Skip to content

Adam Greenwell

Email Provider Configuration

Email providers enable Guard Dog to send two-factor authentication codes via email. Instead of relying on WordPress’s default wp_mail() function (which is often unreliable), you can configure a professional email service for guaranteed delivery.

Why Configure an Email Provider?

WordPress default email is unreliable:

  • May not work at all on many hosts
  • Often ends up in spam folders
  • No delivery tracking or confirmation
  • Poor reputation with email providers

Professional email providers offer:

  • ✅ Guaranteed delivery
  • ✅ Better inbox placement (not spam)
  • ✅ Delivery tracking and analytics
  • ✅ Higher sending limits
  • ✅ Better reputation and authentication

When you need email provider:

  • Using email-based 2FA
  • Sending password reset emails
  • Sending temporary access links (future feature)
  • Any critical transactional emails

Supported Email Providers

Guard Dog supports three enterprise email providers:

1. Amazon SES (Simple Email Service)

Best for:

  • High-volume sending
  • AWS infrastructure users
  • Technical teams comfortable with AWS
  • Cost-conscious high-volume senders

Pricing:

  • $0.10 per 1,000 emails
  • Extremely cost-effective at scale
  • Free tier: 62,000 emails/month (if using EC2)

Pros:

  • Very reliable
  • Excellent deliverability
  • Scales infinitely
  • Very affordable

Cons:

  • AWS account required
  • More complex setup
  • Requires IAM user and credentials
  • Sandbox mode initially (need to request production)

Get Started with Amazon SES

2. Resend

Best for:

  • Modern developers
  • Small to medium sites
  • Simple setup
  • API-first approach

Pricing:

  • Free tier: 100 emails/day
  • Paid: $20/month for 50,000 emails
  • Usage-based pricing above that

Pros:

  • Simple, modern API
  • Easy to set up
  • Good documentation
  • Generous free tier
  • Developer-friendly

Cons:

  • Newer service (less established)
  • Higher cost at very high volumes
  • Fewer features than AWS SES

Get Started with Resend

3. SendGrid

Best for:

  • Established solution
  • Marketing + transactional emails
  • Need for advanced features
  • Enterprise support

Pricing:

  • Free tier: 100 emails/day
  • Essentials: $19.95/month for 50,000 emails
  • Pro: $89.95/month for 100,000 emails

Pros:

  • Very established and reliable
  • Excellent deliverability
  • Advanced features (templates, analytics)
  • Good support

Cons:

  • More expensive than SES
  • Overkill for simple 2FA emails
  • More complex than Resend

Get Started with SendGrid

Quick Comparison

ProviderSetup DifficultyFree TierBest ForCost at 10K/mo
Amazon SESHard62K/mo*High volume$1
ResendEasy3K/moSmall/medium$20
SendGridMedium3K/moEnterprise$19.95

*With EC2 hosting

Recommendation for most users: Start with Resend for simplicity, or Amazon SES if you’re comfortable with AWS.

Setting Up Email Providers

Amazon SES Setup

Step 1: Create AWS Account

  1. Go to aws.amazon.com
  2. Sign up for an AWS account
  3. Verify your email and payment method

Step 2: Access SES Console

  1. Log in to AWS Console
  2. Search for “SES” in the services search
  3. Click “Amazon Simple Email Service”
  4. Select your preferred region (e.g., us-east-1)

Step 3: Verify Your Email Address

  1. In SES console, go to Verified Identities
  2. Click Create Identity
  3. Choose Email address
  4. Enter your “From” email address (e.g., [email protected])
  5. Click Create Identity
  6. Check your email for verification link
  7. Click verification link

Step 4: Verify Your Domain (Recommended)

  1. In SES console, go to Verified Identities
  2. Click Create Identity
  3. Choose Domain
  4. Enter your domain (e.g., yoursite.com)
  5. Click Create Identity
  6. Add the provided DNS records to your domain:
  • DKIM records (for authentication)
  • MAIL FROM record (optional but recommended)
  1. Wait for verification (can take up to 72 hours)

Step 5: Request Production Access

  1. In SES console, click Account Dashboard
  2. Note: You start in “Sandbox” mode (can only send to verified addresses)
  3. Click Request Production Access
  4. Fill out the form:
  • Use case: Transactional emails
  • Website URL: Your site
  • Describe how you handle bounces
  • Daily sending quota: Start with 50,000
  1. Submit request
  2. AWS usually approves within 24 hours

Step 6: Create IAM User

  1. Go to IAM console (search “IAM” in AWS)
  2. Click UsersAdd User
  3. Username: guarddog-ses (or similar)
  4. Access type: Programmatic access
  5. Click Next: Permissions
  6. Click Attach existing policies directly
  7. Search for and select: AmazonSESFullAccess
  8. Click Next through to Create User
  9. IMPORTANT: Copy the Access Key ID and Secret Access Key
  • You won’t be able to see the secret key again!
  • Store them securely

