Why PHPMailer should be replaced with SMTP

October 18, 2018 | Email , Security | by Mihovil Mikulec
why phpmailer should be replaced with smtp

PHPMailer is a code library that sends email messages from a web server via PHP. Although it generally works and you might not have any bad experience with it, PHPMailer is far from perfect.

Why PHPMailer should be avoided

1. No email authentication

The biggest issue with PHPMailer is that it uses no email authentication. Because of that, the emails it sends will in most cases end up in receiver’s spambox. Even if the messages won’t go to spam, the sender will most likely be marked as “not authentic” by Gmail and the receiver will get confused.

2. Easy to exploit by hackers

Since PHPMailer does not require any type of authentication to send emails, it can be easily exploited by hackers. In a case your host is hacked, PHPMailer can easily be used for mass email spam campaigns. That will surely result by your host’s IP being blocked by email providers such as Gmail.

Alternative to PHPMailer

Simple Mail Transfer Protocol (SMTP) is an Internet standard for electronic mail transmission. Unlike PHPMailer, it requires password authentication.

Since SMTP requires password authentication, forcing its usage on the entire host (disabling PHPMailer) will reduce the chances of hackers using your host for spam campaigns. Unless hackers are crafty enough to get your SMTP password(s).

By disabling PHPMailer, you will reduce the amount of malicious traffic towards your server as well, regardless of their actions being successful or not. Spammers will always try to find the easiest target to send spam emails from. They most likely won’t waste their resources on host that has PHPMailer disabled in the first place.


Is SMTP perfect? No, it is not. Both SMTP and PHPMailer had known vulnerabilities in the past. But the fact that email providers are very fond of SMTP, or should I say NOT fond of PHPMailer, cannot be ignored. What also cannot be ignored is the protection by password authentication which SMTP brings.

Need someone to take care of your WordPress website?

The easiest way to describe WordPress care services is to say that they bring peace of mind to WordPress site owners and save their time. But not only that, proper WordPress maintenance and monitoring can prevent a lot of potential problems on your website and make it perform faster and better, helping you attract and convert new clients.

  • Speed
  • Security
  • WP updates
  • Daily backups
  • Hosting
  • Uptime monitoring
  • Spam protection
  • SSL certificates
  • Malware removal
  • Form testing
  • SEO blacklist checkup
  • Database optimization
  • Activity monitoring
  • Technical support
  • Free migrations
Mihovil Mikulec
Mihovil Mikulec
Thank you for reading! I am owner of Soulstudio, WordPress developer with 10 years of experience behind me. My primary focus is on WordPress hosting, security and performance. You can contact me directly at [email protected]


Who we are

What started in 2010 as a one-man web development operation is now a small and devoted team of web developers and server administrators.

Our focus is on WordPress hosting and WordPress care services such as speed optimizations, bug fixing and security hardening.

We are located in Croatia (Europe).

Our mission

Our mission is to provide fast, stable and secure hosting environment for your WordPress websites, as well as professional WordPress care services and ongoing user support.

We believe that everybody deserves safe, stable and affordable hosting services. That is why our dedication, commitment and constant learning are reflecting that philosophy.