cPanel allows users to add SPF and Domain Keys (DKIM) records to domains for which they have DNS authority. These records can be added in the Email section of the cPanel under Email Deliverability. SPF and DKIM are tools used by many mail servers in an effort to combat spam. This is especially important for VPS server hosting. So if you’re having an issue with your email being bounced back or arriving in the junk/spam folders of your recipients, it is suggested to enable these settings. This article defines each email security option and provides you the information to add or view the existing records in cPanel. Please keep in mind that as these are DNS settings and may require up to 24 hours before they begin to take effect.
About DKIM and SPF Records
Domain Keys Identified Mail (DKIM)
DKIM is an e-mail authentication system that verifies the sender and integrity of the message. It also allows email to be checked that the email is coming from the domain of the sender.
DKIM was originally created in 2004 after merging “enhanced DomainKeys” from Yahoo with “Identified Internet Mail” from Cisco. The combined standard allowed the verification of the message integrity and email sender through the DNS domain as well as the use of signature-based authentication. The use of this standard has been implemented in major email providers such as Yahoo, Google, AOL, and FastMail. For more information please see DomainKeys Identified Mail.
SPF (Sender Policy Framework) will specify which machines are authorized to send email from your domain(s). This means that only mail sent through an authorized server will appear as valid mail from your domain(s) when the SPF records are checked. Note: This security measure works best to defeat email spoofing when used in combination with a DMARC record.
How to Implement Domain Keys and SPF Records
NOTE: cPanel may show the following error when setting up your DKIM and SPF records:Warning: cPanel is unable to verify that this server is an authoritative nameserver for example.comThis is a known bug within cPanel due to the fact that cPanel checks the local server for DNS. Since the local server is not configured to handle DNS queries, the error persists but can be disregarded. Remember that in order for any of these DNS entries to apply to your domain, then it must be the authoritative name server.
SPF Records and Domain Keys can be set within the “Email Deliverability” in the Email section of your cPanel. The specific instructions can also be found in cPanel’s documentation for more details. If you need further assistance, or, if you do not have the “Email Deliverability” icon in your cPanel, please contact Support for further assistance.
Adding the DKIM (TXT) Record
When you click on the Email Deliverability icon you will see a list of your domains. Follow the instructions below to add the record to your DNS. Note that if your domain is not the authoritative name server, then you will need to copy the name and value for the key, then manually add it to the domain’s DNS where it is controlled.
- Select the domain you wish to edit and then click on the Manage button to the right of the domain name.
- If the record does not already exist, then you will see a button labeled Install the Suggested Record. Click on this button to add the record.
- If you need the DKIM name and value to copy it to another location, then you will see a COPY button under each value. There is also an option to view and copy the Private Key used with the DKIM record. Note that sharing your private key is a serious security risk. You should only share the key with a trusted user.
If you are not familiar with DKIM, we highly recommend that you request assistance through our live technical support team.
Adding the SPF (TXT) Record
As noted earlier, the SPF record is most effective when used in combination with DMARC. Please see How to Add a DMARC Record for further guidance.
- After you click on the Email Deliverability icon, find the domain name that you wish to edit.
- Click on Manage.
- Scroll down to the SPF section.
- If the record does not exist, then you will see a button labeled Install the Suggested Record to install the SPF record.
- If you need to manually add the record you will see the option to copy both the name and value of the SPF record.
You can also customize the SPF record by clicking on the Customize option under the displayed value.
Congratulations! You should now be familiar with two great tools for authenticating email. For more information on fighting spam, please see the Combating Spam: Using SpamAssassin tutorial. We also have a helpful guide on Creating a basic SPF Record in WHM, if you have a VPS or Dedicated server.