cPanel Email Authentication Tool - Enable SPF and DKIM Records

Enabling DKIM and SPF records in CPANEL are effective tools to raise the level of your email reputation and prevent delviery failures when you send emails.
Some of the symtoms of low email reputation may include the following:

• emails you send are delivered to your reciever's Spam/Junk folders 
• emails you send bounce with "SPF record failure" error
• your Inbox gets numerous "Failed delivery" bounce backs of the emails you never sent

In the first case, the recipient email server looks up SPF record for your domain, and if it is not added / does not match actual outgoing server IP address, then the  email delivery is likely to fail. SPF is a email security strategy that is added to make sure email comes from a legitimate sender and verified sender.

The second situation takes place when there is no SPF/DKIM configured for your domain or they are configured incorrectly, which lets unauthorized senders to forge emails using your domain name (@yourdomain.com.au). Such cases are called email spoofing.

Fortunately you can enable both of these strategies via your CPANEL.

1. Log into cPanel, then under the Email section, choose Email Deliverability.
   
   
   
   
2. You will be presented with a list of the domains available, click the manage button next to the domain you wish to configure.
3. It consists of two major components - SPF and DKIM records setup. In order to enable either one, click the blue INSTALL THE SUGGESTED RECORD button, or click both one after the other to enable both DKIM and SPF.
   
   
   
   

NOTE: You may see the following warning about authoritative nameservers right after enabling. 



3. Allow some time to pass for the records to propagate and refresh the page afterwards. 
The warnings should go away and DNS checks will be passed: 




SPF record

Nowadays the vast majority of spam emails have fake data in the «From» field. Spammers use special tools to send their mail on behalf of a real owner of the e-mail address. 

SPF record (acronym for Sender Policy Framework) is an effective and simple method which lets you avoid such issues. If your domain name has correct SPF record then you can be sure nobody is able to send fake e-mails on behalf of your domain name. 

The main idea of SPF record is that an owner of domain name publishes the information about IP addresses that are authorized to send mail from this domain name. The receiving server compares the information in the envelope sender address with the information published by domain name owner. If these details match then e-mail is delivered. 

NOTE 1: Sometimes cPanel automatically fetches incorrect server outgoing IP address. This happens when we have to change outgoing mail IP due to poor mail reputation or blacklists.
Get in touch with us via LiveChat or vi Support ticket and we will gladly re-check if the correct IP is added to your SPF record. 

NOTE 2: SPF record has its own specific syntax. It is strongly recommended to get familiar with SPF record syntax documentation if you are going to customize the record manually. 

NOTE 3: SPF record is added to your domain DNS zone as TXT record. There are cases when you need to add another TXT record to verify your domain name ownership for some service. It is not recommended to modify existing SPF record, it is better to add a new one instead. 


DKIM Record

DKIM (DomainKeys Identified Mail) is another way of e-mail authentication. This method uses information about domain which is published by the domain owner. That information allows receiving server to verify if the e-mail message was sent by legal owner of that domain name. 

Once the TXT record which contains DKIM has been added to DNS zone a special code is added to the headers of outgoing e-mails. Receiving servers compare these headers with the information in DNS zone and if it matches then the e-mail is delivered. 

NOTE: DomainKeys(DK) and DomainKeys Identified Mail (DKIM) are separate things. 

DomainKeys(DK) are not available on our shared servers as DK implementation was converted to DKIM and extended in a number of ways as of cPanel 11.32 and later releases. 

Some of the differences between DomainKeys and DKIM include: 

• multiple signature algorithms (as opposed to just one available with DomainKeys)
• more options with regard to canonicalization, that validates both header and body
• the ability to delegate signing to third parties
• the ability for DKIM to self-sign the DKIM-Signature header field - to protect against its being modified
• the ability for wildcard option on some parameters
• the ability to support signature timeouts in DNS

If having DomainKeys for you is a must, we suggest upgrading to VPS/Dedicated server where you will be able to setup this feature. 

These simple actions will help you improve the deliverability of your email and ensure no one sends SPAM emails on your behalf. 
Please contact Hosting Australia Support if you need technical assistance with setting this up.