PHPMail (How do the big hosts do it?)

slimx

How is that the major web hosting companies are able to offer websites with phpmail and it "just works".

Whenever I setup a WordPress site, phpmail 99% goes straight to spam. The IPs are not blacklisted anywhere, I have tried multiple providers - even larger VPS providers .

At first I thought it was to do with LiteSpeed, but a CPANEL managed server running litespeed seems to do it just fine too.

What is it that makes the larger web hosting company phpmail executions just "go to inbox". Why do I need to enable SMTP. Am i doing something wrong? Or is this purely around IP allocation - larger hosts get forgiven more?

webdig

slimx Hi slimx!

Fortunately, I haven’t had issues with phpmail(), but that’s because there are a few essential things that must be in place to avoid emails going to SPAM — especially when you're running your own servers or using a VPS.

Besides the basics like SPF, DKIM, DMARC, rDNS/PTR, and a proper HELO (which are all mandatory nowadays), there are a few more key points that make all the difference:

Avoid using raw phpmail() — Even with everything configured, sending directly via phpmail() without authentication can raise red flags. The best approach is to configure your server so that phpmail() goes through a local relay, like Postfix, Exim, or even an internal SMTP service, with proper authentication and signed headers.
Avoid fresh IPs — Clean IPs with no reputation still raise suspicion. Big providers use aged IPs with high volume and positive feedback. That has a big impact on how providers like Gmail treat your email.
Centralized delivery infrastructure — Big hosts often route phpmail() through internal systems that handle authentication, DKIM signing, spam checks, and feedback loops. In many cases, the client thinks it’s phpmail(), but it’s actually being relayed through a professional backend system.
External SMTP services (optional but effective) — If you want to simplify everything, services like SMTP2GO, Mailgun, Amazon SES, etc. offer rock-solid delivery and minimal configuration hassle.

In short: phpmail() can work — but it needs to be backed by the right infrastructure. Big hosts already have that in place. When managing your own servers, you need to build that layer yourself. And when you do, emails get delivered just fine.

sikmo

Soo depends. We are blocking postfix for years. And like a year ago, simply.com started doing this also. This specifically confirmed to me, that this is the right way.

But there are services like amazon ses that is for transactional emails and is trusted, cause they do protections. This is same with other big providers, as we found out.

I thought for a while we could implement this system wide also. But seems useless at the end for us.