[Fix] How To Stop WooCommerce Emails Going To Spam


7-layers of Security for Your WordPress Site

Your website needs the most comprehensive security to protect it from the constant attacks it faces everyday.

Are your store emails going to spam? Were you trying to send a customer WooCommerce security updates like password reset links? Are your order updates landing in your customers’ spam folders? These frustrating problems can occur for various reasons—from spammy-sounding content to a hacker misusing your email list. 

If your customers are getting spam emails, scan your site with MalCare to confirm if you’ve been hacked. 

When your emails are flagged as spam, you miss out on communication with customers, marketing results, or worse, risk damaging your brand’s reputation. Customers might start to question your professionalism or even suspect your store of being fraudulent. 

We’ve got your back though. In this article, we’ll walk you through all the steps you need to take. By the end of it, you will have all the information you need to stop your emails from being marked as spam. 

TL;DR: Email providers like Gmail have spam filters and you need to prevent your emails from triggering it. You will have to make sure your content is not spammy, your email address is authenticated, and that a hacker doesn’t have access to your email list. If they do, install MalCare first. You need to scan your site for malware, remove the malware and install a firewall to stop the spam hacker. 

Why are WooCommerce emails going to spam?

Before diving into the solution, it’s important to understand why you’re in this situation in the first place. What is it about your WooCommerce emails that send them directly to spam? Here are some common reasons and simple explanations:

  1. Your hosting server’s IP address might be blacklisted, especially if you’re on shared hosting. One a shared hosting, multiple users are using the same IP addresses. Any of those users sharing might have sent spam and gotten the IP addresses blacklisted. This now affects your emails too.
  2. If your email’s ‘From’ name or address aren’t easily recognizable, recipients may mark it as spam. Use a clear and simple name, so your customers know it’s from you.
  3. Certain words and phrases can trigger spam filters. Words like “free,” “win,” or “guarantee” might cause trouble. Also, having too many images and not enough text can lead to your emails being flagged. 
  4. Sending emails to invalid addresses can harm your reputation. It’s important to keep your mailing list clean by regularly updating it and removing invalid addresses. 
  5. If a hacker has taken control of your account, they might send spam. This can severely damage your reputation and lead to your emails being marked as spam. 
  6. If your customers rarely open or click on your emails, email providers may think your messages are not wanted. This can make future emails more likely to be sent to the spam folder. 
  7. You need a simple Unsubscribe button. If not, it can lead to more spam complaints. Make sure every email you send has a clear unsubscribe link.
  8. Some email providers like Yahoo, or Gmail have stricter spam checks. They might send your emails to spam if they can’t authenticate it. For this, they take into account a variety of factors like IP blacklisting and domain reputation. Your emails need to have email security records. These records are usually provided by your webhost. You can use a MXToolbox to check if the following records are in place:
  • SPF (Sender Policy Framework) is a list of approved servers that can send emails on your behalf. If your email is sent from a server not on this list, it could be treated as spam.
  • DKIM (Domain Keys Identified Mail) adds a digital signature to your emails, showing they haven’t been tampered with in transit and confirming they came from your domain. 
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance) tells email providers what to do if your emails don’t pass SPF or DKIM checks. It also provides reports on any suspicious email activity to help you take action. Your hosting provider usually sets these security measures. 

How to test if your WooCommerce emails are going to spam?

It’s possible that not all your emails are going to spam. Maybe some users have marked you as spam on their own. We recommend you test if you’re on a blacklist first. There are a lot of websites that can help you out with this. The most reliable one is MXToolbox. When we tested it, we found out that we were on an email blacklist for our IP address. 

They also had information on what to do to get out of a blacklist. This was a little technical to follow but very helpful. 

Another website is Site 24×7, They also found that we were on the same blacklist. This corroborated what we already knew and meant that they were also reliable. 

How to stop WooCommerce emails being sent to spam?

Now that you’ve learned if you’re on a blacklist or not, let’s talk about different ways to make sure your emails don’t go to spam anymore. A lot of these measures are designed to either gain your customer’s trust or avoid triggering a spam filter. 

