Emails from your iRedMail server going to Gmail spam folder? Learn how to set up SPF, DKIM, DMARC, PTR records, and warm up your IP address for perfect deliverability.
You’ve set up iRedMail. SSL certificates are working. Authentication is perfect. But there’s one problem: emails from your server go straight to Gmail’s spam folder. Or worse—they never arrive at all.
You’re not alone. This is the single biggest frustration for new email server administrators. Gmail, Outlook, and Yahoo have strict requirements for accepting email from unknown servers. Without proper configuration, your legitimate emails look like spam to their filters.
The good news: deliverability is 100% fixable. Major email providers have published clear requirements. Once you meet them, your emails will land in the inbox every time.
In this guide, I’ll walk you through the 5 essential email authentication standards that determine deliverability: SPF, DKIM, DMARC, PTR, and IP warming.
Why Gmail Blocks Your Emails
Gmail and other providers use automated scoring systems. Each email receives a “spam score” based on multiple factors:
| Factor | Weight | Description |
|---|---|---|
| SPF | High | Is the sending IP authorized? |
| DKIM | High | Is the email signature valid? |
| DMARC | High | What to do if SPF/DKIM fail? |
| PTR Record | Medium | Does IP reverse-resolve to hostname? |
| IP Reputation | High | Has this IP sent spam before? |
| Content | Medium | Does email look like spam? |
Missing any of the first three almost guarantees spam folder placement.
Step 1: Set Up SPF (Sender Policy Framework)
SPF tells receiving servers which IP addresses are authorized to send email for your domain.
Generate SPF Record
For a typical iRedMail setup, your SPF record should look like:
v=spf1 mx ip4:YOUR_SERVER_IP ~all
Components:
v=spf1– SPF versionmx– Allow your MX serversip4:YOUR_SERVER_IP– Allow your server’s IP~all– Soft fail for other IPs (or-allfor hard fail)
Add to DNS
- Log into your domain’s DNS control panel
- Add a TXT record for your domain (not a subdomain)
- Name/Host:
@or your domain name - Value:
v=spf1 mx ip4:203.0.113.0 ~all(replace with your IP)
Verify SPF
dig TXT yourdomain.com | grep spf # OR nslookup -type=TXT yourdomain.com
Expected output:
"v=spf1 mx ip4:103.207.87.115 ~all"
Step 2: Set Up DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to every outgoing email. iRedMail generates DKIM keys automatically.
Find Your DKIM Key
# For iRedMail with OpenDKIM sudo amavisd-new showkeys # OR sudo cat /var/lib/dkim/yourdomain.com.txt
Expected output format:
mail._domainkey IN TXT "v=DKIM1; h=sha256; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK..."
Add DKIM Record to DNS
- Add a TXT record for
mail._domainkey.yourdomain.com - Name/Host:
mail._domainkey - Value: The entire string from
v=DKIM1to the end
Verify DKIM
dig TXT mail._domainkey.yourdomain.com
Test sending an email:
echo "Test DKIM" | mail -s "DKIM Test" test@yourdomain.com
Check headers for DKIM-Signature and Authentication-Results.
Step 3: Set Up DMARC (Domain-based Message Authentication)
DMARC tells receiving servers what to do when SPF and DKIM fail.
Create DMARC Record
Add this TXT record to your DNS:
_dmarc.yourdomain.com. TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-reports@yourdomain.com; fo=1"
Policy options:
| Policy | Action |
|---|---|
p=none | Monitor only (no action) |
p=quarantine | Mark as spam |
p=reject | Reject the email entirely |
Start with p=none to monitor, then move to p=quarantine or p=reject.
Add DMARC Record
- Add a TXT record for
_dmarc.yourdomain.com - Name/Host:
_dmarc - Value:
v=DMARC1; p=quarantine; rua=mailto:admin@yourdomain.com
Verify DMARC
dig TXT _dmarc.yourdomain.com
Step 4: Set Up PTR Record (Reverse DNS)
PTR records are controlled by your hosting provider, not your DNS.
Check Current PTR
dig -x YOUR_SERVER_IP
Expected output:
;; ANSWER SECTION: xxx.xxx.xxx.xxx.in-addr.arpa. 86400 IN PTR mail.yourdomain.com.
