Emerge Mail

Emerge Mail replaces SMTP plugins for transactional WordPress email. Connect one or more Gmail or Microsoft 365 mailboxes via OAuth, and every wp_mail() call your site makes — password resets, comment notifications, WooCommerce receipts, contact-form submissions — is delivered through that mailbox’s API.

Because the From address is your own authenticated mailbox, messages benefit from SPF, DKIM, and DMARC alignment that PHP’s mail() function cannot provide. This typically results in dramatically better inbox placement than default WordPress mail.

Key features

• OAuth connections to Gmail and to all Microsoft account types (personal Outlook / Hotmail / Live and Microsoft 365 work/school accounts).
• No SMTP credentials to manage — you never enter a password into WordPress.
• Multiple mailboxes per site with automatic failover. The Active connection sends first; if it fails, the next available connection is tried, with a 10-minute cooldown on failed connections.
• Optional bulk-send throttle: when a burst of sends is detected, rotate through your connected mailboxes instead of hammering the Active one.
• Per-connection From email override for verified send-as aliases.
• Configurable sender defaults: a custom From name and an opt-in “Reply-To = admin email when sender differs” setting.
• Full wp_mail compatibility: To/Cc/Bcc (including from headers), HTML bodies, multipart alternative, attachments, custom headers, RFC 2822 address formats including comma-separated lists and quoted display names, non-UTF-8 charsets.
• RFC 2047 encoding for non-ASCII subjects and display names.
• One-click Send test button per connection.
• Email Controls page: opt-in suppression of WordPress core self-notifications you don’t want to receive (comment moderation, automatic updates, new-user registered, etc.) — recorded to a Suppression Log instead.
• Suppression Log page: standard WordPress list table with type filter, bulk delete, and automatic 30-day pruning.
• Last-error visibility per connection and a site-wide admin notice on recent failures.
• Automatic hourly token refresh (Action Scheduler when available, WP-Cron fallback).
• Safe fallback to default WordPress mail delivery on any failure — the plugin never blocks email.
• Extensible via filters: cooldown, bulk thresholds, HTTP timeouts, token-refresh timing, MIME output, suppression catalog.

How it works

When you connect a mailbox, an access + refresh token pair is encrypted with a per-site key and stored as a WordPress option. From that point on, your site talks directly to Gmail or Microsoft Graph; no third party sits in the send path.

The plugin hooks pre_wp_mail. If at least one connection is active, the message is routed through the chosen provider API. If the provider returns an error — or if no connections are configured — WordPress’s default mail delivery takes over transparently.

What this is not

• Not a marketing or bulk email tool. No subscriber lists, no campaigns, no broadcasts.
• Not a shared-IP SMTP relay. Each site sends from its own connected mailboxes.
• Not a way to spoof arbitrary From addresses. The provider will reject anything that isn’t an authorized send-as alias of the connected mailbox.

External services

To deliver mail, Emerge Mail communicates with three external services. By installing and using this plugin you agree to use of these services. Nothing is contacted until you click Connect Gmail or Connect Microsoft in the plugin settings.

1. Emerge OAuth service (emerge.redigit.net)

What it is and what it’s used for: A stateless OAuth proxy operated by the plugin author. It exists to broker the OAuth authorization handshake between your WordPress site and Google or Microsoft so the plugin can be authorized to send mail from your mailbox. The proxy holds the OAuth client secrets that Google and Microsoft would otherwise require every site to register individually.

What data is sent, when:

• When you click Connect Gmail or Connect Microsoft, your browser is redirected to https://emerge.redigit.net/oauth/{provider}/authorize with a PKCE code challenge and a state token generated by your site. No personal data is sent.
• When the provider redirects back, your site posts the authorization code and PKCE verifier to https://emerge.redigit.net/oauth/{provider}/token to receive the access and refresh tokens. The tokens are returned directly to your site and stored locally, encrypted, in wp_options. The proxy does not persist them.
• When an access token nears expiry, your site posts the refresh token to https://emerge.redigit.net/oauth/{provider}/refresh to obtain a new access token. Again, nothing is persisted on the proxy.
• No email content, recipient lists, or message metadata is ever sent to the proxy.

Terms and privacy:

• Terms of Service: https://emerge.redigit.net/terms-of-service
• Privacy Policy: https://emerge.redigit.net/privacy-policy

2. Google APIs (Gmail)

What it is and what it’s used for: Used only when you connect a Gmail mailbox. Once authorized, the plugin sends every wp_mail() message directly to the Gmail API (gmail.googleapis.com) from your WordPress site. Periodically the plugin also calls the Google OAuth userinfo endpoint (www.googleapis.com/oauth2/v2/userinfo) to verify the access token is still valid.

What data is sent, when:

• On each wp_mail() call routed through a Gmail connection: the full outbound message (To/Cc/Bcc, subject, body, attachments, custom headers) is POSTed to https://gmail.googleapis.com/gmail/v1/users/me/messages/send as a base64-encoded RFC822 message. This is what’s required for the message to reach the recipient.
• On token validation: a Bearer token is sent to https://www.googleapis.com/oauth2/v2/userinfo. No message data is included.

Terms and privacy:

• Google Terms of Service: https://policies.google.com/terms
• Google Privacy Policy: https://policies.google.com/privacy
• Google API Services User Data Policy: https://developers.google.com/terms/api-services-user-data-policy

3. Microsoft Graph (Outlook / Microsoft 365)

What it is and what it’s used for: Used only when you connect a Microsoft mailbox. Once authorized, the plugin sends every wp_mail() message directly to Microsoft Graph (graph.microsoft.com) from your WordPress site. Periodically the plugin also calls Graph’s /me endpoint to verify the access token is still valid.

What data is sent, when:

• On each wp_mail() call routed through a Microsoft connection: the full outbound message (To/Cc/Bcc, subject, body, attachments, custom headers) is POSTed to https://graph.microsoft.com/v1.0/me/sendMail as a JSON payload. This is what’s required for the message to reach the recipient.
• On token validation: a Bearer token is sent to https://graph.microsoft.com/v1.0/me. No message data is included.

Terms and privacy:

• Microsoft Services Agreement: https://www.microsoft.com/en/servicesagreement
• Microsoft Privacy Statement: https://privacy.microsoft.com/en-us/privacystatement