1. Install a security plugin

If your customers are receiving spam content, you’ve likely been hacked and an unauthorized user is sending emails to them. This is why we recommend that you set up MalCare and scan your site for malware immediately. MalCare scans all your files and databases in minutes and is able to find even zero-day malware. And if and when you find some, it has a one-click malware removal option that can help you out. It will also automatically install a firewall to make sure the hacker doesn’t regain access. 

2. Avoid nulled plugins

Nulled plugins are unauthorized copies of premium WordPress plugins that often contain malicious code. They potentially compromise your website’s security, and might include email phishing scripts which can severely damage your sending reputation. Using legitimate plugins from reputable sources ensures adherence to coding standards and helps prevent emails from triggering spam filters or harming email delivery. 

3. Update WooCommerce

Regularly update your WooCommerce platform to ensure all the latest security patches and system improvements are in place. Outdated versions of software can have vulnerabilities to attacks which can compromise email sending processes. Keeping WooCommerce updated helps in maintaining a healthy system for managing communications, thus reducing the chance of emails going to spam.

4. Use a good web host

Web hosts are crucial in determining whether emails from WooCommerce sites reach the inbox or land in the spam folder. This is significant for eCommerce businesses that depend on email for order confirmations, marketing, and customer service.

A major factor here is how the web host manages email authentication and reputation. Advanced hosting services like Cloudways improve email deliverability by automatically setting up important authentication records like DMARC, SPF, and DKIM. These records are vital as they confirm that the emails sent from your domain are genuine and authorized by the domain owner, reducing the likelihood of emails being marked as spam. Some web hosts may charge extra for these services. Pick the ones that suit your requirements and budget. 

5. Setup SMTP

SMTP, or Simple Mail Transfer Protocol, is a system used for sending emails across the Internet. Think of it as the digital equivalent of the postal system for your email messages. The process begins when you send an email; it goes to an SMTP server. This server then figures out where the recipient’s email server is located and your email is forwarded to that server. Finally, when the recipient opens their email application, the message is retrieved from their server.

There are two ways to set up SMTP. You can either use popular plugins like WPMailSMTP or add code to the functions.php file. Here are the steps to do both. 

A. Using a plugin

  1. Navigate to your WordPress dashboard. 
  2. Go to Plugins in the sidebar. Then, click Add New
  3. Search for PostSMTP
  1. Click Install Now and then Activate
  2. Choose a mailer. Depending on whichever mailer you choose, instruction is provided on the dashboard itself. For this example, we are selecting Gmail. 
  1. Go to the Google Cloud Console.
  2. If you don’t already have a project, create one. 
  1. Navigate to the APIs & Services tab in the sidebar. Then, click Library, and enable the Gmail API.
  1. Navigate to the OAuth Consent Screen. Then, click on external
  1. Fill in the fields for the app name, support email and the email address in the Developer Contact Information section.
  2. Setup the scopes and test users as needed. 
  3. Click Back to Dashboard and click Publish App. Click Confirm when the popup box appears. 
  1. Click Credentials in the sidebar and click on Create Credentials.
  2. Select OAuth Client ID from the dropdown. 
  1. Then, select Web Application from the Application Type dropdown menu.
  1. Enter the appropriate URI from your plugin dashboard and paste it in the Authorized JavaScript origins field.

  1. Similarly, add the authorized redirect URI in the Authorized redirect URIs field of the console. This can be found on your plugin dashboard again. Click Create.
  1. Copy the Client ID and Client Secret generated by Google Console and paste them into the respective fields in the plugin settings on your WordPress dashboard.
  1. Save the settings and click the option to Allow plugin to send emails via your Google account.
  2. After configuration, send a test email to ensure that everything is set up correctly.

Note: There are other alternative plugins like PostmanSMTP and FluentSMTP. Although, the steps depend on which emailer you are using. So, if you’re using other email clients like Outlook, follow their respective documentation. You can find it on the plugins dashboard. 

