SS
SecureSMTPMail · forms · delivery
Get started
WordPress SMTP

The modern WordPress SMTP that protects your sender reputation.

Hosted relay (no Gmail OAuth, no SendGrid key, no SMTP credentials). Outbound AI abuse detection (your domain stays clean even if your site gets hacked). One dashboard across every site you manage. DKIM for your custom domain in two clicks.

Start free3-min setup guideWhy not WP Mail SMTP?

Free tier: 100 routed emails / month · all 5 reliability layers · AI abuse scan included on every plan.

securessmtp.com/app/forms/sites

Cross-site mail relay

All routing

5 sites · last 24 hours

maplecreek.co

CF7 → DKIM ok

128Ok

bramble-digital.com

WPForms → DKIM ok

342Ok

harbour.studio

Forminator → DKIM ok

57Ok

centrepoint.com

Gravity → DKIM ok

12Anomaly

flora.studio

Elementor → DKIM ok

88Ok
Outbound AI scan · 0 refusedvia Resend
13+
WP plugins supported
CF7 · WPForms · Forminator · Gravity · etc.
0
SMTP credentials required
hosted relay, not BYO-SMTP
1
Dashboard for all sites
cross-site mail log
99.9%
Deliverability target
Resend infrastructure

Why WP email is broken

WordPress’s wp_mail() is broken by design.

The default WordPress mailer dates from 2003 and hasn’t materially changed. Modern inboxes have moved on — they expect DKIM, SPF, DMARC, abuse hygiene. WordPress doesn’t provide any of it.

Shared host = shared reputation.

Your WordPress site is one of 4,000 tenants on a shared IP. When the tenant next door spams, the IP gets blacklisted — and so do your password resets, WooCommerce receipts, and contact form leads.

No DKIM, no SPF, no DMARC alignment.

Default wp_mail() ships unsigned messages from an unauthenticated sender. Gmail, Outlook, and Yahoo treat that as spam-by-default in 2026. Your transactional mail gets quarantined before the recipient even sees it.

Outbound abuse vector if you get hacked.

If a contact form plugin gets popped, attackers send spam through your authenticated SMTP. Your domain gets blacklisted. Every future legit email — for years — lands in spam. There's no undo button.

Existing SMTP plugins solve only half the problem.

WP Mail SMTP, Post SMTP, FluentSMTP — all solve the 'credentials' half by letting you wire Gmail/SendGrid/SES into wp_mail(). None of them have outbound abuse detection. None of them give you cross-site visibility. All of them still require you to manage SMTP credentials yourself.

What makes us different

Four things you won’t find in any other SMTP plugin.

SecureSMTP isn’t a single-purpose mail relay — it’s a platform with cross-site visibility, outbound AI abuse defence, and a hosted relay that means you never manage SMTP credentials yourself.

Diff 01

Hosted relay, not "another SMTP plugin"

Most SMTP plugins still make you wire Gmail OAuth, SES IAM, SendGrid keys, or Mailgun creds into WordPress yourself. SecureSMTP is the relay — you don't manage credentials. The plugin authenticates with your SecureSMTP site key (which you can rotate from the dashboard); the relay handles the rest.

Diff 02

AI-layered outbound abuse protection

We scan every outbound message with a 3-layer pipeline (volume anomaly cron, content heuristic, and Anthropic Claude Haiku 4.5 sampling). If your site gets popped and starts spamming, we refuse the bad mail before it ever leaves — protecting your domain reputation. No other SMTP plugin does this.

Diff 03

Cross-site dashboard for agencies

Manage 50 client sites in one place. See last-24-hour mail volume, anomaly status, and DKIM health per site without logging into each WordPress dashboard. Per-site quotas, per-site API keys, per-site mail log — all visible from the agency-wide /app/forms/sites view.

Diff 04

Custom domain DKIM, one-click verify

Bring your own domain — add one TXT record and the dashboard verifies it. Your outgoing mail is signed with your domain's key, not ours. No Mailgun account juggling, no SES verification flow, no DMARC alignment fiddling. Agency sites can each have their own custom sending domain.

Works with every WordPress plugin that calls wp_mail()

We hook the canonical pre_wp_mail filter — which means every plugin that follows the WordPress mail API is supported automatically. Here are the ones our customers ask about most.

Contact Form 7WPFormsForminatorGravity FormsNinja FormsElementor Pro FormsFluent FormsFormidable FormsWooCommerceEasy Digital DownloadsWordPress core (password resets)WP Job ManagerBuddyPress+ every other plugin that uses wp_mail()

PHPMailer interceptor included — if a plugin instantiates PHPMailer directly (skipping wp_mail()), our v1.18+ plugin still catches the outbound message. Nothing slips past.

Defense in depth

Five layers of WordPress mail reliability — all included on every plan.