Request PTR from Hosting Provider
Contact your VPS/cloud provider support and request:
Please set the PTR record for IP YOUR_SERVER_IP to mail.yourdomain.com
Providers and their policies:
| Provider | PTR Policy |
|---|---|
| DigitalOcean | Can set via control panel |
| Linode | Can set via control panel |
| Vultr | Can set via control panel |
| AWS | Requires support ticket |
| Hetzner | Can set via robot panel |
| OVH | Requires support ticket |
Verify PTR
# Get the PTR hostname dig -x YOUR_SERVER_IP +short # Then check that hostname resolves back to your IP dig PTR_HOSTNAME +short
Both commands should return your server’s IP address.
Step 5: Warm Up Your IP Address
New IP addresses have no reputation. You need to gradually increase sending volume.
IP Warming Schedule
| Week | Daily Volume | Notes |
|---|---|---|
| Week 1 | 10-50 emails | Personal emails only |
| Week 2 | 50-200 emails | Add a few more senders |
| Week 3 | 200-1000 emails | Regular business email |
| Week 4 | 1000+ emails | Full sending volume |
Monitor Reputation
Use these free tools:
- Google Postmaster Tools – Google’s official reputation dashboard
- MXToolbox Blacklist Check – Check if your IP is listed
- SenderScore.org – Reputation score (0-100)
- Talos Intelligence – Email reputation lookup
Step 6: Additional Deliverability Factors
Use TLS Encryption
Your server should encrypt email in transit:
sudo postconf -e "smtp_tls_security_level = may" sudo postconf -e "smtp_tls_mandatory_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1" sudo postconf -e "smtp_tls_protocols = !SSLv2 !SSLv3 !TLSv1 !TLSv1.1"
Avoid Spam Trigger Words
Common spam trigger words to avoid:
- “Free”, “Winner”, “Guaranteed”
- “Act now”, “Limited time”
- ALL CAPS subject lines
- Multiple exclamation marks!!!
- “Click here”, “Unsubscribe” (only in footer)
Set Proper Rate Limits
# Limit outgoing emails per second sudo postconf -e "smtp_destination_rate_delay = 5s" sudo postconf -e "smtp_destination_concurrency_limit = 2"
Complete Verification Script
Run this on your server to check all deliverability settings:
#!/bin/bash
DOMAIN="yourdomain.com"
IP=$(curl -s ifconfig.me)
echo "=== Email Deliverability Check ==="
echo "Domain: $DOMAIN"
echo "Server IP: $IP"
echo ""
echo "--- SPF Check ---"
dig TXT $DOMAIN +short | grep spf && echo "✅ SPF configured" || echo "❌ SPF missing"
echo ""
echo "--- DKIM Check ---"
dig TXT mail._domainkey.$DOMAIN +short | head -c 100 && echo "... ✅ DKIM configured" || echo "❌ DKIM missing"
echo ""
echo "--- DMARC Check ---"
dig TXT _dmarc.$DOMAIN +short && echo "✅ DMARC configured" || echo "❌ DMARC missing"
echo ""
echo "--- PTR Check ---"
PTR=$(dig -x $IP +short)
echo "PTR record: $PTR"
if [[ "$PTR" == *"$DOMAIN"* ]]; then
echo "✅ PTR matches domain"
else
echo "❌ PTR does not match domain"
fi
echo ""
echo "--- Blacklist Check ---"
for BL in "zen.spamhaus.org" "bl.spamcop.net" "b.barracudacentral.org"; do
if dig +short $REV.$BL | grep -q "127.0.0"; then
echo "❌ IP listed on $BL"
else
echo "✅ Clean on $BL"
fi
done
Conclusion
Email deliverability is not magic—it’s technical. By implementing these five standards, your emails will land in the inbox:
| Standard | Purpose | Urgency |
|---|---|---|
| SPF | Authorize sending IPs | ✅ Required |
| DKIM | Cryptographically sign emails | ✅ Required |
| DMARC | Define handling of failures | ✅ Required |
| PTR | Match IP to hostname | ✅ Required |
| IP Warming | Build reputation | ⏳ Recommended |
Your iRedMail server is now fully deliverable to Gmail and other major providers.