What services does Kentel offer?

Kentel offers comprehensive software development services including web development, mobile app development, digital solutions, UI/UX design, and technology consulting.

How long does a typical project take?

Project timelines vary based on complexity and requirements. Simple websites typically take 2-4 weeks, while complex applications can take 3-6 months. We provide detailed timelines during our consultation process.

Do you work with startups and enterprises?

Yes, we work with businesses of all sizes, from early-stage startups to large enterprises. Our scalable solutions are designed to grow with your business needs.

What technologies do you use?

We use cutting-edge technologies including React, Next.js, Node.js, Python, TypeScript, and modern cloud platforms to deliver scalable, performant solutions.

Your Emails Are Going to Spam (Fix It With This Mailcow Setup)

You wrote the perfect cold email. Subject line is fire, the copy is tight, the offer is solid. You hit send. And then... nothing. No opens. No replies. Because Gmail quietly dropped your email into a spam folder where nobody will ever see it.

If you're running Mailcow as your SMTP server and haven't set up DKIM, SPF, and DMARC properly, this is exactly what's happening. Every single email you send is basically wasted.

Let's fix that right now.

Why Gmail and Outlook Hate Your Emails

Email providers don't just look at what's in your email. They look at who's sending it and whether that sender is legit.

DKIM, SPF, and DMARC are the three authentication protocols that prove your emails are real. Think of them like ID verification:

SPF = "These are the only servers allowed to send emails from my domain"
DKIM = "Here's a digital signature proving this email hasn't been tampered with"
DMARC = "If an email fails these checks, here's what to do with it"

Without all three, you're basically sending emails with no ID. And email providers treat unverified senders the same way a bouncer treats someone without an ID. You're not getting in.

What You Need Before Starting

Mailcow instance up and running
Access to your domain's DNS settings (Cloudflare, Namecheap, GoDaddy, wherever)
Your domain added to Mailcow
About 15 minutes

That's it. Let's go.

Step 1: SPF (The Guest List)

SPF tells receiving servers which IP addresses are allowed to send emails on behalf of your domain. If an email comes from an IP not on the list, it gets flagged.

Setting It Up

Go to your DNS provider and add a new TXT record:

Name/Host: @ (or your domain name)
Type: TXT
Value: v=spf1 ip4:YOUR_SERVER_IP ~all

Replace YOUR_SERVER_IP with the actual IP address of your Mailcow server. That's the IP you got from your VPS provider (Hetzner, DigitalOcean, OVH, etc.).

If You Send From Multiple Sources

Maybe you also use Google Workspace or another email service alongside Mailcow. Combine them into one record:

v=spf1 ip4:YOUR_SERVER_IP include:_spf.google.com ~all

The Tags Explained

~all = soft fail. Emails from unauthorized IPs get flagged but not rejected. Start with this.
-all = hard fail. Unauthorized emails get rejected outright. Use this once you're confident everything works.
+all = allow everyone. Never use this. It tells the world anyone can send as your domain.

Common SPF Mistakes

Multiple SPF records. You can only have ONE SPF TXT record per domain. Need multiple sources? Put them all in one record.

Wrong IP address. Double-check your server's actual IP. A typo here means all your emails fail SPF.

Forgetting to update after server migration. Changed servers? Update the IP in your SPF record or everything breaks.

Step 2: DKIM (The Digital Signature)

DKIM adds a cryptographic signature to every email you send. The receiving server checks this signature against a public key in your DNS. If they match, the email is verified as authentic and untampered.

Getting Your DKIM Key From Mailcow

Log into your Mailcow admin panel
Go to Configuration then Domains
Click on your domain
Find the DKIM section
If no key exists, select 2048 bit key length and click Generate
Mailcow will display your DKIM public key and the selector (usually dkim)

Adding It to DNS

Go to your DNS provider and add a new TXT record:

Name/Host: dkim._domainkey (replace dkim with whatever selector Mailcow shows)
Type: TXT
Value: the full key Mailcow generated (starts with v=DKIM1;)

Things That Trip People Up

Copy the ENTIRE key. One missing character and it breaks. Copy it directly from Mailcow, don't try to retype it.

Character limits. Some DNS providers cap TXT record length. If your key is long, the provider might need you to split it into multiple strings. Most modern providers handle this automatically.

The selector matters. If Mailcow says the selector is dkim, your DNS record name must be dkim._domainkey. If it says mail, it's mail._domainkey. Get this wrong and DKIM silently fails.

Verify It Works

Wait 5 to 10 minutes for DNS propagation, then:

Check Mailcow admin panel. The DKIM section should show a green checkmark.
Use MXToolbox DKIM lookup tool online
Send a test email to Gmail, click "Show Original" and look for DKIM: PASS

Step 3: DMARC (The Enforcer)

DMARC ties SPF and DKIM together and tells email providers what to do when authentication fails. Without DMARC, providers make their own decisions about your failing emails. With DMARC, you're in control.

