How to setup send only encrypted email on LEMP server with WP installed


I am having trouble sending encrypted email from my server. My site is live and perfectly working and secure as can be (I followed all security guides on DigitalOcean) BUT there is one frustrating issue that I am having trouble fixing. First, my domain’s nameservers are pointing to Microsoft Office 365’s server for emails and then I have an A record pointing to my Droplet’s IP address.

My site is on Wordpress and I configured my droplet from scratch following this guide to install a LEMP server:

Then I followed this guide to setup send only SMTP server:

Which is when I started to notice that A. Emails were going to spam on my gmail and B. I was not receiving the emails at all to my office 365 email – which is the main email that I need it to go to.

The email server has been setup years ago and has SPF record and I followed this guide to configure DKIM with Postfix and installed the record on Microsoft Office 365’s DNS and I validated it by using this tool:



And I am still getting unencrypted email sent out and not even showing up to my MS Office emails. What am I doing wrong?

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

Hi. Is your web server listed in your SPF record? If the server is not authorized in the SPF to send email for your domain then it is likely to be flagged as spam or dropped by receiving servers.

You have a couple options. You can either adjust your SPF record to support both your Office365 mail and your web server’s need to send mail or you could create a second MX record for a subdomain on your domain and configure your web service to send email as or another subdomain.