wow, that worked... and I checked with the WPMail plugin deactivated too. I'm sure I tried "notls" at some point, but probably with another option wrong at that time, or the host changed something after my support requests. Even my host's detailed instructions provides next to no information on these exact security settings, which is strange given that if you don't have them right, it won't work.
One final question though - now that it's working, which one is better / more simple / preferable? php() mail, or SMTP?