外掛說明
Emerge Mail replaces SMTP plugins for transactional WordPress email. Connect one or more Gmail or Microsoft 365 mailboxes via OAuth, and every wp_mail() call your site makes — password resets, comment notifications, WooCommerce receipts, contact-form submissions — is delivered through that mailbox’s API.
Because the From address is your own authenticated mailbox, messages benefit from SPF, DKIM, and DMARC alignment that PHP’s mail() function cannot provide. This typically results in dramatically better inbox placement than default WordPress mail.
Key features
- OAuth connections to Gmail and to all Microsoft account types (personal Outlook / Hotmail / Live and Microsoft 365 work/school accounts).
- No SMTP credentials to manage — you never enter a password into WordPress.
- Multiple mailboxes per site with automatic failover. The Active connection sends first; if it fails, the next available connection is tried, with a 10-minute cooldown on failed connections.
- Optional bulk-send throttle: when a burst of sends is detected, rotate through your connected mailboxes instead of hammering the Active one.
- Per-connection From email override for verified send-as aliases.
- Configurable sender defaults: a custom From name and an opt-in “Reply-To = admin email when sender differs” setting.
- Full
wp_mailcompatibility: To/Cc/Bcc (including from headers), HTML bodies, multipart alternative, attachments, custom headers, RFC 2822 address formats including comma-separated lists and quoted display names, non-UTF-8 charsets. - RFC 2047 encoding for non-ASCII subjects and display names.
- One-click Send test button per connection.
- Email Controls page: opt-in suppression of WordPress core self-notifications you don’t want to receive (comment moderation, automatic updates, new-user registered, etc.) — recorded to a Suppression Log instead.
- Suppression Log page: standard WordPress list table with type filter, bulk delete, and automatic 30-day pruning.
- Last-error visibility per connection and a site-wide admin notice on recent failures.
- Automatic hourly token refresh (Action Scheduler when available, WP-Cron fallback).
- Safe fallback to default WordPress mail delivery on any failure — the plugin never blocks email.
- Extensible via filters: cooldown, bulk thresholds, HTTP timeouts, token-refresh timing, MIME output, suppression catalog.
How it works
When you connect a mailbox, an access + refresh token pair is encrypted with a per-site key and stored as a WordPress option. From that point on, your site talks directly to Gmail or Microsoft Graph; no third party sits in the send path.
The plugin hooks pre_wp_mail. If at least one connection is active, the message is routed through the chosen provider API. If the provider returns an error — or if no connections are configured — WordPress’s default mail delivery takes over transparently.
What this is not
- Not a marketing or bulk email tool. No subscriber lists, no campaigns, no broadcasts.
- Not a shared-IP SMTP relay. Each site sends from its own connected mailboxes.
- Not a way to spoof arbitrary From addresses. The provider will reject anything that isn’t an authorized send-as alias of the connected mailbox.
External services
To deliver mail, Emerge Mail communicates with three external services. By installing and using this plugin you agree to use of these services. Nothing is contacted until you click Connect Gmail or Connect Microsoft in the plugin settings.
1. Emerge OAuth service (emerge.redigit.net)
What it is and what it’s used for: A stateless OAuth proxy operated by the plugin author. It exists to broker the OAuth authorization handshake between your WordPress site and Google or Microsoft so the plugin can be authorized to send mail from your mailbox. The proxy holds the OAuth client secrets that Google and Microsoft would otherwise require every site to register individually.
What data is sent, when:
- When you click Connect Gmail or Connect Microsoft, your browser is redirected to
https://emerge.redigit.net/oauth/{provider}/authorizewith a PKCE code challenge and a state token generated by your site. No personal data is sent. - When the provider redirects back, your site posts the authorization code and PKCE verifier to
https://emerge.redigit.net/oauth/{provider}/tokento receive the access and refresh tokens. The tokens are returned directly to your site and stored locally, encrypted, inwp_options. The proxy does not persist them. - When an access token nears expiry, your site posts the refresh token to
https://emerge.redigit.net/oauth/{provider}/refreshto obtain a new access token. Again, nothing is persisted on the proxy. - No email content, recipient lists, or message metadata is ever sent to the proxy.
Terms and privacy:
- Terms of Service: https://emerge.redigit.net/terms-of-service
- Privacy Policy: https://emerge.redigit.net/privacy-policy
2. Google APIs (Gmail)
What it is and what it’s used for: Used only when you connect a Gmail mailbox. Once authorized, the plugin sends every wp_mail() message directly to the Gmail API (gmail.googleapis.com) from your WordPress site. Periodically the plugin also calls the Google OAuth userinfo endpoint (www.googleapis.com/oauth2/v2/userinfo) to verify the access token is still valid.
What data is sent, when:
- On each
wp_mail()call routed through a Gmail connection: the full outbound message (To/Cc/Bcc, subject, body, attachments, custom headers) is POSTed tohttps://gmail.googleapis.com/gmail/v1/users/me/messages/sendas a base64-encoded RFC822 message. This is what’s required for the message to reach the recipient. - On token validation: a Bearer token is sent to
https://www.googleapis.com/oauth2/v2/userinfo. No message data is included.
Terms and privacy:
- Google Terms of Service: https://policies.google.com/terms
- Google Privacy Policy: https://policies.google.com/privacy
- Google API Services User Data Policy: https://developers.google.com/terms/api-services-user-data-policy
3. Microsoft Graph (Outlook / Microsoft 365)
What it is and what it’s used for: Used only when you connect a Microsoft mailbox. Once authorized, the plugin sends every wp_mail() message directly to Microsoft Graph (graph.microsoft.com) from your WordPress site. Periodically the plugin also calls Graph’s /me endpoint to verify the access token is still valid.