B. Editing the functions.php file

If you prefer a manual approach or want to avoid using plugins, you can configure SMTP directly within your theme’s `functions.php` file.

  1. We recommend that you take a backup before you make any changes. 
  2. Then, navigate to Appearance on your admin panels sidebar. Click Theme File Editor. If you’re not seeing this option, chances are that file editing is disabled on your admin panel. You can enable it by editing the following code in your wp-config.php file to say “false” instead of true:
define('DISALLOW_FILE_EDIT', true);
  1. Once you navigate to Theme File Editor, navigate to the functions.php file in the sidebar. 
  2. Add the following SMTP configuration code at the end: 
function phpmailer_configuration()
    $phpmailer->Host = 'smtp.host.com'; // Put your SMTP server here
    $phpmailer->SMTPAuth = true; // Enable SMTP authentication
    $phpmailer->Port = 587; // Set the SMTP port for TLS
    $phpmailer->Username = 'your-email@email.com'; // SMTP username
    $phpmailer->Password = 'your-email-password'; // SMTP password
    $phpmailer->SMTPSecure = 'tls'; // Enable TLS encryption
add_action('phpmailer_init', 'phpmailer_configuration');

6. Implement good email practices

​All the measures mentioned below are designed to regain trust with your customers:

  • Make it easy for users to find and use the unsubscribe option to improve your brand’s trustworthiness.
  • Maintain an appropriate image-to-text ratio in your emails. Emails that contain too many images and not enough text can appear suspicious to spam filters. Aim for a balance where text complements images, ensuring your message is clear and engaging.
  • Regularly clear your email list of inactive or unengaged subscribers. This not only improves your engagement rates but also reduces the risk of sending emails to addresses that might have become spam traps or are no longer active. 
  • Avoid sending emails to bounced addresses. Continual sending to emails that have previously bounced can hurt your sender reputation. Implement routines to remove these addresses from your mailing list after detecting bounce notifications. 

Why are WooCommerce emails important?

Emails serve as a vital communication bridge between a WooCommerce site and its customers, supporting a range of essential activities from transactional notifications to marketing engagements. Here’s how emails play a crucial role across different facets of a WooCommerce operation: 

  • Order confirmations: Once a customer places an order, an immediate email confirmation is sent. This not only reassures the customer that their transaction has been successfully processed, but also provides them with a record of their purchase details. 
  • Shipping updates: Emails are crucial for keeping customers informed about their order status, including dispatch, shipment, and expected delivery times. These updates enhance customer service by keeping the buyer informed throughout the delivery process. 
  • Marketing campaigns: Email remains a powerful tool for directly reaching customers with promotions, seasonal campaigns, new product launches, or special events. These communications can drive sales, promote new products, and increase brand awareness. 
  • Customer support: Email is a primary channel for handling customer inquiries, complaints, and support services. Being an official and personalized communication medium makes it ideal for resolving issues and providing detailed assistance. 
  • Feedback requests: After a purchase or interaction, sending an email to request feedback is common. These emails are important for gathering valuable customer insights, which can help improve products and customer service. 
  • User engagement: Regular newsletters, updates, or informational content sent via email keep users engaged with the brand. Well-crafted emails can reinforce brand loyalty and encourage repeat business. 
  • Record keeping: Emails serve as an official record of communication and transactions. Customers and businesses often save emails for their records as they provide a verifiable trail of interactions and transactions that is useful for both tracking and legal purposes. 
  • Security notifications: For security-related updates, such as changes in password, account alerts, and unauthorized access attempts, emails provide an immediate notification method. This helps in maintaining the security integrity of user accounts, fostering trust between the customer and the business. 

Final thoughts

Email communication is crucial, especially for platforms like WooCommerce, where it directly affects customer satisfaction. Ensuring that emails reach their destination and reflect your brand’s professionalism is key. 

To prevent emails from going to spam, it’s essential to understand what good email content looks like. Avoid common spam triggers such as over-promotional language, misleading subject lines, or too many links and images. Crafting clear and professional emails can improve reader engagement and credibility. Regular monitoring for security is also vital. 

