PowerMTA service
We operate your PowerMTA so your team doesn't have to.
Managed PowerMTA is the ongoing operation of your existing estate by an outside team — monitoring, reputation management, authentication upkeep, patching and incident response — while you keep the license, the servers and the IPs. It suits senders for whom email is critical, but who would rather not staff a full-time deliverability operator to watch it.
Managed PowerMTA is ongoing operation of your existing estate by a dedicated team: continuous monitoring of queues, reputation and blacklists; warmup and complaint control; SPF, DKIM and DMARC kept aligned; patching and version upkeep; defined-window incident response; and a plain-language monthly report. You keep the license, the servers and the IPs throughout — ownership never moves — and the service is priced as a predictable monthly fee that sits below a single senior in-house salary, which in 2026 runs roughly 77,000 to 143,000 US dollars for one specialist who still cannot cover an estate around the clock.
In short
- → You keep everything: license, servers and IPs stay in your name throughout, and a documented handover means nothing of yours is ever locked inside the provider’s systems.
- → It is cheaper than one in-house hire: a full-time deliverability specialist runs about 77,000 to 143,000 US dollars in 2026 and still cannot cover an estate around the clock or through a holiday.
- → Monitoring is the actual product — the value is catching a deferral spike or a blacklisting in the hour it starts, when recovery takes an afternoon instead of the weeks a week-old problem needs.
- → Independence is structural: because the team resells neither PowerMTA nor KumoMTA, the advice to tune, hold or migrate carries no sales incentive either way.
- → A useful trigger to consider it: a hard-bounce rate over 2 percent, a Gmail complaint rate above 0.1 percent, or inbox placement slipped below roughly 80 percent.
PowerMTA is a powerful engine that mostly runs itself, right up until the moment it does not. A blacklisting, a provider that starts deferring, an expired DKIM selector, a queue quietly backing up on a Friday evening — none of these announces itself, and each one costs real money for every hour it goes unnoticed. The engine was never the problem. The problem is that almost nobody has someone watching it the way it needs to be watched.
That gap has widened on two sides at once. On one side, the software lost its vendor momentum: after PowerMTA was folded into Bird’s omnichannel platform, the dedicated support and development teams behind it were let go, so the relationship that used to keep an estate current has thinned. On the other, deliverability stopped being a configuration you set once and became a discipline you have to practise continuously, because the major providers now reject non-compliant mail outright and judge senders on engagement that shifts week to week. Managed operation exists to close that gap — to put experienced hands on the estate every day instead of only when something has already broken.
What does a managed PowerMTA service actually cover?
The word gets used loosely, so here is what it means with us. Not a dashboard you log into and interpret yourself, but people who operate the estate on your behalf across six areas.
| Area | What we do |
|---|---|
| Monitoring | Queues, deferrals, blacklists and reputation watched continuously, with alerts that fire before a campaign feels the problem rather than after. |
| Reputation management | Warmup pacing for new IPs, complaint and bounce control, and a fast response when a blacklist or a provider signal moves the wrong way. |
| Authentication upkeep | SPF, DKIM and DMARC kept correct and aligned as your domains, selectors and sending streams change underneath them. |
| Patching & versioning | Your PowerMTA build kept current and secure, with every change staged so it can be reversed in moments if it misbehaves. |
| Incident response | When delivery drops or a block lands, we are already working it within a defined window — not whenever someone happens to notice. |
| Reporting | A plain-language monthly account of placement, reputation and what we changed, written to be read by an engineer and understood by the person who signs the invoice. |
The agencies that do this well describe it the same way: deliverability run as an ongoing system rather than a one-time audit, where problems are caught early and inbox placement is held steady as the program scales. That is the shape of it. The monitoring is the spine; everything else hangs off catching a change in the signal before it becomes a change in your revenue.
What exactly does the monitoring watch?
Monitoring is easy to claim and harder to do well, so it is worth being concrete about what we actually watch. Two layers run in parallel: the estate’s own internals, and the view the providers hold of you from the outside.
On the inside, we track the things that move before placement does:
- Queue depth and growth, per VirtualMTA and per destination, so a backlog is caught while it is still small.
