Emerge Mail

Emerge Mail replaces SMTP plugins for transactional WordPress email. Connect one or more mail accounts and every wp_mail() call your site makes — password resets, comment notifications, WooCommerce receipts, contact-form submissions — is delivered through that account.

Seven providers, one unified send path:

• Gmail (OAuth) — sign in to your Google account; no SMTP password needed.
• Microsoft 365 / Outlook (OAuth) — sign in to personal Outlook/Hotmail/Live or Microsoft 365 work/school accounts.
• SendGrid (API key) — paste a v3 API key with Mail Send permission.
• Mailgun (API key) — paste a private API key, sending domain, and pick your region (US or EU).
• Amazon SES (Sigv4) — paste an IAM access key + secret with ses:SendEmail permission. No AWS SDK dependency.
• Brevo (API key) — paste a v3 API key.
• Generic SMTP — host + port + encryption + username + password for any SMTP server (your own host, an SES SMTP endpoint, Postmark SMTP, Fastmail, mailcow, etc.).

Because the From address is your own authenticated mailbox or verified sender, messages benefit from SPF, DKIM, and DMARC alignment that PHP’s mail() function cannot provide. This typically results in dramatically better inbox placement than default WordPress mail.

Know exactly what bounced

Most SMTP plugins send and forget. Emerge Mail closes the loop — it captures bounces and spam complaints from your provider and records them right inside WordPress, so you can see which addresses are failing and stop mailing them.

• Real-time bounce & complaint reporting for SendGrid, Mailgun, Brevo, and Amazon SES. Paste one webhook URL into your provider’s dashboard — Emerge Mail auto-detects which provider sent each event from its payload, so a single endpoint covers them all.
• Gmail bounces too. Gmail can’t push webhooks, so Emerge Mail ships a small Google Apps Script that reads “Mail Delivery Subsystem” messages from your mailbox and forwards them to the same endpoint. Setup takes about a minute and installs its own schedule.
• Classified automatically as a hard bounce, soft bounce, or spam complaint, written to the Activity Log, and correlated back to the original message — recipient, subject, mailbox, and From all in one place.
• Built for developers. Every bounce fires an emerge_mail_bounce_received action with a clean, uniform payload, so list-hygiene, auto-suppression, or CRM-sync code can react instantly. Set an X-Emerge-Mail-Ref header on a send and it’s echoed straight back to you on the bounce — on any provider, whether the bounce arrived synchronously at send time or later by webhook.

Key features

• Seven providers (above), all sharing the same routing, failover, and From-email overrides.
• Multiple connections per site with automatic failover. The Active connection sends first; if it fails, the next available connection is tried, with a 1-hour cooldown on failed connections. Mix-and-match across providers — e.g. SendGrid primary, an SMTP fallback, and a Gmail mailbox as the last-resort backup.
• Optional connection throttle: rotate through all your connected accounts instead of hammering the Active one.
• Per-connection From email override for verified send-as aliases / verified senders.
• Configurable sender defaults: a custom From name and an opt-in “Reply-To = admin email when sender differs” setting.
• Full wp_mail compatibility: To/Cc/Bcc (including from headers), HTML bodies, multipart alternative, attachments, custom headers, RFC 2822 address formats including comma-separated lists and quoted display names, non-UTF-8 charsets.
• RFC 2047 encoding for non-ASCII subjects and display names.
• One-click Send test button per connection.
• Email Controls page: opt-in suppression of WordPress core self-notifications you don’t want to receive (comment moderation, automatic updates, new-user registered, etc.) — recorded to the Activity Log instead.
• Bounce & complaint tracking across Gmail, SendGrid, Mailgun, Amazon SES, and Brevo — captured in real time via a single auto-detecting webhook (plus a Gmail Apps Script bridge), classified hard / soft / complaint, correlated to the original send, and exposed to your own code through the emerge_mail_bounce_received action.
• Activity Log page: unified record of mail sent through your connections, suppressed notifications, provider send errors, and recipient bounces — with provider, type, and severity filters, Provider / Mailbox / From / Recipient columns, bulk delete, and automatic 10-day pruning.
• Bounce classification: provider-specific error patterns map to a unified send.bounce.* / send.error.* taxonomy so per-recipient bounces are distinguished from transport outages across every provider.
• Last-error visibility per connection and a site-wide admin notice on recent failures.
• Automatic hourly token refresh for OAuth connections (Action Scheduler when available, WP-Cron fallback). API-key connections require no maintenance.
• Safe fallback to default WordPress mail delivery on any failure — the plugin never blocks email.
• Extensible via filters: cooldown, HTTP timeouts, token-refresh timing, MIME output, suppression catalog.