Using security plugins like MalCare ensures your WooCommerce site is protected against vulnerabilities that could harm your email’s reliability. Keeping your site and its plugins updated can prevent security risks that might get your domain blacklisted. 

Using a reliable SMTP plugin like WPMailSMTP (or similar ones like PostmanSMTP or FluentSMTP) is a good strategy. These plugins use an external SMTP server to send emails, greatly reducing the risk of your emails being marked as spam. They also offer settings that comply with current email standards, including DKIM, SPF, and DMARC, enhancing the trustworthiness of your emails.

Lastly, continuous vigilance over website and email security is crucial. Regularly scan your website for vulnerabilities and fix them swiftly. Keeping yourself and your team educated on best email practices and security trends can also help in maintaining a secure and efficient email system. 


How to prevent WooCommerce emails from going to spam? 

WooCommerce emails may occasionally be filtered to spam due to various reasons, including server configuration and email content. To prevent WooCommerce emails from going to spam, follow these guidelines: 

  • Use SMTP: Implement SMTP for sending emails, using one of the plugins like WPMailSMTP. SMTP authenticates your emails, proving they come from a trusted sender. 
  • Configure SPF, DKIM, and DMARC records: These records help in verifying that the emails sent from your domain are legitimate and thus reduce the chances of them being marked as spam. 
  • Use a professional email address: Emails sent from domains like ‘`no-replysomething@yourdomain.com’` are less likely to be marked as spam compared to generic email accounts (e.g., Gmail, Yahoo). 
  • Ensure quality content: Avoid spam triggers in your email content, such as overly promotional phrases or all caps.
  • Regularly update WooCommerce: Keep your WooCommerce installation and its extensions updated to ensure all security patches and performance improvements are in place.

Why are my emails going to spam all of a sudden?

If your emails were being delivered as normal one day, but not the next, we recommend that you install MalCare first. Scan your site for malware because you most likely have been hacked. We recommend that you fix the hack and try again. 

What are SMTP plugins?

SMTP plugins are tools that facilitate the sending of emails from your WordPress site using the Simple Mail Transfer Protocol (SMTP). These plugins help authenticate your emails, significantly reducing the likelihood of emails being caught in spam filters. Examples include WPMailSMTP, PostSMTP, and FluentSMTP. These plugins configure WordPress to use an external SMTP service like Gmail, SendGrid, or other mail servers for reliable email delivery.

Why do default WP emails go to spam?

By default, WordPress uses ‘wp_mail()’, which is a PHP mail function lacking proper authentication mechanisms. This makes it easy for spam filters to mark such emails as untrustworthy. Additionally, if your WordPress is hosted on a shared server, the server’s IP might be already blacklisted due to spam activities by other users, affecting your emails as well. They also may not be optimized for deliverability, lacking custom headers or proper formatting that can help with the email’s legitimacy. By using SMTP plugins and adhering to best practices in email handling, you can significantly enhance the reliability and credibility of emails sent from your WordPress site.


You may also like

Website logs
What are the Different Types of Website Logs?

Imagine driving a car without knowing your speed, engine temperature, or fuel levels. Sounds terrifying, right? Well, managing a website without understanding website logs is a bit like that. You…

What is Cross-Site Scripting (XSS) and How to Prevent It?

Websites can sometimes act strangely, showing unexpected pop-ups or exposing personal information. This isn’t just a glitch—it’s often due to a sneaky trick called Cross-Site Scripting (XSS). You might be…

How can we help you?

If you’re worried that your website has been hacked, MalCare can help you quickly fix the issue and secure your site to prevent future hacks.

My site is hacked – Help me clean it

Clean your site with MalCare’s AntiVirus solution within minutes. It will remove all malware from your complete site. Guaranteed.

Secure my WordPress Site from hackers

MalCare’s 7-Layer Security Offers Complete Protection for Your Website. 300,000+ Websites Trust MalCare for Total Defence from Attacks.