wordfence emails land in spam

  • Resolved freshuk

    (@freshuk)


    3 years, 1 month ago

    hello
    i have smtp plugin installed so all my wordpress and admin emails go through the smtp except of wordfence emails that ALWAYS hit spam.
    they are not going from the smtp at all, but from PHPMailer 6.5.0 (https://github.com/PHPMailer/PHPMailer). i can see it in the email headers.
    those are the only emails from our domain that go to spam because they are not recognized as domain emails but spoofing the domain name.
    DKIM: FAIL
    DMRAC: FAIL
    SPF: SOFTFAIL
    this is not normal behavior, the test emails i sent to myself from the diagnostics tab, went fine from the smtp server.
    dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=xxxxx

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @freshuk, thanks for reaching out to us!

    Ultimately, Wordfence uses WordPress’ default mail send functions, so there should be no difference between our alerts and any other emails you may be sending out from your site. Which specific SMTP for WordPress plugin are you using? A link to the plugin page on www.ads-software.com would be ideal in case there are any known issues between Wordfence and that plugin. It’s interesting though that diagnostics would send correctly as they’d be sent using the same functions.

    The unlock emails originate from your website and not our servers so sometimes a restart of postfix or sendmail (whichever is installed) can fix it. Your hosting provider may need to help with this, and is worth a try in the mean time but I’ll certainly be happy to assist further once I know those extra details.

    Thanks,

    Peter.

    Thread Starter freshuk

    (@freshuk)

    Hello
    We tried a full server restart, and server cache flushing and what not…
    We use https://www.ads-software.com/plugins/wp-mail-smtp/
    Its a very common smtp plugin.
    Thank you

    Plugin Support wfpeter

    (@wfpeter)

    Hi @freshuk,

    I’ve spoken with our development team around this and it looks like an issue between when Wordfence sends its emails and when the WP Mail SMTP sets its hooks in WordPress. This is why test emails work correctly but “real” attempts don’t seem to behave in the same way. I will give you some good reason and background behind this.

    We send the lockout emails very early, in the plugins_loaded hook. This happens to be the same hook where the WP Mail SMTP plugin adds its hook to change the wp_mail_from address, which could occur after we’ve tried to send the message already.

    If this is the case, it can’t be rectified from our end because we need to block visitors that could cause a security issue without allowing more code from WordPress and other plugins to run.

    It may be possible to reach out to the developers of the WP Mail SMTP plugin and see whether in tandem with running a security plugin such as ours, they are able to set their hooks any earlier to ensure Wordfence alert emails are channelled through their plugin.

    Thanks again,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘wordfence emails land in spam’ is closed to new replies.