Why PHP mail() fails (and why email lands in spam) #

Many PHP applications send mail using PHP mail() by default. The issue is that mail() can send using
server-level identities that don’t match your “friendly” From address, and recipients may treat that mismatch as spoofing.
Because of this, many hosting providers restrict or disable PHPMail-style sending by default.

The modern, reliable approach is: authenticate and send using SMTP, so your message is sent as a real mailbox user instead of a generic server sender.

Common causes checklist (quick diagnosis) #

Before changing anything, quickly check these:

• Your app uses PHP mail(): If yes, deliverability and sending blocks are common.
• From address mismatch: Your app sets From as you@yourdomain.com but sends as server user/hostname.
• No SMTP authentication: Your script isn’t logging into an SMTP account.
• Wrong SMTP host/port/encryption: Port mismatch (587 vs 465), TLS/STARTTLS disabled, etc.
• Bad credentials: Mailbox password changed but app still uses the old one.
• Remote SMTP blocked: Some servers restrict PHP scripts to SMTP over localhost unless the restriction is disabled.
• Spam filter triggers: Content/links/formatting look spammy, so outbound filtering blocks the message.

Best fix: send via authenticated SMTP (recommended) #

If your PHP script not sending email problem needs a solution that actually works long-term,
switch your application to SMTP sending. Authenticated SMTP improves deliverability, provides clearer troubleshooting,
and avoids most “spoofing” red flags.

What you must do (no shortcuts) #

1. Create a real mailbox that your app will send from (example: noreply@yourdomain.com).
2. Confirm the password works by logging into Webmail once.
3. Configure the app/plugin to send via SMTP using that mailbox credentials.
4. Set the “From” address to the same mailbox you authenticate with (avoid spoofing flags).

SMTP values you need (host, port, username, encryption) #

Use these settings as your baseline:

• SMTP Username: Full email address (example: noreply@yourdomain.com)
• SMTP Password: The mailbox password
• SMTP Host: Usually your domain (if it points to the server and has SSL), otherwise use the server hostname
• SMTP Port (recommended): 587
• Encryption: STARTTLS on 587 (or SSL/TLS on 465 if your app/client supports it)
• SMTP Authentication: ON

WordPress/contact forms: the correct way (SMTP plugin) #

WordPress and many contact form plugins often fall back to PHP mail().
If your contact form emails aren’t arriving (or land in spam), configure SMTP in a mail plugin and use a real mailbox as the sender.

Best practice for WordPress #

• Use SMTP plugin settings (host/port/encryption/username/password).
• Set “From Email” to the same mailbox you authenticate with.
• Do not spoof “From” as a random address that doesn’t exist on your domain.

PHP apps: use PHPMailer (recommended approach) #

For custom PHP scripts/apps, the most common reliable approach is using a library like PHPMailer to send via SMTP.
This gives you authenticated SMTP, TLS, and better error output during testing.

Security tip: keep any test mailer scripts outside public access, or protect them properly while testing.

Trying to use Gmail/Microsoft SMTP? Check SMTP Restrictions #

If your PHP script tries to send via a remote SMTP provider (like Gmail/Microsoft/SendGrid) and it fails to connect or only connects to localhost,
the server may have SMTP Restrictions enabled. On cPanel/WHM servers, this is a server-level security setting and typically requires admin access to change.

If you must use PHP mail(): what to do #

If you have a legacy app that can’t be changed immediately and you absolutely must use PHP mail():

• Use a real, existing “From” address on your domain (don’t spoof).
• Publish SPF/DKIM/DMARC for your domain (deliverability will still be weaker than SMTP).
• Keep volume low and monitor abuse (compromised scripts + mail() is how servers get blacklisted).
• Plan to migrate to SMTP as soon as possible.

Symptoms → likely cause → fix (fast table) #

FAQs #

Why does PHP mail() cause spam problems? #

Because the sending identity can differ from the “friendly” From address, which looks like spoofing to many mail systems.
SMTP fixes this by authenticating as a real mailbox.

Which port should my PHP app use for SMTP? #

Use 587 with STARTTLS in most cases. If your app prefers implicit TLS, use 465 with SSL/TLS.

My PHP script uses Gmail SMTP but fails. Why? #

Some hosting servers restrict remote SMTP connections from scripts for security reasons. If you need remote SMTP, contact Hosticko Support with the exact error.