Bluehost includes domain email with every WordPress plan — inboxes at the domain, webmail, IMAP and POP3, and forwarding — without a separate account. WordPress sends mail through PHP’s mail() function on the hosting server by default, and that mail goes out unsigned unless the operator has manually turned on DKIM (the cryptographic signature that receiving mail servers use to confirm a message came from the right domain). Outbound SMTP ports are unrestricted, so wiring up an external relay is a plugin install and a set of credentials rather than a hosting conversation. The sending ceiling is 500 messages per hour per domain; Bluehost publishes an hourly limit only and does not document a separate daily cap.
Plans renew at $8.99/month (Basic) and $10.99/month (Plus and Choice Plus). Bluehost sits in the budget shared-hosting tier and is one of the WordPress.org officially recommended hosts.
Email on Bluehost
How wp_mail works by default
A fresh WordPress install on Bluehost sends mail through PHP’s mail() function, which hands off to the server’s local sendmail configuration. No relay account is required, no SMTP plugin, no external credentials. Password resets, WooCommerce order confirmations, and comment notifications all leave through this local stack without any extra setup.
The gap in the default path is DKIM signing. SiteGround auto-publishes a DKIM record for every hosted domain and signs outgoing mail against it automatically. On Bluehost, DKIM is available but not configured by default. Mail that leaves unsigned is harder for receiving providers such as Gmail and Outlook to vouch for, which raises the probability of landing in the spam folder when the sending IP’s reputation is uncertain. For any site where inbox placement matters, enabling DKIM through cPanel’s Email Deliverability section is the first action, not the optional one.
Bluehost 
documents the problem and the fix in its knowledge base: a candid acknowledgement from a host that ships an unsigned default.
Outbound SMTP port status
| Port | Status | Protocol |
|---|---|---|
| 25 | Open | SMTP (legacy) — not documented explicitly; not blocked in practice |
| 465 | Open | SMTPS (implicit TLS) — not documented explicitly; not blocked in practice |
| 587 | Open | SMTP with STARTTLS — standard port for external relay connections |
| 2525 | Open | SMTP (alternate) — not documented explicitly; not blocked in practice |
| 993 | Open | IMAPS (incoming, bundled mailboxes) |
| 995 | Open | POP3S (incoming, bundled mailboxes) |
Bluehost does not publish a port-status table. Port 587 is the one referenced in its SMTP plugin documentation. The remaining outbound rows are based on the assessment verified on 2026-06-08: standard outbound ports connect to external services without restriction.
Sending limits
| Limit | Value |
|---|---|
| Per domain, per hour | 500 |
The 500-per-hour limit applies individually to each domain, subdomain, and mailing list. Bluehost’s published policy documents the hourly limit only; no separate daily cap is stated. Among major shared WordPress hosts that publish sending numbers, 500/hour is the highest ceiling: SiteGround caps at 400/hour on its entry plans, and both Kinsta and WP Engine route WordPress mail through MailChannels rather than publishing a raw hourly figure.
Mailboxes, forwarding, DNS
Bluehost includes email accounts at the hosted domain on all shared WordPress plans, with IMAP, POP3, and SMTP access for mail clients and webmail through cPanel. Per-plan account counts and storage limits are at Bluehost’s hosting page. Forwarding rules are set up in the same cPanel Email section; no separate forwarding service is needed.
Bluehost manages DNS through cPanel for hosted domains. SPF (the DNS record listing which servers are authorised to send mail for the domain), DKIM, and DMARC records are all added through Bluehost’s DNS Zone Editor or cPanel’s Email Deliverability tool. Moving DNS to Cloudflare or another external provider is possible, but it shifts where authentication records must be maintained. Bluehost’s own SPF and DKIM documentation stops applying once DNS is external.
Authentication (SPF, DKIM, DMARC)
None of the three authentication records are published automatically on Bluehost. The operator has to add each one:
- SPF: Bluehost provides SPF setup documentation with the record to add through the DNS Zone Editor.
