One commonly overlooked area in cPanel is email authentication. Maybe it’s one of those things that you never bothered checking out, or maybe it just looked a little intimidating.
Regardless of whether you know it is there or what it does you may want to look at it when you get a moment of spare time. It can potentially reduce the spam mail that you receive as well as increase the chance that the mail you send out arrives in someone’s inbox instead of a junk/spam folder. You do want your messages delivered to someone’s inbox don’t you?
cPanel email authentication allows you to enable DKIM keys, and SPF records for your domain very easy.
Here is a little more information about each:
DKIM (DomainKeys Identified Mail) – is used to verify that an inbound email message is actually from the stated sender, and that the message has not been altered or tampered with. If you enable DKIM, messages are digitally signed using a private key. The message recipient uses DNS to retrieve the sender’s public key in order to verify the message’s signature. If the signature is invalid, then the message is assumed to be forged and spam.
SPF (Sender Policy Framework) – specifies which mail servers are permitted to send mail on behalf of your domain. Some mail servers don’t accept incoming messages if it comes from a domain that doesn’t have an SPF record. Without an SPF record a message may end up in the receivers spam/junk folder, or it may be rejected completely.
Enabling DKIM and SPF can help reduce the amount of spam you receive, and increase the likelihood that the messages you send out will arrive in the receivers inbox rather than in their spam/junk folder. There are obviously no guarantees, and this assumes that your host has set up the mail server and records properly to begin with. It also assumes that the IP address that your website happens to be on or using isn’t blacklisted for some reason.
Before enabling either of these, make sure you have a good understanding of what they do. Adding a SPF record is a little more confusing in cPanel than DKIM. If you are not sure about the process, then you may want to ask your host for help.
After adding/enabling one or both you should allow 24-48 hours (usually less) for the DNS records to propagate.
If for some reason you added a custom SPF record in the past you would want to combine them rather than have two separate records.
How To Enable DKIM And SPF In cPanel
Login to your cPanel account.
Locate the Mail section/area.
Select Email Authentication.
Scroll down to DKIM and click the Enable button.
Come back to the SPF section and click the Enable button for SPF.
After enabling them you should see something like this:
If you need to customize the SPF record you can do so in the Advanced Settings area underneath the Enable button.
The options are:
- Additional Hosts that send mail for your domains (A)
- Additional MX servers for your domains (MX)
- Additional Ip blocks for your domains (IP4)
- Include List (INCLUDE)
- All Entry (ALL)
- Overwrite Existing Entries
You can come back here at any time and update/change these settings if needed.
If your host has the Advanced DNS Zone Editor available in cPanel in the Domains section/area you can go there and see that a TXT record for SPF is automatically added for your domain.
How To Disable DKIM And SPF In cPanel
To turn off/disable DKIM or SPF you can return to Email Authentication and simply click on the Disable buttons.
Manually adding SPF
It is also possible to manually add an SPF record by adding a TXT record using the Advanced DNS Zone Editor. (The Simple DNS Zone Editor won’t allow you to add TXT records.)
TXT Data: your actual SPF record
And, click the Add Record button.
It will then show up in the Zone File Records section at the bottom.
For those of you that want to explore manually adding one you can check out the page below for help, but be careful and make sure you know what you are doing.
Sender ID Framework SPF Record Wizard by Microsoft
Testing – Results
When I send a message to Hotmail/Outlook from a domain before enabling DKIM or SPF I can check the message source headers and see that there are none, or they don’t exist.
After enabling both DKIM and SPF in cPanel, and waiting for propagation when I send another email to Hotmail/Outlook I can see they are present in the headers now.
If I send a message to a Gmail address from a domain with DKIM and SPF enabled and I check the message source headers I can see that they say: pass, and the DKIM-Signature is present.
This would be for sending mail from your domain (email address) with the cPanel webmail feature (horde, roundcube, or SquirrelMail), or with an email client program like Mozilla Thunderbird, Outlook, etc.
If you are using a PHP Script like WordPress to send out replies to comments for example, and you are using the default PHP mail function you will want to check the email source headers for these as well. If you don’t see DKIM keys and SPF pass, then consider using an SMTP plugin instead of the PHP mail function. Doing so will allow WordPress to connect and send mail through your hosting SMTP (send mail transfer protocol) with DKIM keys, and SPF records attached.