- Deferral patterns by provider — the 4xx responses that signal a provider asking you to slow down before it starts refusing you outright.
- Bounce categories, separating the hard bounces that must be suppressed from the transient ones that should be retried.
- Spool and disk health, since at volume PowerMTA is frequently bound by storage rather than processing.
- DKIM selector validity and key or certificate expiry — the quiet failures that break authentication overnight.
On the outside, we read what the mailbox providers publish about you: Gmail domain and IP reputation through Postmaster Tools, IP-level complaint and trap data through Microsoft SNDS, Yahoo’s reputation through Sender Hub, and blacklist status across Spamhaus and the lists that still carry weight in corporate filtering. None of these is the whole truth alone. Read together, and against direct placement testing, they form an early-warning system — which is the entire point of paying someone to watch rather than checking a dashboard when you happen to remember.
# Are any queues backing up, by provider?
$ pmta show queues | sort -k3 -rn | head -3
gmail.com domain 412 queued recovering normally
yahoo.com domain 18 queued nominal
# Did any deferral codes spike against yesterday\u2019s baseline?
$ pmta show queues | grep -c "4.7."
31 # within range — yesterday was 27
# Is every sending IP still off the major blacklists?
$ for ip in $SENDING_IPS; do rbl-check "$ip"; done
198.51.100.25 Spamhaus: clear Barracuda: clear SORBS: clearHow does the cost compare to an in-house hire?
The honest alternative to managed operation is to hire for it, and the numbers are why most teams do not. A capable in-house deliverability specialist runs roughly 77,000 to 143,000 US dollars in total compensation, on 2026 job-market data, with senior consultants reported well above that and demand for the role described as being at an all-time high as Gmail tightens its filters quarter by quarter. The skill is narrow and genuinely technical, which makes the right person both expensive and slow to find.
The salary is not even the whole cost. One person cannot watch an estate around the clock, cannot be on call through a holiday or a sick week, and carries your institutional knowledge in a single head that can resign. Freelancers fill part of the gap at 75 to 250 dollars an hour, and a one-off audit runs anywhere from 500 to 5,000, but neither buys you continuity — the thing deliverability most needs. Managed operation is the third path. You get a team that already specializes in exactly this, spread across time zones so the coverage does not sleep, for a predictable monthly fee that sits below the cost of a single senior hire and does not take a summer break.
There is a quieter cost to the in-house route, too. A specialist good enough to run a high-volume estate is good enough to be pulled into every adjacent fire — a DNS migration, a new ESP integration, the marketing team’s latest tool — until the estate they were hired to watch becomes the thing they tend last. The discipline erodes not from incompetence but from competing demands on one person’s attention. A team whose only job is operating sending infrastructure does not get borrowed for something else, because the infrastructure is the job.
Retainers in this market commonly run from a few hundred dollars a month for light monitoring up to several thousand for full, hands-on operation of a large estate — some end-to-end infrastructure engagements reach 5,000 to 10,000 a month at the top. Where you sit on that range is a function of volume, complexity and how tight a response window you need, not a fixed list price, which is why we scope it against your estate rather than quote it blind.
Monitoring is the product
Everything else follows from watching the right signals continuously, because the cost of a deliverability problem scales with how long it runs undetected. A blacklisting caught in an hour is a quick delisting; the same blacklisting caught after a week is a reputation that now takes four to eight weeks of careful sending to rebuild. So we watch the estate’s own internals — queue depth, deferral patterns, bounce categories, spool health — alongside the external signals the providers expose: Google Postmaster Tools, Microsoft SNDS and Yahoo’s Sender Hub, each read on its own terms because each provider judges you differently.
There is a trap in that data worth naming, because it catches teams who monitor on their own. The spam rate a provider reports counts only the messages a human actively marked as spam. It does not count the far larger volume that filters quietly diverted to the spam folder or the Promotions tab without anyone clicking a button. A complaint rate can look pristine precisely because the mail never reached a person who could complain. Monitoring that trusts the complaint number alone is watching a flattering instrument; we pair it with direct seed-list placement testing so the picture reflects where mail actually lands, not just where nobody objected.