Deliverability is a stack of small things done right, not one big trick. Every layer catches a different failure mode that breaks WordPress email.

Layer 01

Resend IP-warmed delivery

Your WordPress site sends from Resend's pre-warmed IPs with established sender reputation across Gmail, Outlook, Yahoo and Apple Mail. The shared-hosting reputation problem disappears — your wp_mail() now leaves from infrastructure that mailbox providers trust.

Layer 02

DKIM signing + SPF alignment

Every wp_mail() call is cryptographically signed with a 2048-bit DKIM key before leaving. SPF is aligned to the sending domain. DMARC at the recipient end honors both, so transactional mail passes authentication checks every time.

Layer 03

Outbound AI abuse detection

Three-layer scan: volume anomaly cron compares each site's last hour to its 30-day baseline; content heuristic scores spam keywords/URLs/TLDs; Anthropic Claude Haiku 4.5 reads subject + body on sampled mail. If your site gets hacked and starts spamming, we refuse the bad mail before sending — protecting your domain reputation.

Layer 04

Per-site rate limiting

Each WordPress site you connect has its own quota window. If something on one of your sites goes haywire (buggy notification plugin, brute-force form bot), we throttle that site's outbound mail before reputation damage spreads to the rest of your portfolio.

Layer 05

Fail-safe fallback to native wp_mail()

If the SecureSMTP platform is ever unavailable, WordPress's native mailer takes over automatically. wp_mail() never silently drops a message. The plugin logs the fallback so you know it happened, and you can retry the affected sends from the dashboard once SecureSMTP is back.

All five layers ship on every plan — including the free one. Reliability isn’t a paywalled feature.

SecureSMTP vs the legacy WordPress SMTP plugins

To be clear: WP Mail SMTP, Post SMTP, FluentSMTP, and Easy WP SMTP are good plugins with real users. They solve the "connect Gmail / SES / Mailgun to WordPress" problem. SecureSMTP solves a different shape of problem — hosted relay, cross-site visibility, outbound AI. They’re different categories.

FeatureSecureSMTPWP Mail SMTPPost SMTPFluentSMTPEasy WP SMTP
Setup time30 sec15–60 min15–60 min15–60 min15–40 min
Needs SMTP credentials
Hosted relay (no Gmail/SES/SG)
DKIM signing built-inDIY configDIY configDIY configDIY config
Email log dashboardPro only
Cross-site dashboard
AI outbound abuse scan
Per-site rate limiting
Fail-safe fallback to native
Custom domain DKIM (one-click)
Works with every form pluginMail onlyMail onlyMail onlyMail only
Free tier — email volume100/mo, all featuresUnlimited (BYO SMTP)Unlimited (BYO SMTP)Unlimited (BYO SMTP)Unlimited (BYO SMTP)
Cost (paid)$7+/mo$49+/yrFreeFree$49+/yr

Honest caveat on free tiers.

Legacy SMTP plugins are technically free at any volume because you bring the SMTP credentials — they don’t bear the sending cost. SecureSMTP’s hosted relay does, which is why our free tier is bounded at 100/mo. If you have Gmail’s 500/day under-the-radar limit covered and just need a wire, the legacy plugins win on price. If you want a managed relay + reputation protection + AI + cross-site, SecureSMTP wins on value.

Comparison reflects each vendor’s default behaviour as of 2026-06. Pricing and feature availability change — verify on each vendor’s page before committing.

Fair pricing for hosted WordPress mail — no per-email markup.

One flat price per plan covers everything — form submissions and the email relay. Below are the routed-WordPress-email quotas per tier, included in the price you already pay.

Free

$0 /mo

For solo users and side projects.

WordPress emails / month

100

all plugins, all wp_mail() calls

Get started — free

Starter

$7 /mo

For small businesses & creators.

WordPress emails / month

2k

all plugins, all wp_mail() calls

Start 14-day free trial
Most popular

Pro

$19 /mo

For growing teams that care about brand.

WordPress emails / month

20k

all plugins, all wp_mail() calls

Start 14-day free trial

Business

$49 /mo

For high-volume teams & multi-brand campaigns.

WordPress emails / month

100k

all plugins, all wp_mail() calls

Start 14-day free trial
See full pricing

Every paid plan has a 14-day free trial — no credit card required.

WordPress SMTP — answers

Twelve questions we hear most before someone switches from a legacy WP SMTP plugin.

