slimx Hi slimx!
Fortunately, I haven’t had issues with phpmail(), but that’s because there are a few essential things that must be in place to avoid emails going to SPAM — especially when you're running your own servers or using a VPS.
Besides the basics like SPF, DKIM, DMARC, rDNS/PTR, and a proper HELO (which are all mandatory nowadays), there are a few more key points that make all the difference:
Avoid using raw phpmail() — Even with everything configured, sending directly via phpmail() without authentication can raise red flags. The best approach is to configure your server so that phpmail() goes through a local relay, like Postfix, Exim, or even an internal SMTP service, with proper authentication and signed headers.
Avoid fresh IPs — Clean IPs with no reputation still raise suspicion. Big providers use aged IPs with high volume and positive feedback. That has a big impact on how providers like Gmail treat your email.
Centralized delivery infrastructure — Big hosts often route phpmail() through internal systems that handle authentication, DKIM signing, spam checks, and feedback loops. In many cases, the client thinks it’s phpmail(), but it’s actually being relayed through a professional backend system.
External SMTP services (optional but effective) — If you want to simplify everything, services like SMTP2GO, Mailgun, Amazon SES, etc. offer rock-solid delivery and minimal configuration hassle.
In short: phpmail() can work — but it needs to be backed by the right infrastructure. Big hosts already have that in place. When managing your own servers, you need to build that layer yourself. And when you do, emails get delivered just fine.