What data is sent, when:
- On each
wp_mail()call routed through a Microsoft connection: the full outbound message (To/Cc/Bcc, subject, body, attachments, custom headers) is POSTed tohttps://graph.microsoft.com/v1.0/me/sendMailas a JSON payload. This is what’s required for the message to reach the recipient. - On token validation: a Bearer token is sent to
https://graph.microsoft.com/v1.0/me. No message data is included.
Terms and privacy:
- Microsoft Services Agreement: https://www.microsoft.com/en/servicesagreement
- Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement
安裝方式
- Upload the
emerge-mailfolder to/wp-content/plugins/, or install via the Plugins screen. - Activate the plugin from the Plugins menu.
- Click the new Emerge Mail top-level item in your WordPress admin sidebar.
- Click Connect Gmail or Connect Microsoft and approve the OAuth consent screen.
- Click Send test on the new connection row to confirm delivery to your administrator email.
As soon as a connection is active, wp_mail() routes through it automatically.
常見問題集
-
Does this work with WooCommerce, Contact Form 7, WPForms, etc.?
-
Yes. Anything that uses
wp_mail()— which is virtually every WordPress plugin that sends email — works without modification. -
Do I need a Google Cloud or Microsoft Azure account?
-
No. Authorization is handled by the Emerge OAuth service. You sign in with your normal Google or Microsoft account; no developer setup is required.
-
Where are my OAuth tokens stored?
-
Tokens are encrypted with a key generated locally on your site on first activation and stored as a WordPress option. They never leave your install. The OAuth proxy used during sign-in does not persist tokens.
-
What happens when an access token expires?
-
Access tokens expire roughly hourly. The plugin refreshes them automatically — both on a schedule and inline if a send happens to coincide with an expiry. You don’t need to do anything.
-
What happens if Gmail or Microsoft is unreachable?
-
The plugin returns an error from its
pre_wp_mailhook, which causes WordPress to fall back to its default mail delivery. The failure is recorded in the Last error column of the settings page and surfaced as an admin notice for 24 hours. -
Can I send from multiple mailboxes?
-
Yes. Connect as many as you like; the connection marked Active is used first. If a send fails (or the Active connection is in cooldown after a recent error), the plugin automatically falls through to the next available connection. You can switch the Active mailbox at any time from the Connections table.
For high-volume sites, turn on Bulk sending in Sender settings to spread bursts of sends across all connected mailboxes instead of always hitting the Active one.
-
Can I override the From email?
-
Yes. Enter a different address in the From email column on the Connections table. It must be a verified send-as alias on the connected mailbox (Gmail: Settings Accounts Send mail as; Microsoft: Mail Aliases or admin-configured), otherwise the provider will reject the send.
-
Can I customize the From display name?
-
Yes. Set it in Sender settings From name on the main settings page. Leave it blank to use your site title as the default.
-
Can I suppress noisy WordPress notifications I don’t care about?
-
Yes. Open Emerge Mail Email Controls and tick the notifications you want stopped. Eight WordPress core admin/editor notifications are listed (comment moderation, new comments, password reset notices, new user registrations, and automatic-update results). Suppressed notifications are recorded in Emerge Mail Suppression Log so you still have an audit trail. End-user notifications (password resets, account changes, new-user welcome) are intentionally not listed — users need those.
-
Does the plugin read my mailbox?
-
No. The OAuth scope requested is sufficient only to send mail. The plugin does not call any read endpoints and cannot access existing messages.
-
Is `wp_mail` still available to other plugins after activation?
-
Yes.
wp_mailcontinues to function normally. The plugin only changes how the underlying send is performed; it doesn’t change any ofwp_mail‘s public behavior. -
Will the plugin work without an active mailbox connection?
-
Yes.
wp_mailfalls through to WordPress’s default delivery when no connection is available. The plugin never blocks email. -
How do I remove all stored data on uninstall?
-
Deleting the plugin from the Plugins screen runs
uninstall.php, which removes every stored connection, all encrypted tokens, the per-site encryption key, sender/control settings, the suppression-log table, and all scheduled jobs.
使用者評論
參與者及開發者
變更記錄
1.0.0
- Initial release.
- OAuth connections to Gmail and to all Microsoft account types (personal Outlook/Hotmail/Live and Microsoft 365 work/school).
- Multiple mailboxes per site with active-first routing and automatic failover (with per-connection cooldown after errors).
- Optional bulk-send throttle that rotates connections during detected bursts.
- Per-connection From email override for verified send-as aliases.
- Configurable Sender settings: custom From name (defaults to site title), opt-in Reply-To-to-admin-email when the sender differs, ignore plugin-set From header.
- Full
wp_mailmapping: attachments, Cc/Bcc from headers, multipart alternative, comma-separated address lists with quoted display names, non-UTF-8 charsets, RFC 2047 header encoding. - Send-test button per connection.
- Email Controls page: suppress eight WordPress core admin/editor self-notifications.
- Suppression Log custom table with WP list-table UI, type filter, bulk delete, and daily 30-day pruning.
- Per-connection failure visibility on the settings screen plus a site-wide admin notice on recent failures.
- Hourly token maintenance via Action Scheduler (WP-Cron fallback).
- Safe fallback to default WordPress mail delivery on any provider failure.
- Filter hooks for cooldown duration, bulk thresholds, HTTP timeouts and request args, token-refresh timing, final MIME output, Microsoft saveToSentItems, suppression catalog, and log retention.