Thanks Mail for Stripe

Thanks Mail for Stripe is a lightweight plugin that automatically sends customized thank-you emails to customers after they complete a purchase through Stripe Payment Links. Perfect for digital product sales, software licensing, and service businesses.

No external services required – works directly with Stripe Webhooks

This plugin receives Stripe webhook events directly and sends emails using WordPress’s built-in mail function. No Zapier, Make, or other third-party automation services needed.

Key Features

• Automatic Email Sending – Sends thank-you emails automatically via Stripe Webhook
• Multi-language Support – Up to 10 customizable email templates with locale settings
• Smart Language Detection – Automatically detects customer language from Payment Link ID or locale
• Customizable Templates – Fully customizable email subject and body with placeholders
• Custom Sender Settings – Set custom From email address and sender name
• Duplicate Prevention – Built-in idempotency prevents sending duplicate emails
• Test Email Function – Send test emails to verify your settings before going live
• Email Log – View history of sent emails in the admin panel
• Secure Webhook Verification – Validates Stripe webhook signatures (HMAC-SHA256)

How It Works

1. Customer makes a purchase via your Stripe Payment Link
2. Stripe sends a webhook event to your WordPress site
3. Plugin verifies the webhook signature for security
4. Plugin detects customer language based on Payment Link ID
5. Thank-you email is sent to the customer using wp_mail()
6. Transaction is logged to prevent duplicate sends on retries

Use Cases

• Digital product sales (software, ebooks, courses)
• Software license key distribution (manual follow-up)
• Service booking confirmations
• Donation thank-you messages
• Any Stripe Payment Links checkout

Requirements

• WordPress 5.0 or higher
• PHP 7.4 or higher
• Stripe account with Payment Links
• SSL certificate (HTTPS) – required for webhooks
• SMTP plugin recommended for reliable email delivery

Email Sender Best Practices

Important: Always use your own domain email address as the “From Email” setting.

• Good: info@yoursite.com, support@yoursite.com
• Bad: yourname@gmail.com, yourname@yahoo.com

Using Gmail or other free email services as the sender will cause delivery failures due to SPF/DKIM/DMARC authentication. Your server is not authorized to send emails on behalf of Gmail.

You CAN use any email address (including Gmail) for the “Reply-To” setting – this only affects where replies go, not email deliverability.

Recommended SMTP Plugins

For reliable email delivery, we recommend using an SMTP plugin:

• WP Mail SMTP
• Post SMTP
• FluentSMTP

These plugins send emails through a proper SMTP server instead of PHP’s mail() function, improving deliverability.

Test vs Live Mode

Remember to update your settings when switching from test to live mode:

• Webhook Signing Secret – Test and Live have different secrets (whsec_…)
• Payment Link IDs – Test and Live have different IDs (plink_…)
• Webhook Endpoints – Register endpoints in both Test and Live mode in Stripe Dashboard

Security Best Practices

• The plugin verifies Stripe webhook signatures using HMAC-SHA256
• Webhook requests are validated within a 5-minute tolerance window
• Session IDs are stored to prevent duplicate email sends
• All settings are properly sanitized and escaped

Available Filter Hooks

The plugin provides filter hooks for customization:

• tmfs_email_headers – Modify email headers before sending
• tmfs_email_subject – Customize email subject
• tmfs_email_body – Customize email body
• tmfs_detect_language – Override language detection logic

Example: Add CC to emails

add_filter( 'tmfs_email_headers', function( $headers, $to, $lang, $session_id ) {
    $headers[] = 'Cc: sales@example.com';
    return $headers;
}, 10, 4 );

Example: Custom language detection

add_filter( 'tmfs_detect_language', function( $lang, $session ) {
    // Custom logic based on session data
    if ( strpos( $session['customer_details']['email'], '.jp' ) !== false ) {
        return 'ja';
    }
    return $lang;
}, 10, 2 );

Database Table

The plugin creates a table {prefix}stm_sent_emails to track sent emails:

• id – Auto-increment ID
• session_id – Stripe Checkout Session ID (unique)
• email – Customer email address
• lang – Detected language (ja/en)
• product_name – Product name (if available)
• amount – Purchase amount
• sent_at – Timestamp when email was sent

Troubleshooting Webhook Issues

If webhooks aren’t working, check these common issues:

1. SSL Certificate – Stripe requires HTTPS for webhooks
2. Webhook URL – Make sure the URL is correct and accessible
3. Signing Secret – Verify you’re using the correct secret for test/live mode
4. Server Firewall – Some hosts block requests from overseas IPs
5. Security Plugins – May block REST API endpoints
6. WAF Rules – Server-level WAF may block webhook requests

Check Stripe Dashboard > Developers > Webhooks for detailed error logs.

Data & Privacy

This plugin stores email delivery logs in your WordPress database to prevent duplicate sending and allow administrators to verify delivery history. No data is transmitted to external services by this plugin.

What Data Is Stored

The plugin stores the following data in a custom database table ({prefix}stm_sent_emails):

• session_id – Stripe Checkout Session ID (used as unique key for duplicate prevention)
• email – Customer email address (to confirm which customer received the email)
• lang – Detected language code, ja or en (to record which template was used)
• product_name – Product name (reserved for future use)
• amount – Purchase amount and currency (for administrator reference)
• sent_at – Timestamp when the email was sent

Additionally, plugin settings (webhook secret, email templates, Payment Link IDs, etc.) are stored in the wp_options table under the key stm_settings.

Purpose

• Duplicate prevention – Stripe may retry webhook events; the session ID prevents sending the same email twice
• Delivery confirmation – Administrators can verify that emails were sent to the correct address
• Customer support – Transaction reference for handling customer inquiries

Data Retention

• Email logs are stored indefinitely by default
• Administrators can manually delete individual records via database access
• All data (logs and settings) is automatically removed when uninstalling the plugin via the WordPress admin

External Services

• This plugin receives incoming webhook events from Stripe – it does not make outbound API calls to Stripe
• No customer data is sent to any third-party service by this plugin
• Emails are sent using WordPress’s built-in wp_mail() function (delivery depends on your server or SMTP plugin configuration)

GDPR Considerations

• Customer email addresses are stored for the legitimate business purpose of preventing duplicate emails and maintaining delivery records
• You should disclose this data storage in your site’s privacy policy
• Data can be exported or deleted upon customer request via direct database access