As you may know, if the mail service is unauthenticated, you can face the following issues:
- emails you send are delivered to Spam/Junk folders
- emails you send bounce with the "SPF record failure" error
- your Inbox gets numerous "Failed delivery" bouncebacks of the emails you never sent
In the first case, the recipient mail server looks up the SPF record of your domain, and if it is not added / does not match the actual outgoing server IP address, such mail delivery will fail. This checking mechanism is implemented in order to make sure email comes from a legitimate sender and verified sender.
The second situation takes place when there is no SPF/DKIM configured for your domain, or they are configured incorrectly, which lets an unauthorized party forge emails using the @yourdomain.com mailbox. Such cases are called mail spoofing.
Email Deliverability is an effective set of anti-spoofing and anti-spamming tools available in cPanel.
The Email Deliverability table displays your cPanel
account domains and allows you to address any existing problems with
your mail-related DNS records – SPF, DKIM and DMARC.
Nowadays, the vast majority of spam emails have
fake data in the «From» field. Spammers and fraudsters use special tools
to send their mail on behalf of a real owner of the email address.
SPF record (an acronym for Sender Policy Framework) is an effective
and simple method that allows you to avoid such issues. If your domain name
has the correct SPF record, then you can be sure nobody can send fake
emails on behalf of your domain name.
The main idea of the SPF record is that an owner of a domain name
publishes the information about IP addresses that are authorized to send
mail from this domain name. The receiving server compares the
information in the envelope sender address with the information
published by the domain name owner. If these details match, then the email is
delivered.
NOTES:
- SPF is not added to the domain DNS zone automatically. Thus, it is required to configure the proper record from the Email Deliverability menu.
- Sometimes cPanel automatically fetches incorrect
server outgoing IP addresses. This happens when we have to change an outgoing
mail IP due to poor mail reputation or blacklists. Get in touch with us via Live Chat or email, and we will gladly re-check if the correct IP is added to your SPF record.
- SPF record has its own specific syntax. It is strongly recommended that you get familiar with SPF record syntax documentation if you are going to customize the record manually.
- SPF record is added to your domain DNS zone as
a TXT record. There are cases when you need to add another TXT record to
verify your domain name ownership for some service. It is not
recommended that you modify the existing SPF record, it is better to add a new one
instead.
DKIM (DomainKeys Identified
Mail) is another way of email authentication. This method uses
information about the domain which is published by the domain owner. That
information allows the receiving server to verify if the email message was
sent by the legal owner of that domain name.
Once the TXT record, which contains DKIM, is added to the DNS zone, a
special code is added to the headers of outgoing emails. Receiving
servers compare these headers with the information in the DNS zone, and if it
matches, then the email is delivered.
NOTE: DomainKeys(DK) and DomainKeys Identified Mail (DKIM) are separate things.
DomainKeys(DK) are not available on our shared servers as DK
implementation was converted to DKIM and extended in a number of ways as
of cPanel 11.32 and later releases.
Some of the differences between DomainKeys and DKIM include:
- multiple signature algorithms (as opposed to just one available with DomainKeys);
- more options with regard to canonicalization, that validates the header and body;
- the ability to delegate signing to third parties;
- the ability for DKIM to self-sign the DKIM-Signature header field – to protect against its being modified;
- the ability for the wildcard option on some parameters;
- the ability to support signature timeouts in DNS.
If
having DomainKeys for you is a must, we suggest upgrading to
a VPS/Dedicated server where you will be able to set up this feature.
These simple actions will make you sure that no one can
send spam on your behalf and your email will not be delivered to spam
folders.
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a technical protocol designed to reduce the risk of email abuse. It works by using DNS to verify that an email message aligns with valid DKIM and SPF records, and ensures that the "From" header is consistent with those records.
Many major email providers require domains to implement a DMARC policy to protect their users from spam and phishing. Without a proper DMARC setup, your emails may be flagged as spam or rejected by these networks.
In order to configure the SPF, DKIM and DMARC records, follow the instructions below:
Log in to
cPanel > the
Email section > the
Email Deliverability menu:
1. Repair — this feature allows the system to repair domain invalid records:
NOTES:
- This option is unavailable if the system does not control the domain DNS records. Thus, you will be able to use the Repair option only in case your domain name is pointed to our Shared hosting nameservers.
- You cannot simultaneously update two or more domains whose records exist in the same zone. The bulk records update is possible only in case domain records exist in separate zones.
- Reloading the interface does not interrupt the repair process.
In the window that appears upon clicking
Repair, you can review and confirm the system recommendations for any invalid records. You can also
Copy or
Customize a suggested record before you approve the system repairs. Click on
Repair and the records will be added to the DNS zone of the domain/subdomain automatically:
This process can take up to
five minutes depending on the server. When the records are set up, you will receive a corresponding success message:
Allow some time for the records to propagate and refresh the page afterwards.
The
Email Deliverability Status will be then changed to
Valid:
2.
Manage - this option allows you to manually configure the mail-related DNS records of a domain.
The Manage the Domain section already displays the properly-configured DKIM, SPF and DMARC record values. So in most cases, you just need to Copy them and paste manually to the DNS zone of your domain. Alternatively, you can click Install the suggested record to have the records added to the DNS zone automatically:
NOTE: The
Install the suggested record option is available only in case your domain name is pointed to our
Shared hosting nameservers.
After the record is installed, you will receive the confirmation message:
In the
SPF section, you will also have the option to
Customize the SPF record recommended for a domain by the system:
The interface displays the domain current SPF name and value in the
Current "SPF" (TXT) Record section if one exists as well as the system recommendations in the
Suggested "SPF" (TXT) Record section:
You can configure the following settings:
1.
Domain Settings - this section allows you to define the hosts or MX servers allowed to send mail from your domain:
2.
IP Address Settings - this section allows you to add additional IP Address blocks to your SPF record. The system automatically includes your server main IPv4 or IPv6 addresses in these lists:
3.
Additional Settings - this section allows you to modify additional SPF record settings.
4. Preview of the Updated Record- this section displays what the updated SPF record will look like, based on its current modifications. Click the Install a Customized SPF Record tab to install the new record:
That's it!
Need any help? Contact our
HelpDesk 