Setting It Up

Add a new TXT record in your DNS:

Name/Host: _dmarc
Type: TXT
Value: v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com; ruf=mailto:dmarc@yourdomain.com; fo=1

Replace yourdomain.com with your actual domain.

What Each Part Does

v=DMARC1 = identifies this as a DMARC record
p=none = the policy (what happens to failing emails)
rua=mailto: = where aggregate reports are sent
ruf=mailto: = where forensic/failure reports are sent
fo=1 = generate a report if either SPF or DKIM fails

The Three Policies (Start Soft, Go Hard)

p=none = monitor only. Failing emails still get delivered. You just get reports. Always start here.
p=quarantine = send failing emails to spam
p=reject = block failing emails completely

The Rollout Strategy

Week 1-2: Use p=none. Monitor your DMARC reports. Make sure your legit emails are passing both SPF and DKIM.

Week 3-4: Switch to p=quarantine. Failing emails go to spam instead of inbox. Check that nothing legitimate is getting caught.

Week 5+: Switch to p=reject. Full protection. Unauthorized emails from your domain get blocked outright.

Going straight to p=reject without monitoring first is how people accidentally block their own legitimate emails. Don't skip the process.

Step 4: Verify Everything Together

All three records set up? Let's make sure they actually work.

The Gmail Test

Send an email from your Mailcow setup to a Gmail address. Open it, click the three dots, click "Show Original." You should see:

SPF: PASS
DKIM: PASS
DMARC: PASS

All three passing? You're golden.

Mail-Tester

Go to mail-tester.com. They give you a temporary email address. Send your test email to it. You'll get a score out of 10.

Aim for 9/10 or 10/10. Anything below 7 means something is wrong.

MXToolbox

Use their free tools to check each record individually. Good for debugging when something fails.

Bonus: Extra Steps That Boost Deliverability

Authentication is the foundation. Here's what separates "emails land in inbox" from "emails land in Primary tab."

Reverse DNS (PTR Record)

Your server's IP should have a PTR record matching your mail server hostname. Most VPS providers (Hetzner, DigitalOcean, OVH) let you set this in their dashboard. If you can't find it, open a support ticket. Takes 2 minutes.

MX Record

Make sure your domain has an MX record pointing to your Mailcow server:

Name/Host: @
Type: MX
Value: mail.yourdomain.com
Priority: 10

TLS / SSL

Mailcow handles this automatically with Let's Encrypt. Just make sure your certificates are valid and auto-renewing. Check under Configuration then SSL in Mailcow.

Domain Warmup (This Is Critical)

Do not send 500 emails on day one. Brand new domains have zero reputation. Email providers don't trust you yet.

Start with 10 to 20 emails per day. Gradually increase over 2 to 4 weeks. Send to people who will actually open and reply. Every positive interaction builds your sender reputation.

Week 1: 10-20 emails/day Week 2: 30-50 emails/day Week 3: 50-100 emails/day Week 4+: Scale based on engagement

If your bounce rate goes above 5% or spam complaints appear, slow down immediately.

The Complete DNS Cheat Sheet

Here's every record you need in one place:

Record	Name/Host	Value
TXT (SPF)	@	v=spf1 ip4:YOUR_IP ~all
TXT (DKIM)	dkim._domainkey	v=DKIM1; k=rsa; p=YOUR_PUBLIC_KEY
TXT (DMARC)	_dmarc	v=DMARC1; p=none; rua=mailto:dmarc@yourdomain.com
MX	@	mail.yourdomain.com (priority 10)
A	mail	YOUR_SERVER_IP

Replace the placeholder values with your actual details. Save this somewhere. You'll reference it every time you set up a new domain.

Troubleshooting

SPF fails, DKIM passes: Wrong IP in your SPF record. Check your server's actual IP.

DKIM fails, SPF passes: DKIM key in DNS doesn't match Mailcow. Re-copy the key carefully. One character off breaks it.

Everything fails: DNS hasn't propagated yet. Wait 15 to 30 minutes and test again. Some providers take up to 24 hours.

All pass but still landing in spam: It's not authentication. Check your email content for spammy words, too many links, missing unsubscribe option. Or your domain is too new. Warm up gradually.

DMARC reports are unreadable XML: Use a free analyzer like dmarcian or Postmark's DMARC tool. They turn raw reports into actual dashboards.

The Bottom Line

Setting up DKIM, SPF, and DMARC on Mailcow isn't hard. It's just detailed. Every record needs to be exactly right. Follow this guide step by step, verify with the tools mentioned, and your emails will land where they belong: in the inbox.

If you're doing cold outreach, this setup is non-negotiable. Every email you send without proper authentication is an email that probably went straight to spam. That's leads, revenue, and opportunities you're throwing away.

Set it up once, verify it works, and never think about it again.

Need help setting up your email infrastructure or building custom outreach tools? We help businesses get their technical setup right so they can focus on what matters: closing deals.

Book a free 30-min call: calendly.com/kentelsoftware/30min

Or message us directly on WhatsApp: +90 530 946 0613