS Forms (preview)

API key

qcs_live_••••••••••••••••••••••••3f8aConnected

Last seen 4 seconds ago · securessmtp.com

Turn on SMTP routing

Open the dedicated SMTP page added by the plugin — you'll find it in the SecureSMTP menu in the WP sidebar.

QCS Forms → SMTP (preview)

Route wp_mail() through SecureSMTP

When ON, every wp_mail() call in your site is intercepted and sent through our DKIM-signed relay.

Sender mode

Relay

Zero config

Mail comes from our domain. Works in 30 seconds, no DNS setup.

Domain

DKIM signed

Mail comes from YOUR domain with full DKIM/SPF. Add 3 DNS records.

Auto

Smart

Uses your domain if verified, otherwise relays. Recommended.

💡

Start with Relay. It works instantly with zero DNS work and gets you delivery into Gmail / Outlook within seconds. You can upgrade to Domain mode later without breaking anything — Auto switches over the moment your DNS records verify.

(Optional) Verify your own domain for DKIM-signed mail

optional

Skip this entirely if you're happy with Relay mode — your mail already ships fine. Add a domain when you want emails to come FROM your own address (e.g. hello@yourshop.com) with proper DKIM authentication.

1
In the SecureSMTP dashboard, go to Forms → Email Delivery → Add sending domain
2
Enter the domain you want emails to come from
3
We show you 3 DNS records to add at your registrar / Cloudflare:
Type Host Value (example) Purpose
TXT qcs._domainkey v=DKIM1; k=rsa; p=MIIB… DKIM signing
TXT @ v=spf1 include:_spf.qcs… ~all SPF authorization
CNAME mail.qcs feedback-smtp.qcs… Return-path / bounces
Actual values shown in your dashboard with one-click copy.
4
Add the records, click Verify. Propagation usually takes 5–30 minutes (sometimes longer for fresh nameservers).
5
Back in the WP plugin, switch sender mode to Domain (or leave on Auto and it switches itself).

Type	Host	Value (example)	Purpose
TXT	qcs._domainkey	v=DKIM1; k=rsa; p=MIIB…	DKIM signing
TXT	@	v=spf1 include:_spf.qcs… ~all	SPF authorization
CNAME	mail.qcs	feedback-smtp.qcs…	Return-path / bounces

Gotcha: if your domain already has an SPF record (v=spf1 …), edit the existing one to add our include — don't add a second SPF record. Email providers only honour the first.

Send a test + read the log

Inside the plugin's SMTP page, click Send test email — we fire a tiny message to your admin address through the full pipeline.

✓ Expected

WP screen: green "Test sent ✓"
Inbox: mail arrives within 10s
SecureSMTP dashboard → Forms → Email Delivery: row appears with sent

⚠ If it doesn't arrive

Check your spam folder first (one-off, then whitelist)
In Email Delivery log: did the row show failed? The error column tells you why.
See troubleshooting below.

💡

Now any plugin that calls wp_mail() — Contact Form 7 notifications, Gravity Forms confirmations, WooCommerce order receipts, password resets — flows through SecureSMTP automatically. You don't need to configure each plugin separately.

Works with everything that calls `wp_mail()`

No per-plugin configuration. Once SMTP routing is on, we intercept wp_mail() at the WordPress level — so any plugin that uses it is automatically routed through us.

Contact Form 7Gravity FormsForminatorWPFormsElementor Pro FormsWooCommerceEasy Digital DownloadsMemberPressLearnDashBuddyPress / BuddyBossPassword resets (wp-login)Comment notificationsAny plugin using wp_mail()

Troubleshooting

The six things that account for ~95% of setup hiccups.

The plugin says “Not connected” after pasting the API key.

Three usual causes: (1) you copied the masked display string (starts with qcs_live_••) instead of the full key — go back to API keys and click Regenerate; (2) your server is blocking outbound HTTPS to securessmtp.com — ask your host; (3) you registered a different site URL than the one you're installing on.

Test mail goes to spam.

On Relay mode that's rare but possible — Gmail/Outlook are conservative for first-touch senders. Mark it as "Not spam" once; it sticks. For zero spam-folder risk, switch to Domain mode (Step 4) so your real domain's reputation carries the mail.

My Contact Form 7 / Gravity emails aren't showing in the log.

Verify SMTP routing is ON (Step 3 toggle) and submit a fresh form. The first send after enabling can take 30s to populate the log. If still missing, check the form plugin's own mail mode — some (e.g. Gravity Forms) can be configured to use a separate SMTP plugin that bypasses wp_mail(); switch it back to default WordPress mail.

Domain verification keeps failing.

DNS propagation can take up to a few hours for some registrars (looking at you, GoDaddy). Try dnschecker.org to confirm your TXT records are live globally before clicking Verify again. The most common cause of failure is adding a SECOND SPF record instead of editing the existing one.

I'm on a managed host (WP Engine, Kinsta) — does this work?

Yes. Managed hosts that block standard SMTP ports (25, 465, 587) don't affect us — SecureSMTP uses outbound HTTPS, which they all allow. We're a drop-in for their built-in transactional mail, often more reliable for forms.

Quota — what counts and what doesn't?

Every successfully relayed message counts as 1. Refused (over quota, spam-flagged) and fallback-to-native mails don't count. Domain mode sends to your verified domain are also counted against your monthly quota — same plan limits apply whether you use Relay or Domain.

Ready to ship reliable WordPress mail?

100 emails/month free, no card. Upgrade only when you outgrow it.

Create your free account Download plugin v1.21.0

Need help? Email support@securessmtp.com — we'll get you set up.