Email Settings
Email controls user verification, password resets, passwordless login codes, and any custom mailing your project does. If it's broken, every flow that depends on it breaks. This page walks through every option on Admin Dashboard → Settings → Email, in the same order you see them in the dashboard, plus the gotchas that actually trip people up.
-
01 SMTP basics
Identity & SMTP server
Website Name
Used inside email bodies and templates as the name of your project. This is independent of the global Site Name in General Settings — feel free to set it to a friendlier-sounding label here.
SMTP Server
The hostname of your outgoing mail server (e.g.
smtp.gmail.com,smtp.sendgrid.net,smtp.mailgun.org, your hosting provider's mail server). Not sure what yours is? An MX-lookup tool like MXToolbox SuperTool will tell you.SMTP Port
Standard ports: 587 (TLS / submission, the most common modern default), 465 (SSL), or 25 (legacy plain SMTP, almost always blocked). Match this to whatever transport you pick below.
Email Login / Username
The username for your SMTP account. With most providers this is the full email address (
you@example.com). With business mail or relay providers (Mailgun, SendGrid, Postmark) it's whatever username they assigned you.Email Password
The SMTP password for that account. For Gmail this must be an app-specific password — not your account password — and 2-Step Verification has to be on for your Google account first. See Google's app password guide. Most other providers use the regular SMTP password they issued you.
From Name & From Email
What recipients see in the From column of their inbox. Both fields have a "Use Website Name" / "Use Email Login" shortcut button to copy the matching value over. The From Email should be a deliverable address on the same domain as your SMTP login when possible — mismatched domains fail SPF/DKIM checks and end up in spam.
PHPMailer Authtype
The SMTP authentication mechanism. Most providers use
LOGINorPLAINand you can leave this blank;CRAM-MD5exists for older servers, andXOAUTH2is for OAuth-based authentication (advanced — Gmail/Microsoft 365 with OAuth instead of an app password). -
02 Encryption
Transport & SMTP options
Transport
Two choices: TLS (encrypted, modern, recommended — pairs with port 587) or SSL (encrypted but older — pairs with port 465). Plain unencrypted SMTP is intentionally not offered; it would mean transmitting your credentials in cleartext.
Use isSMTP Feature
Tells PHPMailer to talk directly to the SMTP server you configured instead of handing mail off to PHP's built-in
mail()function. Turn this on if email silently fails despite correct credentials — most modern setups (Gmail, SendGrid, etc.) requireisSMTPto be on.Use SMTP Authentication
Whether to authenticate to the SMTP server with the login/password above. Almost always yes. The only time you'd say no is if you're relaying through a local mail server that's already authenticated.
Send Email as HTML by Default
When yes, outgoing mail is multipart with an HTML body. When no, plain text only. HTML is the typical choice; UserSpice's built-in templates are written for HTML.
Email Debugging Level (0–4)
How verbose PHPMailer is when it runs:
- 0Off — production setting.
- 1Client messages only.
- 2Normal debug — both sides of the SMTP conversation.
- 3More verbose — adds connection details.
- 4Extremely verbose — full TLS handshake.
Turn this off in production. Debug output can leak credentials and connection details into your error log or onto the page.
-
03 Verification
Root URL & email verification
Root URL of Your UserSpice Install
The full public URL UserSpice prepends to every link inside emails — verification links, password-reset links, magic-link logins. Including the protocol is critical. The dashboard pre-fills a "most likely" URL based on the request you're making and gives you a Use This button. The trailing
/is required and is added automatically if you forget it.Require User to Verify Their Email
When yes, a newly registered user has to click the verification link in their email before they can log in. Don't enable this until you've sent and received a real test email — turning it on with broken email config locks new users out entirely.
If verification is off and you have unverified users in the database, the Email Settings page surfaces a one-click "Mark All Users as Verified" button so you can clear them out in bulk before flipping verification on.
-
04 Test it
Test before you trust it
The form gives you two save buttons:
- ✓Update Email Settings — saves changes only.
- ✓Update and Test Email Settings — saves and immediately fires a test email through the live config. Use this every time you change anything.
"I'm sure my settings work" without testing is how you find out three weeks later that no user has been able to verify their account. Send the test.
First-time delivery tip: the first few emails from a new sender often land in spam. Send tests to a few personal accounts you control and click "Not Spam" on each. That trains the major providers to trust you faster.
-
05 Pitfalls
Common pitfalls
- ✓Gmail rejecting "wrong password": you're using your Google password instead of an app password. Generate one at myaccount.google.com/apppasswords (requires 2FA on the Google account).
- ✓"Could not authenticate" with isSMTP off: turn isSMTP on. Modern providers refuse handoffs from PHP's
mail(). - ✓Emails go out but verification links 404: the Root URL is wrong (often
httpvshttps, or missing the trailing slash). Use the "Use This" button beside the field. - ✓Emails work locally but not on the server: outbound port 587/465 is firewalled. Many VPS providers block these by default; check with your host.
- ✓Mail keeps landing in spam: set up SPF, DKIM, and DMARC for the From domain. If you're sending more than a trickle, use a transactional provider (SendGrid, Mailgun, Postmark, Amazon SES) instead of a personal mailbox.