WooCommerce sender fix
WooCommerce From address and DMARC alignment.
Use this when WooCommerce sends with a Gmail, Yahoo, Outlook, customer, or off-domain From address and order emails land in spam or get rejected.
When to use this fix
- WooCommerce From address is not on the store domain.
- Customer emails are accepted by SMTP but land in spam.
- Bounces mention SPF, DKIM, DMARC, unauthenticated sender, or 5.7.26.
- Visitor/customer email is being used as the From address.
When not to use this fix yet
- The WooCommerce template is disabled.
- No SMTP/provider log exists for the order email.
- The order status never triggered the email.
- The recipient address is malformed or missing.
WooCommerce path
| Stage | Sender-alignment check |
|---|---|
| Order event | Confirm the right customer/admin email was triggered. |
| Email template | Check the template From name and From email fields. |
| Recipient | Confirm the customer address is in To or Reply-To, not visible From. |
| wp_mail | Inspect the headers WooCommerce passes to WordPress mail. |
| SMTP | Confirm the SMTP provider authenticates the same domain used in From. |
| Inbox | If accepted but missing, inspect SPF, DKIM, DMARC, and recipient filtering. |
Alignment evidence matrix
| Evidence | Likely cause | First correction |
|---|---|---|
From: store@gmail.com | Consumer mailbox sender | Use orders@store-domain.com. |
| From uses customer email | DMARC spoofing risk | Move customer email to Reply-To. |
| SPF passes but DMARC fails | From-domain alignment mismatch | Align From domain with DKIM/SPF authenticated domain. |
| DKIM signs provider domain only | DKIM not aligned with store From | Enable provider DKIM for the store domain. |
| Only Gmail/Outlook recipients miss mail | Strict recipient filtering | Check DMARC aggregate/bounce evidence and provider logs. |
DMARC p=reject on store domain | Strict policy before auth is ready | Fix SPF/DKIM alignment before enforcing reject. |
Sender correction table
| Bad From | Good From | Reply-To | Why |
|---|---|---|---|
mystore@gmail.com | orders@example.com | support@example.com | The visible sender uses the store domain that SPF/DKIM can authenticate. |
customer@example.net | orders@example.com | customer@example.net | Customer address stays replyable without spoofing the customer domain. |
wordpress@server123.host.tld | orders@example.com | support@example.com | Removes host-generated sender identity that fails brand/domain alignment. |
no-reply@provider.example | orders@example.com | support@example.com | Uses a verified store-domain sender instead of the provider's default domain. |
Before / after sender pattern
Before
WooCommerce From: mystore@gmail.com
Reply-To: customer@example.net
SPF/DKIM: provider unknown
DMARC: strict or not checkedAfter
WooCommerce From: orders@example.com
Reply-To: customer@example.net
SPF: includes sending provider
DKIM: enabled for example.com
DMARC: monitor, then tighten after pass rates are stableVerification checklist
- Set WooCommerce From email to a domain-based mailbox.
- Keep customer/visitor email in Reply-To, not From.
- Confirm the SMTP provider is authorized in SPF.
- Enable DKIM signing for the store domain.
- Keep DMARC at monitor mode until SPF/DKIM alignment passes consistently.
- Place a test order and check provider logs plus headers in the received message.
Common false positives
- SPF pass is not enough if the visible From domain does not align for DMARC.
- SMTP accepted does not prove inbox placement.
- Using Gmail From can appear to work during small tests and fail with stricter recipients.
- DMARC reject should not be enabled until transactional sender alignment is proven.