Step 7: Configure in Guard Dog

  1. Go to Guard Dog → Settings → Email Provider
  2. Select Amazon SES from dropdown
  3. Enter configuration:
  • Access Key ID: From step 6
  • Secret Access Key: From step 6
  • Region: Your SES region (e.g., us-east-1)
  • From Email: Your verified email address
  • From Name: Your site name (e.g., “My WordPress Site”)
  1. Click Save Settings
  2. Click Send Test Email to verify

Resend Setup

Step 1: Create Account

  1. Go to resend.com
  2. Click Sign Up
  3. Create account with email/GitHub/Google
  4. Verify your email address

Step 2: Add Your Domain

  1. In Resend dashboard, click Domains
  2. Click Add Domain
  3. Enter your domain (e.g., yoursite.com)
  4. Click Add
  5. Add the provided DNS records to your domain:
  • SPF record
  • DKIM record
  1. Click Verify DNS Records
  2. Verification usually instant or within minutes

Step 3: Create API Key

  1. In Resend dashboard, click API Keys
  2. Click Create API Key
  3. Name: Guard Dog (or similar)
  4. Permission: Sending access
  5. Click Create
  6. Copy the API key – You won’t see it again!
  7. Store it securely

Step 4: Configure in Guard Dog

  1. Go to Guard Dog → Settings → Email Provider
  2. Select Resend from dropdown
  3. Enter configuration:
  • API Key: From step 3
  • From Email: Your verified domain email (e.g., [email protected])
  • From Name: Your site name
  1. Click Save Settings
  2. Click Send Test Email to verify

SendGrid Setup

Step 1: Create Account

  1. Go to sendgrid.com
  2. Click Sign Up
  3. Fill out registration form
  4. Verify your email address
  5. Complete account setup wizard

Step 2: Verify Sender Identity

  1. In SendGrid dashboard, go to SettingsSender Authentication
  2. Click Authenticate Your Domain (recommended)
  • Or Verify a Single Sender (simpler but less reliable)
  1. For domain authentication:
  • Enter your domain
  • Add provided DNS records
  • Click Verify
  1. For single sender:
  • Enter your email and details
  • Click verification link in email

Step 3: Create API Key

  1. In SendGrid dashboard, go to SettingsAPI Keys
  2. Click Create API Key
  3. Name: Guard Dog
  4. Permission: Restricted Access
  • Enable: Mail SendFull Access
  • Everything else: No Access
  1. Click Create & View
  2. Copy the API key – You won’t see it again!
  3. Store it securely

Step 4: Configure in Guard Dog

  1. Go to Guard Dog → Settings → Email Provider
  2. Select SendGrid from dropdown
  3. Enter configuration:
  • API Key: From step 3
  • From Email: Your verified email
  • From Name: Your site name
  1. Click Save Settings
  2. Click Send Test Email to verify

Configuration Fields

Common Fields (All Providers)

From Email:

From Name:

  • The friendly name that appears as sender
  • Example: “My WordPress Site”, “ACME Security”
  • Shows in email client as: “From Name [email protected]

Provider-Specific Fields

Amazon SES:

  • Access Key ID – Your IAM user’s access key
  • Secret Access Key – Your IAM user’s secret key
  • Region – AWS region where you configured SES (e.g., us-east-1, eu-west-1)

Resend:

  • API Key – Your Resend API key

SendGrid:

  • API Key – Your SendGrid API key

Testing Your Configuration

After configuring your email provider:

Send Test Email

  1. Click Send Test Email button
  2. Enter a test email address (your email)
  3. Click Send
  4. Check your inbox (and spam folder)
  5. You should receive: “Guard Dog Email Provider Test”

If test succeeds:

  • ✅ Configuration is correct
  • ✅ Email provider is working
  • ✅ DNS records are properly configured
  • ✅ Email authentication is working

If test fails:

  • ❌ Check your API credentials
  • ❌ Verify DNS records are added
  • ❌ Check provider dashboard for errors
  • ❌ Ensure from email is verified
  • ❌ Check debug logs in Guard Dog settings

Test 2FA Email

To test the full 2FA flow:

  1. Enable email 2FA in Login Security
  2. Go to your User Profile
  3. Enable email 2FA for your account
  4. Log out
  5. Log back in
  6. You should receive a 2FA code via email
  7. Enter the code to complete login

Troubleshooting

Test Email Not Received

Check these in order:

  1. Spam folder
  • Email may be filtered as spam
  • Add sender to safe list
  1. Provider dashboard
  • Log in to your email provider
  • Check delivery logs
  • Look for bounces or errors
  1. API credentials
  • Verify API key is correct
  • Check for copy/paste errors
  • Ensure key has sending permissions
  1. DNS records
  • Verify DNS records are added correctly
  • Use DNS checker tools
  • Wait for DNS propagation (up to 48 hours)
  1. Sender verification
  • Ensure from email is verified
  • For SES: Check production access status
  • For SendGrid/Resend: Verify domain or sender
  1. Debug logs
  • Enable debug logging in Guard Dog
  • Check Settings → Debug
  • Look for API error messages

Wrong Sender Email Appears

Problem: Emails come from wrong address

Cause: From email not verified or overridden

Solution:

  1. Verify the from email in provider dashboard
  2. Check Guard Dog email provider settings
  3. Ensure from email matches verified address

“Not Authorized” or “Access Denied” Error

Amazon SES:

  • IAM user needs AmazonSESFullAccess policy
  • Access key and secret key must be correct
  • Region must match where you configured SES

Resend:

  • API key must have “Sending access” permission
  • Check for typos in API key

SendGrid:

  • API key must have “Mail Send” full access
  • Verify API key is not expired

Emails Going to Spam

Causes:

  • Domain not authenticated (no SPF/DKIM)
  • Shared IP with poor reputation
  • Content triggers spam filters

Solutions:

  1. Authenticate your domain:
  • Add all SPF, DKIM, DMARC records
  • Use provider’s domain authentication
  1. Use dedicated IP (advanced):
  • Available in paid plans
  • Costs extra but improves deliverability
  1. Warm up your sending:
  • Start with low volume
  • Gradually increase over weeks
  • Builds sender reputation
  1. Content best practices:
  • Avoid spam trigger words
  • Use plain text or simple HTML
  • Include unsubscribe link (for marketing)

High Bounce Rate

Problem: Emails bouncing back

Causes:

  • Invalid recipient email addresses
  • Temporary server issues
  • Email addresses no longer exist

Solutions:

  1. Verify email addresses:
  • Test with known good addresses
  • Remove invalid addresses from database
  1. Check bounce logs:
  • Provider dashboard shows bounce reasons
  • Hard bounces vs soft bounces
  1. Handle bounces properly:
  • Remove hard-bounced addresses
  • Retry soft bounces later

Best Practices

  1. Authenticate your domain – Always use SPF, DKIM, DMARC
  2. Use a dedicated subdomainmail.yoursite.com for sending reputation
  3. Monitor delivery rates – Check provider dashboard regularly
  4. Keep API keys secure – Never commit to version control
  5. Use environment variables – For API keys in production
  6. Test before going live – Send test emails thoroughly
  7. Set up bounce handling – Monitor and act on bounces
  8. Use descriptive from names – Help users identify legitimate emails
  9. Don’t use personal email – Use domain email for professionalism
  10. Have backup method – Consider fallback to wp_mail() if provider fails

Cost Management

Staying in Free Tiers

Amazon SES:

  • Monitor monthly sending volume
  • Free tier: 62,000/month with EC2 or $0.10 per 1,000
  • Set up billing alerts in AWS

Resend:

  • 100 emails/day = 3,000/month
  • Enough for small sites with occasional 2FA
  • Upgrade to $20/month for 50,000

SendGrid:

  • 100 emails/day = 3,000/month
  • Similar to Resend
  • Good for small to medium sites

Optimizing Costs

  1. Only enable email 2FA if needed
  • App-based 2FA doesn’t use email credits
  • Email 2FA only when required
  1. Batch notifications (if sending bulk)
  • Don’t send individual emails for each event
  • Batch and send digest emails
  1. Clean your user list
  • Remove bounced addresses
  • Remove inactive users
  • Reduces unnecessary sends
  1. Monitor usage
  • Check provider dashboard monthly
  • Set up usage alerts
  • Upgrade plan before hitting limits

FAQ

Q: Do I need an email provider?
A: Only if you want email-based 2FA or reliable transactional emails. App-based 2FA doesn’t require email.

Q: Which provider is best?
A: Resend for simplicity, Amazon SES for cost/scale, SendGrid for enterprise features.

Q: Can I use my regular email service (Gmail, Outlook)?
A: Not recommended. They have sending limits and poor deliverability for automated emails.

Q: Will this affect my regular WordPress emails?
A: No. Guard Dog only uses the email provider for its own emails. Other WordPress emails still use wp_mail().

Q: Can I switch providers later?
A: Yes, just change the provider selection and update credentials.

Q: Do I need to configure DNS records?
A: Highly recommended for good deliverability. Not strictly required but emails may go to spam without them.

Q: What if email sending fails?
A: Users will see an error and can’t complete email 2FA. Have app-based 2FA as backup.

Q: How many emails will I send?
A: For 2FA: ~2 per user login. For 100 users logging in daily = ~200 emails/day.

Q: Can I use free email providers?
A: Yes, all three have generous free tiers sufficient for most small to medium WordPress sites.