- DKIM: Available under Email Deliverability in cPanel on standard shared hosting (Bluehost doesn’t document this step directly, but cPanel’s Email Deliverability section is standard on all Bluehost shared plans). Requires the operator to enable it per domain. This is the most critical step for deliverability on Bluehost’s default mail path.
- DMARC (the policy record that tells receiving servers what to do when SPF and DKIM both fail): not addressed by Bluehost documentation; the operator adds a
_dmarcTXT record by hand if they want one.p=nonewith arua=reporting address is a reasonable starting position.
The practical consequence: a Bluehost site whose operator has done none of this is sending unsigned mail with no SPF assertion from a shared IP. That is the highest-risk configuration for spam placement. It’s also the most common new-site configuration on any host that doesn’t automate these steps. Enabling DKIM in cPanel takes two minutes and meaningfully changes the odds.
What Bluehost does not provide
- Automatic DKIM signing. SiteGround publishes DKIM automatically. On Bluehost the operator enables it manually through cPanel.
- Dedicated sending IP. Outbound mail shares a server IP with other sites on the same host. A neighbour’s spam reputation affects your delivery rates. Postmark offers dedicated IP add-ons; Mailgun does on its Foundation plan.
- Bounce tracking and delivery events. No dashboard for confirming delivery, recording bounces, or surfacing spam reports. SMTP2GO, Postmark, and Mailgun all publish per-message events out of the box.
- Marketing email allowance. The sending limits cover transactional traffic. Broadcast campaigns should go through a dedicated marketing platform.
- Per-message delivery logs. No searchable log is available through the hosting panel.
When a third-party relay is needed
For a WordPress site sending routine transactional mail well under 500 messages per hour, the Bluehost default is usable once the operator has enabled DKIM in cPanel. A small WooCommerce store processing dozens of orders a day, a membership site with a few hundred active users, a contact-form-only site: all of these are within range.
A dedicated relay becomes the right answer when:
- A missed email has a business cost. If a customer can’t reset their password or doesn’t receive an order confirmation, they may churn or contact support. For any WordPress site where a missed A transactional email is the automated message a WordPress site sends in response to a single user action – a password reset, an order confirmation, a form receipt – addressed to the user who triggered it. Read full reference → means a churned customer or a support ticket, Postmark is the cleaner choice: its core product is deliverability, its transactional reputation is among the strongest in the category, and its bounce handling is documented and automatic.
- Volume approaches the cap. Any flow that sends more than a few hundred messages per hour needs to move off the local stack. SMTP2GO has a free tier for low-volume sites; Mailgun scales well at higher volumes without a steep per-message premium.
- Delivery visibility is required. The bundled Bluehost path produces no delivery data. Operators who need to know whether a specific message arrived, or track bounce rates over time, need one of the relay services: Postmark, SMTP2GO, and Mailgun all publish per-message logs and aggregate dashboards.
- Marketing or newsletter email is in the mix. Broadcast mail should use a dedicated marketing platform, not the transactional path through the WordPress install.
Bluehost’s open outbound SMTP ports mean any SMTP plugin — WP Mail SMTP, FluentSMTP, Post SMTP — connects to an external relay without a port restriction. API-based integrations work equally well for services that support them.
Going the other way, sites following the WordPress without the plugin minimum-stack pattern can stay on Bluehost’s default sending and skip the SMTP plugin entirely; the bundled relay is what makes the no-plugin SMTP slice viable here.
Verdict
Bluehost’s bundled email gives most WordPress sites what they need at a budget price: domain mailboxes, open SMTP ports, and a 500/hour sending ceiling that handles routine transactional traffic without hitting a cap. The unsigned default is the catch: enabling DKIM through cPanel is the one configuration step that meaningfully changes the deliverability odds, and it should happen before the site goes live. For sites where a missed order confirmation or password reset has a real business cost, or where sending approaches the hourly limit, Postmark or SMTP2GO is the better call; because the outbound ports are open, adding either one takes a plugin install. For the relay and plugin setup, see how to configure WordPress email.
Corrections
- 2026-06-18: an earlier version cited a ~12,000-per-day account-wide sending cap; Bluehost documents only the 500-per-hour-per-domain limit, and the daily figure was derived arithmetic.