How it works

When you connect an account, the credentials (OAuth tokens, or your API key / SMTP password) are encrypted with a per-site key and stored as a WordPress option. From that point on, your site talks directly to the provider’s API or SMTP endpoint; no third party sits in the send path.

The plugin hooks pre_wp_mail. If at least one connection is active, the message is routed through it. If the provider returns an error — or if no connections are configured — WordPress’s default mail delivery takes over transparently.

What this is not

• Not a marketing or bulk email tool. No subscriber lists, no campaigns, no broadcasts.
• Not a shared-IP SMTP relay. Each site sends from its own connected accounts.
• Not a way to spoof arbitrary From addresses. The provider will reject anything that isn’t an authorized sender on the connected account.

External services

To deliver mail, Emerge Mail can communicate with up to eight external services depending on which providers you connect. By installing and using this plugin you agree to use of these services. Nothing is contacted until you connect at least one provider in the plugin settings — every external call below is gated on the corresponding connection existing.

1. Emerge OAuth service (emerge.redigit.net)

What it is and what it’s used for: A stateless OAuth proxy operated by the plugin author. It exists to broker the OAuth authorization handshake between your WordPress site and Google or Microsoft so the plugin can be authorized to send mail from your mailbox. The proxy holds the OAuth client secrets that Google and Microsoft would otherwise require every site to register individually.

What data is sent, when:

• When you click Connect Gmail or Connect Microsoft, your browser is redirected to https://emerge.redigit.net/oauth/{provider}/authorize with a PKCE code challenge and a state token generated by your site. No personal data is sent.
• When the provider redirects back, your site posts the authorization code and PKCE verifier to https://emerge.redigit.net/oauth/{provider}/token to receive the access and refresh tokens. The tokens are returned directly to your site and stored locally, encrypted, in wp_options. The proxy does not persist them.
• When an access token nears expiry, your site posts the refresh token to https://emerge.redigit.net/oauth/{provider}/refresh to obtain a new access token. Again, nothing is persisted on the proxy.
• No email content, recipient lists, or message metadata is ever sent to the proxy.

Terms and privacy:

• Terms of Service: https://emerge.redigit.net/terms-of-service
• Privacy Policy: https://emerge.redigit.net/privacy-policy

2. Google APIs (Gmail)

What it is and what it’s used for: Used only when you connect a Gmail mailbox. Once authorized, the plugin sends every wp_mail() message directly to the Gmail API (gmail.googleapis.com) from your WordPress site. Periodically the plugin also calls the Google OAuth userinfo endpoint (www.googleapis.com/oauth2/v2/userinfo) to verify the access token is still valid.

What data is sent, when:

• On each wp_mail() call routed through a Gmail connection: the full outbound message (To/Cc/Bcc, subject, body, attachments, custom headers) is POSTed to https://gmail.googleapis.com/gmail/v1/users/me/messages/send as a base64-encoded RFC822 message. This is what’s required for the message to reach the recipient.
• On token validation: a Bearer token is sent to https://www.googleapis.com/oauth2/v2/userinfo. No message data is included.

Terms and privacy:

• Google Terms of Service: https://policies.google.com/terms
• Google Privacy Policy: https://policies.google.com/privacy
• Google API Services User Data Policy: https://developers.google.com/terms/api-services-user-data-policy

3. Microsoft Graph (Outlook / Microsoft 365)

What it is and what it’s used for: Used only when you connect a Microsoft mailbox. Once authorized, the plugin sends every wp_mail() message directly to Microsoft Graph (graph.microsoft.com) from your WordPress site. Periodically the plugin also calls Graph’s /me endpoint to verify the access token is still valid.

What data is sent, when:

• On each wp_mail() call routed through a Microsoft connection: the full outbound message (To/Cc/Bcc, subject, body, attachments, custom headers) is POSTed to https://graph.microsoft.com/v1.0/me/sendMail as a JSON payload. This is what’s required for the message to reach the recipient.
• On token validation: a Bearer token is sent to https://graph.microsoft.com/v1.0/me. No message data is included.