Thresholds are where monitoring turns into action. We do not wait for a number to breach a provider’s hard limit before responding, because by then the damage is already in motion. The working lines are well established: a Gmail complaint rate is a warning at 0.1 percent and a crisis at 0.3 percent, and a hard-bounce rate above 2 percent points to list rot that will pull reputation down behind it. We alert and act in the band before those lines, while a problem is still a trend rather than an incident — because the entire economic case for monitoring rests on catching degradation early enough that the fix is still cheap.
A bad week, unmonitored
It helps to picture the absence of this. A sending IP lands on a blacklist late on a Friday because a recycled spam trap slipped into a list. Nothing alerts, because nobody is watching the lists over the weekend. Deferrals climb through Saturday as the affected provider throttles the queue, the spool grows, and a backoff rule tuned for a different error keeps retrying into the block and deepens it. On Monday the marketing team fires the week’s campaign into a reputation that is already underwater, and the results come back wrong — opens down, complaints up, a second provider now souring on the domain because the first one’s signals bled across.
By the time anyone connects the dots, the fix is no longer a delisting that takes an afternoon. It is a reputation that needs weeks of careful, low-volume sending to rebuild, during which every campaign underperforms. None of that week was inevitable. Each step was a signal a team watching the estate would have caught while it was still small — the trap on submission, the first deferrals, the backoff making things worse. Managed operation is, more than anything else, the difference between catching that on Friday night and discovering it on Monday afternoon.
Independent by design
We do not resell PowerMTA, and we do not resell KumoMTA. That matters more than it sounds, because it means we hold no license to defend and earn nothing from steering you toward one engine or the other. The advice follows your interest. If your estate is best kept on PowerMTA and tuned, that is what we will tell you and operate. If the stalled roadmap eventually makes a move to KumoMTA the sensible call, we will say so as plainly — and because we run both, the recommendation comes with a team that can act on it rather than a referral to someone who can.
Is managed operation better than moving to an ESP?
For some senders the real question is not who operates PowerMTA but whether to keep it at all, and hand the mail to a managed platform like SendGrid, Amazon SES or Bird’s own service instead. It is a fair question, and the answer turns on control and cost. An ESP is the right call for a team that wants to stop thinking about infrastructure entirely and is content to send from shared or pooled IPs whose reputation it does not fully own. The trade is real: less to manage, less to control.
PowerMTA earns its place for the opposite kind of sender. High volume, where per-message ESP pricing turns punishing as you scale — the metered cost that looks trivial at fifty thousand messages becomes a line item that hurts at fifty million. Dedicated IPs whose reputation you own, warm on your own schedule and never share with a stranger’s traffic. And the granular control a packaged platform abstracts away: per-domain throttling, custom backoff, stream isolation tuned to how you actually send. Managed PowerMTA is for the sender who wants all of that without staffing the team to wield it. You keep the dedicated IPs, the economics that favor volume and the fine-grained control; you outsource the daily operation rather than the infrastructure itself. The audit is the honest place to test which side of the line you fall on, and if the answer is genuinely an ESP, we will say so rather than sell you operation you do not need.
How does it handle more than one brand?
Serious operators rarely run a single clean stream. They run several brands, or several tenants, each with its own domains, its own reputation and its own appetite for risk — and that is exactly where unmanaged estates quietly fail. Shared VirtualMTAs across brands let one brand’s complaints bleed into another’s reputation. DKIM applied unevenly leaves some streams signed and others exposed. A blacklisting on a pooled IP drags down brands that had nothing to do with the cause.
Managed operation across a multi-brand estate is largely the discipline of isolation: separate VMTAs, IP pools and signing per brand, reputation tracked per brand rather than in aggregate, and an incident response that can quarantine one brand’s problem before it reaches the others. We watch each brand on its own terms, because in a portfolio the average is a lie — one brand can be delivering cleanly while another slides, and only per-brand visibility catches the second before it pulls the first down with it. For senders running a stable of domains across markets, this isolation is not a refinement; it is the whole point.
What lands on your desk each month
Operation you cannot see is just trust, so the reporting is deliberately plain. Each month you receive an account of where your mail landed by provider, how reputation moved, which incidents occurred and how they were resolved, and what we changed and why. It is written to be read in five minutes by the person who owns the budget and in depth by the engineer who owns the stack — not a wall of graphs that technically discloses everything and communicates nothing. Between reports, the runbook governs how incidents are escalated and who is told, so when something does move you are never learning about it from a customer first.