  • How is SecureSMTP different from WP Mail SMTP?
    Different category. WP Mail SMTP is a credentials adapter — you bring Gmail/SendGrid/SES API keys, it wires them into wp_mail(). SecureSMTP is the relay itself — you don't manage credentials. We also add outbound AI abuse detection, a cross-site dashboard, and per-site rate limiting that WP Mail SMTP doesn't have. They're complementary tools, not replacements; pick what matches your stack.
  • Do I need to disable my existing SMTP plugin?
    Yes. SecureSMTP detects competing SMTP plugins (WP Mail SMTP, Post SMTP, FluentSMTP, Easy WP SMTP) and shows a warning in WP-admin pointing you to the conflict. Only one plugin can be in charge of wp_mail() at a time, otherwise the second one silently doesn't run. Disable the old one before flipping SecureSMTP Email Delivery on.
  • Will every plugin's emails route through SecureSMTP automatically?
    Yes, as long as the plugin uses wp_mail() (which is the canonical WordPress mail API and what nearly every WP plugin uses). Once you enable Email Delivery in SecureSMTP, every wp_mail() call in WordPress is intercepted via the pre_wp_mail filter and routed through our relay. Plugin authors don't need to integrate anything.
  • What if a plugin bypasses wp_mail() and uses PHPMailer directly?
    Caught by our PHPMailer interceptor in plugin v1.18+. A small minority of plugins (some Gravity Forms add-ons, certain WooCommerce extensions) instantiate PHPMailer directly to skip wp_mail. Our interceptor hooks PHPMailer's send method so even those messages route through SecureSMTP. Tested against the most common offenders.
  • Can I send from my own domain (yourbusiness.com)?
    Yes — and we strongly recommend it. Add one TXT record to your DNS, and SecureSMTP signs outgoing mail with your domain's DKIM key. Inboxes see authenticated mail from you, not from SecureSMTP. Setup is one click from the dashboard: paste your domain, copy the TXT record value, drop it in your DNS, click 'Verify'. Custom domain is free on all paid plans.
  • What about WooCommerce order receipts?
    WooCommerce uses wp_mail() for every transactional email — order confirmations, shipping notifications, refund receipts, password resets for customers. All of them route through SecureSMTP automatically once Email Delivery is enabled. WooCommerce's HTML email templates are preserved verbatim — we don't re-render or strip styling.
  • Does SecureSMTP slow down my WordPress site?
    No measurable impact. The plugin's hook does a non-blocking HTTPS POST to our relay (typically 150–300ms server-side, async to the page load). Form submissions return immediately; the email is queued and sent within seconds. We've benchmarked the overhead at less than 10ms on the WordPress request path itself.
  • What happens if SecureSMTP is ever unavailable?
    Fail-safe fallback. The plugin detects the unreachable relay and falls back to native wp_mail() automatically — your email is never silently dropped. The fallback is logged in WP-admin → QCS Forms → Mail Log so you know it happened, and you can re-send through SecureSMTP once the relay is back.
  • I manage 50 client sites — can I see them all in one place?
    Yes. The dashboard at securessmtp.com/app/forms/sites shows every site you've connected: last-24-hour mail volume, anomaly status, per-site quota usage, DKIM health. Each site has its own API key (rotatable from the dashboard), its own quota, and its own mail log. Agency-friendly by design.
  • How is this different from SendGrid or Mailgun?
    SendGrid and Mailgun are raw email infrastructure — you bring your own code (or another SMTP plugin) to integrate WordPress with their APIs. SecureSMTP is the integration: install one WP plugin, get the relay + dashboard + AI + cross-site visibility, no glue code. Under the hood we use Resend as our sending infrastructure — comparable to SendGrid/Mailgun but with better deliverability scores on modern inboxes.
  • Is my email content stored?
    Email metadata (subject, to/from/cc, timestamp, status) is stored for 30 days on free plans and 90 days on paid plans, viewable in the mail log. Email body is hashed for de-dupe but not stored in plaintext after the send completes. AI scanner reads the body in-memory at scan time and discards it; we never persist body content for later access.
  • What's the catch?
    None on the free tier. 100 routed emails/month with every reliability feature (AI abuse scan included) at $0. Paid plans start at $7/mo for 2,000 emails. The model: we make money on volume, you get a free relay until you outgrow it. If you need more than 100 messages a month you'll have to upgrade — but you'll know it's worth it because you'll have already seen the deliverability difference.

Related SMTP pages

This is the umbrella WP SMTP page. For per-plugin specifics, jump to a sibling.

SecureSMTP SMTP — umbrella overview

Every form plugin, every wp_mail() call, one relay.

Read more

Contact Form 7 SMTP

Fix CF7's legendary "stopped sending emails".

Read more

Forminator SMTP

Same fix for WPMU DEV's Forminator forms.

Read more

AI-powered SMTP

How we use Claude Haiku to read outbound mail.

Read more
WordPress SMTP

Stop fighting WordPress email.

Install SecureSMTP, paste your API key, flip Email Delivery on. The hosted relay handles credentials, DKIM, abuse detection, and cross-site visibility — so you can go back to building your site.

Start freeDownload plugin v1.21.0

Free tier · 100 routed emails / month · all 5 reliability layers + AI abuse scan included.