VR SMTP Mailer

Сүрөттөө

VR SMTP Mailer replaces the default WordPress mail transport with SMTP or an OAuth-based mail API, with full support for Microsoft 365 (Office365), Outlook SMTP, and Microsoft Graph API.

It is designed as a complete email solution for WordPress — combining SMTP delivery, OAuth authentication, and API-based sending in a single plugin, without requiring multiple paid extensions.

Why choose this plugin

• Works with Microsoft 365 / Office365 and Outlook SMTP
• Supports both SMTP and OAuth (Graph API) in one plugin
• No need to install multiple plugins for authentication and email delivery
• Designed to work as a full wp_mail replacement
• Includes features commonly available only in paid plugins
• No subscriptions or locked features

Send emails using either SMTP or an OAuth-based mail API (Graph-compatible).
Works with wp_mail() (for immediate sends):
When WordPress sends emails through this plugin, it keeps the same structure as the default wp_mail() function. This includes support for multiple recipients, subject, message body, headers (From, Cc, Bcc, Reply-To, Content-Type), attachments, and inline images where supported.
Standard WordPress filters like wp_mail, wp_mail_from, wp_mail_content_type, and phpmailer_init are applied in SMTP mode, so behavior remains consistent with native WordPress email handling.
Graph API limitations:
When using the Graph API, emails support HTML or plain text content, along with To, Cc, Bcc, and Reply-To fields. Attachments and inline images are supported, but typically limited to around 3 MB per file.
Custom MIME headers are not fully supported, and only standard fields are mapped to the API. More complex email structures may behave differently compared to traditional PHP mail handling.
Email queue (WP-Cron):
Emails can be queued and processed later using WP-Cron. Queued emails store only basic details such as recipient, subject, and message body. Attachments, headers, and inline images are not included in queued jobs.
Automatic OAuth token refresh:
Access tokens are refreshed automatically to ensure uninterrupted email delivery.
Secure OAuth handling:
Token exchange (authorization code to access/refresh tokens) is restricted to users with administrator-level permissions (manage_options). You must be logged in as an admin when completing the OAuth connection.
Testing tools included:
Includes a built-in test email feature and an SMTP connection tester to help verify configuration.
Logging and debugging:
Email activity and debug information are stored in custom database tables for troubleshooting and monitoring.

Security and stored secrets

This plugin stores SMTP passwords, OAuth client secrets, refresh tokens, and access tokens in the WordPress options table, using the same approach as most WordPress settings. These values are not encrypted at rest.

Anyone with access to the database, a full site backup, or an administrator account could potentially view this information. It’s recommended to use strong admin credentials, secure hosting, and limit your app permissions to only what is required.

This plugin is not affiliated with or endorsed by Microsoft. Microsoft, Microsoft 365, Azure, Office, and related names are trademarks of Microsoft Corporation. These names are used only to describe compatibility and technical functionality.

Do not use Microsoft or related logos, branding, or visual assets in your plugin icon, banner, or screenshots on WordPress.org. Use your own branding and neutral visuals.

Third-party services

This plugin connects to external services only when required for email delivery or authentication. It does not send general site traffic or unrelated data to third parties.

Microsoft identity platform (OAuth2) — login.microsoftonline.com

What it is
This is Microsoft’s OAuth2 authentication service (also known as the Microsoft Identity Platform or Entra ID). It is used when you connect your account using OAuth.

What it is used for

Signing in through Microsoft
Exchanging authorization codes for access and refresh tokens
Refreshing expired access tokens

What data is sent and when

During login (via browser): client ID, redirect URI, requested scopes (such as Mail.Send, User.Read), and a state parameter for security
During token exchange (server-side): authorization code, client ID, client secret, redirect URI, grant type, and scopes

Terms
https://www.microsoft.com/servicesagreement

Privacy
https://privacy.microsoft.com/privacystatement

Microsoft Graph API — graph.microsoft.com

What it is
Microsoft’s API for accessing Microsoft 365 services, including sending emails.

What it is used for
Sending emails through the Graph API (/v1.0/me/sendMail).

What data is sent and when
When an email is sent (including test emails), the plugin makes a secure HTTPS request that includes:

An OAuth access token
Email details such as recipients, subject, message body, and optional Cc/Bcc/Reply-To
Attachments or inline images (within API limits)

Terms
https://www.microsoft.com/servicesagreement

Privacy
https://privacy.microsoft.com/privacystatement

Note: Use of Microsoft APIs is also subject to Microsoft’s developer and product terms. Refer to https://www.microsoft.com/legal/
for details.

User-configured SMTP server

What it is
An SMTP server that you configure (for example, your hosting provider, Microsoft 365, Google Workspace, or another email service).

What it is used for
Sending emails using your SMTP credentials.

What data is sent and when
Whenever an email is sent (including test emails), the plugin transmits:

SMTP credentials (if configured)
Email content such as recipients, subject, and message body

This plugin does not control or manage the infrastructure of your SMTP provider.

Terms and privacy
You are responsible for reviewing the terms and privacy policy of your email provider. This plugin does not replace or override those agreements.