KumoMTA and KumoProxy
Deployment Files
Traffic Shaping and Warmup

Traffic Shaping And IP Warmup

KumoMTA can deliver very quickly. That is useful only after provider trust exists. New domains, new IPs, and new content streams need controlled ramp-up.

Official reference: KumoMTA traffic shaping (opens in a new tab).

Why shaping matters

Mailbox providers react to sending behavior. They look at:

  • New IP age and historical reputation.
  • Domain authentication and alignment.
  • Complaint rate.
  • Unknown-user rate.
  • Bounce and deferral responses.
  • Volume spikes.
  • Engagement signals.
  • Connection count and message rate.

Unshaped delivery can create throttling, deferrals, or spam placement even when DNS is technically correct.

Starting defaults

For a new egress IP, start with a conservative policy:

SettingConservative starting point
RecipientsOwned recipients and opted-in contacts only.
Daily volumeSmall batches first, then increase gradually.
DomainsStart with one verified sender domain.
EnginesUse KumoMTA only after one-recipient injection and webhook telemetry work.
CampaignsSend to a small group before full list sends.
TrackingEnable only when you need it and privacy expectations are clear.

Example warmup sequence

This is a starting pattern, not a promise of inbox placement:

Day rangeSuggested behavior
1-3Send only to owned/test recipients and a tiny opted-in group. Confirm delivered/deferred/bounced telemetry.
4-7Increase gradually if complaint, bounce, and deferral rates stay low.
8-14Add more domains or segments only after the first stream is stable.
15+Continue gradual increases. Separate unrelated brands or traffic types into their own pools when needed.

If provider deferrals increase, pause growth and lower the send rate. Do not push more volume into a provider that is already telling you to slow down.

Using KumoMTA shaping

KumoMTA supports traffic shaping in policy. The official helper can load shaping rules from TOML or JSON files and can use Traffic Shaping Automation for provider-feedback-driven adjustments.

Use shaping when you need to control:

  • Concurrent connections.
  • Messages per connection.
  • Connection open rate.
  • Message send rate.
  • Provider-specific timeouts.
  • Queue and retry behavior.
  • TLS requirements by destination.

The official docs recommend implementing traffic shaping because the default behavior is designed for throughput and may be too aggressive for mailbox-provider expectations.

When to add Traffic Shaping Automation

Add KumoMTA Traffic Shaping Automation when you have:

  • Enough traffic for provider response patterns to matter.
  • Monitoring for queue age, deferred responses, and provider groups.
  • A tested fallback plan.
  • Operators who can review automated changes.

Do not start with complex automation before basic delivery telemetry works. First prove injection, queueing, delivery, and webhook lifecycle events.

KumoProxy and reputation

KumoProxy is often the right architecture when:

  • The KumoMTA host is not allowed to send outbound SMTP.
  • You want the visible SMTP egress IP to live on a dedicated host.
  • You need a stable IP identity across KumoMTA host replacements.
  • You want to isolate reputation by proxy host or pool.

KumoProxy does not hide poor sending behavior. Recipient providers still see the proxy egress IP and judge it based on DNS, authentication, volume, complaints, bounces, content, and engagement.

What to monitor

In PING8 and KumoMTA, watch:

  • Accepted injections.
  • Queue depth and queue age.
  • Delivered, deferred, bounced, expired, and complained events.
  • Provider response text.
  • Gmail and Microsoft-specific deferrals.
  • Webhook delivery health.
  • Disk usage on the spool.
  • Egress IP blacklist status.

What to avoid

  • Do not start with a full production list on a new IP.
  • Do not retry a full campaign when the first test send fails.
  • Do not increase volume while deferrals are rising.
  • Do not mix unrelated customer brands in one egress pool when isolation matters.
  • Do not ignore webhook failures; without lifecycle events, PING8 cannot show accurate delivery state.
  • Do not clear queues as a first response. Understand what messages are queued and why.

PING8 rollout gate

Before raising volume:

  1. Domain DNS is verified.
  2. PING8 connection test passes.
  3. One owned test recipient receives a message or shows a clear provider response.
  4. Webhook event appears in PING8.
  5. Failure details show provider telemetry, not only injection state.
  6. Queue age stays low at the current volume.
Ports and FirewallConnect PING8