ZDN Whitelist Outgoing Email prevents WordPress from accidentally sending emails to real users in development or staging environments, and keeps a searchable log of everything that left the site.
Filtering is off by default after activation so a live site is not affected until you enable it. When filtering is on and the allowlist is empty, every recipient is redirected to the fallback address.
Features
- Whitelist-based filtering — only allowed email addresses receive emails.
- Wildcard domain support — allow entire domains with
*@example.com. - Fallback replacement — non-whitelisted recipients are replaced with your fallback address.
- Traceability — the original email is preserved in the display name (e.g.,
user@external.com <fallback@site.com>). - Outgoing email logger — capture To, subject, body, headers, attachments, and errors in a custom table.
- Filtered badge — logs show when the whitelist rewrote recipients and what the original address was.
- View / resend / delete — inspect HTML or raw bodies, resend a message, or clean up bulk rows.
- Retention rules — auto-prune by max row count and/or age.
- Highest priority filter — hooks at
PHP_INT_MINso filtering runs before any other mail plugin; logging runs last atPHP_INT_MAX. - CC/BCC filtering — also filters CC and BCC headers.
- PHP error log option — optionally log replacements to the PHP error log.
Use Cases
- Development environments where you don’t want emails going to real customers.
- Staging sites that mirror production data.
- QA testing where only testers should receive emails.
- Debugging which plugin sent which email (and whether it was filtered).
Privacy
When email logging is enabled, the plugin stores outgoing message metadata and bodies locally (recipients, subject, body, headers, attachment paths, status, errors, and server address). Access is limited to administrators (manage_options).
Retention options control automatic deletion by count and/or age. Individual or bulk logs can be deleted from the Email Logs screen. Uninstalling the plugin removes the log table, plugin options, and related scheduled events.
Suggested privacy-policy text is also registered with WordPress under Settings → Privacy for site owners to adapt.
The optional PHP error-log setting writes replacement events to the server error log only (no external service).
