The WordPress Email Authority
Definitions for WordPress email infrastructure: DMARC alignment, SPF flattening, the wp_mail pipeline, app passwords versus OAuth, the components of authentication and what each one actually checks. Each entry settles one term.
Transactional email goes to one recipient following one action they initiated. Here is what WordPress core and WooCommerce send, and how the legal carve-out works.

The five-stage delivery chain from wp_mail() to inbox, what the operator controls, and how SPF, DKIM, and DMARC work as a system.
Answers to common WordPress email questions covering configuration, deliverability, authentication, and the tools involved.
On WordPress.com, Automattic owns the sending pipeline and domain. On WordPress.org, the operator does. Every email behaviour difference follows from that.
The SMTP Field Manual catalogues real-world bounce messages from major mailbox providers and spam filters – the lookup step in WordPress bounce diagnosis.
Every email WordPress core sends and every wp_mail hook (wp_mail_failed, phpmailer_init, pre_wp_mail) with the filters that control each one.
wp_mail() sends email synchronously – every call blocks the PHP process until SMTP completes. A queue decouples sending from the page request. Here’s when that matters.
How ESP delivery-status webhooks work in WordPress: what Postmark, Mailgun, SendGrid, SES and Mailjet send, how to receive them, and how to verify them.
Google’s Less Secure App access ended: consumer Gmail 30 May 2022, Google Workspace 1 May 2025. The three replacements: OAuth, App Passwords, or switch provider.
Configuring Postman as an OAuth 2.0 client against Microsoft Graph or any IdP: redirect URI, PKCE, and token reuse details that trip up most setups.