How does a managed engagement run?
It starts with an audit, always, because operating an estate we have not read would be guesswork. Once we understand the configuration, the IP estate and the reputation baseline, onboarding a typical setup takes a couple of weeks: we stand up monitoring against your domains and IPs, agree the runbook for how incidents are handled and escalated, and set the reporting cadence. From there it settles into a rhythm — continuous monitoring, monthly reporting, and a defined response when something moves.
The coverage itself is tiered the way managed IT is, because not every sender needs the same guarantee. A business whose revenue depends on transactional mail landing in seconds buys tight windows and around-the-clock attention; a sender whose worst case is a delayed newsletter buys something lighter and cheaper. You choose the tier that matches your risk rather than paying for a level of vigilance your mail does not warrant. And because the work earns its place month to month, there is no long lock-in: if you leave, you take a documented handover of the whole estate with you, so your team or your next provider inherits a clear picture instead of a black box. We would rather keep the engagement by being worth it than by making it hard to leave.
FAQ
Managed service questions
Who owns the license, the servers and the IPs?
You do, throughout. Managed operation does not move ownership of anything. Your PowerMTA license stays in your name, the servers and IP addresses stay yours, and we operate on top of them as an extension of your team. If you ever decide to stop, you keep all of it, fully documented — there is nothing of yours locked inside our systems.
How is this cheaper than hiring a deliverability specialist?
A full-time, in-house deliverability specialist runs roughly 77,000 to 143,000 US dollars in total compensation according to 2026 job-market data, and senior people cost more. Even then, one person cannot cover an estate around the clock, cannot be on call through a holiday, and takes all your institutional knowledge with them if they leave. A managed engagement gives you a team that does only this, across time zones, for a predictable monthly fee that sits below a single senior salary.
Can you work alongside our in-house team?
Yes, and that is often the arrangement that works best. We can own the MTA and deliverability layer entirely, or cover only the parts your team does not have the time or the specialization to own — reputation, authentication, incident response — with clear lines about who is responsible for what. The goal is to fill a gap, not to take work away from people who want it.
What does the response time look like when something breaks?
It is defined in the agreement rather than left vague. For senders where email is the business, we set tight windows and around-the-clock coverage; for lower-stakes streams, something more relaxed and less expensive. We size the commitment to your actual risk, the same way a managed IT provider offers different tiers, so you are not paying for a four-hour guarantee on mail that could wait until morning.
Do we have to sign a long contract?
No long lock-in. Managed operation has to earn its place month to month, and if it stops being worth it you can take the keys back. When you do, you receive a documented handover of the estate — configuration, runbooks, the lot — so your team or your next provider starts from a clear picture rather than a black box.
Will you push us toward KumoMTA?
Only if it is genuinely the right move. Because we resell neither PowerMTA nor KumoMTA, we have nothing to gain from the recommendation either way. Plenty of estates are best kept on PowerMTA, tuned and watched, for years. If the day comes when the stalled roadmap makes a migration the sensible choice, we will say so plainly — and we are also the team that can carry it out without a gap in your sending.
How quickly can you take over an existing estate?
It begins with an audit, because we will not operate an estate we have not read. From there, onboarding a typical setup takes a couple of weeks: we map the configuration, stand up monitoring against your IPs and domains, confirm the authentication and reputation baseline, and agree the runbook for incidents. You stay informed at every step — nothing changes on your servers without your sign-off.
What size sender is this actually for?
As a rule of thumb, managed operation makes sense once email is material to the business — commonly senders above a few hundred thousand messages a month, or anyone recovering from a reputation crash. If you are sending modest volume to a small, clean list with no trouble, you probably do not need it yet. A useful trigger: if your hard-bounce rate is over 2 percent, your Gmail complaint rate is above 0.1 percent, or your inbox placement has slipped below roughly 80 percent, the conversation is worth having.
Start with the audit.
Twenty-five points across authentication, reputation, infrastructure and compliance — a written assessment, no charge and no obligation. It tells both of us exactly what we are working with.