Terms and privacy:

• Microsoft Services Agreement: https://www.microsoft.com/en/servicesagreement
• Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement

4. SendGrid (api.sendgrid.com)

What it is and what it’s used for: Used only when you add a SendGrid connection. The plugin sends every wp_mail() message routed through that connection directly to the SendGrid Mail Send API. The connect-time validation also calls SendGrid’s /v3/user/profile to confirm the API key works.

What data is sent, when:

• On each wp_mail() call routed through a SendGrid connection: the outbound message (recipients, subject, body, attachments, custom headers) is POSTed to https://api.sendgrid.com/v3/mail/send as a JSON payload.
• On connect: an authenticated GET is sent to https://api.sendgrid.com/v3/user/profile to validate the API key. No message data is included.

Terms and privacy:

• SendGrid Terms: https://www.twilio.com/legal/tos
• SendGrid Privacy Statement: https://www.twilio.com/legal/privacy

5. Mailgun (api.mailgun.net or api.eu.mailgun.net)

What it is and what it’s used for: Used only when you add a Mailgun connection. The plugin sends every wp_mail() message routed through that connection directly to the Mailgun Messages API on the region (US or EU) you select at connect time.

What data is sent, when:

• On each wp_mail() call routed through a Mailgun connection: the outbound message (recipients, subject, body, attachments, custom headers) is POSTed as multipart/form-data to https://api.mailgun.net/v3/{your-domain}/messages (or the EU equivalent).
• On connect: an authenticated GET is sent to /v3/domains/{your-domain} to validate the API key + domain pairing. No message data is included.

Terms and privacy:

• Mailgun Terms of Service: https://www.mailgun.com/legal/terms/
• Mailgun Privacy Policy: https://www.mailgun.com/legal/privacy-policy/

6. Amazon SES (email.{region}.amazonaws.com)

What it is and what it’s used for: Used only when you add an Amazon SES connection. The plugin sends every wp_mail() message routed through that connection directly to the SES v2 SendEmail API in the AWS region you select at connect time. Requests are signed with AWS Signature V4 using the IAM credentials you provided.

What data is sent, when:

• On each wp_mail() call routed through a SES connection: the outbound message (recipients, subject, body, custom headers) is POSTed to https://email.{region}.amazonaws.com/v2/email/outbound-emails as a JSON payload.
• On connect: a signed GET is sent to /v2/email/account in the same region to validate the credentials. No message data is included.
• If you enable bounce handling for SES: when Amazon SNS posts its one-time subscription confirmation to your site’s webhook endpoint, the plugin completes the handshake by sending a GET to the SubscribeURL that Amazon includes (validated to only ever request amazonaws.com hosts). No message data is included. Thereafter SNS posts bounce/complaint notifications to your endpoint; the plugin does not initiate those.

Terms and privacy:

• AWS Customer Agreement: https://aws.amazon.com/agreement/
• AWS Privacy Notice: https://aws.amazon.com/privacy/

7. Brevo (api.brevo.com)

What it is and what it’s used for: Used only when you add a Brevo connection. The plugin sends every wp_mail() message routed through that connection directly to the Brevo Transactional Email API.

What data is sent, when:

• On each wp_mail() call routed through a Brevo connection: the outbound message (recipients, subject, body, attachments, custom headers) is POSTed to https://api.brevo.com/v3/smtp/email as a JSON payload.
• On connect: an authenticated GET is sent to https://api.brevo.com/v3/account to validate the API key. No message data is included.

Terms and privacy:

• Brevo Terms of Use: https://www.brevo.com/legal/termsofuse/
• Brevo Privacy Policy: https://www.brevo.com/legal/privacypolicy/

8. Your own SMTP server (Generic SMTP)

What it is and what it’s used for: Used only when you add a Generic SMTP connection. The plugin opens an SMTP connection to whatever host:port you specify, authenticates with the username and password you provide, and sends wp_mail() messages via SMTP. WordPress’s bundled PHPMailer library handles the SMTP protocol.

What data is sent, when:

• On each wp_mail() call routed through this connection: the outbound message (recipients, subject, body, attachments, custom headers) is transmitted over SMTP to your configured host.
• On connect: PHPMailer opens the SMTP connection, runs EHLO + STARTTLS (if enabled), and authenticates — no message is sent.

Terms and privacy: Determined by whichever SMTP server you choose to connect to. This plugin does not introduce any third-party SMTP relay; you control the destination.