Ensure Form Notification Emails don’t end up in Spam.

If you are relying on form notification emails to let you know someone filled out your contact form, make sure that notification arrives in your inbox and doesn’t get trapped in spam – or worse, never makes it to your inbox at all.

Because of spammers and scammers, email providers add blocks to keep all that spam out of your inbox. Without these blocks, email would be pretty worthless because we’d waste hours wading through emails from people in foreign lands offering us free gold.

What are form notification emails?

If you use a WordPress form plugin (Gravity Forms, Ninja Forms, Contact Form 7, etc.), you’ll probably need to know when someone submits forms so you can respond, or otherwise review the form submission. The most common way to notify site managers that a form was submitted, is to send an email upon submission. Most form plugins provide a way to set who receives these emails, what the emails contain, and the email’s ‘from’ address.

Your website isn’t automatically verified to send email on your behalf

When you send an email from your website (contact form, sales, customer service, etc.), that email does not originate from your domain’s email server. It is sent either from the web server where your site is hosted, or relayed through a third party email provider. You might host your email at Gmail, Office 365, or a local email provider. Your email host would be configured to send email from an email on your domain, but not your web server (or by extension, your website).

All email must have a single from email address. That email address is checked to be sure it originated from a verified server, and was not spoofed to trick the recipient to click on an email from an unsuspecting friend. For example, I can send an email through the website and when composing the email, I can set the from email address to anyone I want. If used your best friend’s email address as the from address, you’d probably open it, and might be more likely to open any attachments that I embedded with malware.

How to fix so you can send email from the web server

So here’s the conundrum: you need to be notified when a new order comes through your website or someone submits your contact form. The best way to do that is to have the website automatically send you an email. We just need to be sure your web server is verified to send email on your behalf (i.e. from an email on your domain).

SMTP Plugin

First you’ll need a plugin to reroute emails sent from the server through an external service which can be configured as a validated sender for your domain. I use the WP Mail SMTP plugin. This plugin currently has eight SMTP service options including MailGun, SendGrid and SendInBlue. I recently switched to SendInBlue because it has free plan if you send less than 300 emails through it per day, and allows adding additional users to the account. MailGun and SendGrid both require 2 factor logins, but don’t allow additional users on the account – which makes it impossible to set up for a client who has their own account. MailGun recently switched from a free account forever if low volume of emails, to only 1 month free. For any of the SMTP services, you’ll need to add some TXT records to your domain name. The WP Mail SMTP plugin provides detailed instructions for each service they support.

Validating Emails Sent Through Your Website is Important – even if they are getting through without it

Email SPAM filters change. Email programs learn from your behavior and might start sending emails to the SPAM folder that they were previously letting through, or they might get through to some people but not others at your organization. It’s important to make sure emails sent through the website are verified.

Set From Email Address to Email address on your domain

To that end, I want to add another important note. Once you have the correct domain records in place, you need to always set the FROM email address on your website email notifications to be an email on your domain. If you do all this work and set the from email address to the person’s email who submitted the form, you totally went around everything you just set up. SPF records validate that the email is sent from a computer that is approved for the domain. Which means the FROM email address has to be on your domain. If you want to be able to reply to your notification emails, most form plugins (definitely Gravity Forms) allow you to set the Reply to address as an email field in the form. Do that, but don’t set the FROM email address to anything other than an email address on the same domain as your website.

MailChimp Emails

Don’t forget, if you send emails from MailChimp, you need to validate that those emails can be from an email on your domain also. The process is similar, although you have to verify everything is set correctly through your MailChimp account settings. See this article for instructions: Set Up Custom Domain Authentication: DKIM and SPF

How to tell if the verification working?

Once you have the DNS records in place, send yourself a test email from the website. To do this, you can add yourself to the email notification on a form. When the email arrives in your inbox, you’ll need to view the original email source code. In Gmail, open the email, click the three vertical dots in the upper right corner to open the menu, and select “Show Original”. This will open code containing the email body in a new window. The top table has headings for SPF and DKIM with a pass or fail. If you don’t see SPF in the headings, search the email for SPF. The first result should tell you why the SPF check failed or passed. It might say something like:

domain of youremail@website.com designates [an IP address] as permitted sender

The above has been verified and passes SPF check.


[IP address] is neither permitted nor denied by best guess record for domain of your email @website.com

This message means the message does not pass SPF check and you need to either fix your SPF record or add one.

Verification is worth the work

Figuring out the correct domain records depending on how emails are sent from the website is a pain and different depending on where you host. However, making sure those emails get to the right people is very important. If you can’t ensure the emails get through, you shouldn’t be sending emails through the website [period]. Websites are marketing tools and in many cases, the number one way people will interact with your business. Be sure you aren’t missing any important contacts by authenticating your website to send emails on your behalf.