How to Set Up SPF, DKIM, and DMARC on cPanel for Secure Emails

Email deliverability issues can be frustrating, especially when you encounter errors like this:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:

  test_email@gmail.com
    host gmail-smtp-in.l.google.com [142.251.18.26]
    SMTP error from remote mail server after end of data:
    550-5.7.26 Your email has been blocked because the sender is unauthenticated.
    550-5.7.26 Gmail requires all senders to authenticate with either SPF or DKIM.
    550-5.7.26
    550-5.7.26  Authentication results:
    550-5.7.26  DKIM = did not pass
    550-5.7.26  SPF [domain.com] with ip: [server IP] = did not pass
    550-5.7.26
    550-5.7.26  For instructions on setting up authentication, go to
    550 5.7.26  https://support.google.com/mail/answer/81126#authentication

This error indicates that your domain’s email authentication records are missing or misconfigured. Setting up SPF, DKIM, and DMARC is essential to avoid these issues and improve email security. This guide will show you how to configure these records using Cloudflare or any DNS provider.

Why SPF, DKIM, and DMARC Are Important

  • SPF (Sender Policy Framework): Identifies which servers are authorized to send emails on behalf of your domain.
  • DKIM (DomainKeys Identified Mail): Ensures email content is not altered during transit by using cryptographic signatures.
  • DMARC (Domain-based Message Authentication, Reporting, and Conformance): Establishes rules for handling emails that fail SPF and DKIM checks while providing detailed reports.

Properly configuring these records will enhance email delivery and prevent rejection by major providers like Gmail, Outlook, and Yahoo.

Step 1: Access Your DNS Management System

If your domain’s DNS is managed through Cloudflare, log in to your Cloudflare account. If you’re using another DNS provider, log in to their control panel and navigate to the DNS settings.

Step 2: Setting Up SPF Record

If your hosting provider uses cPanel, you can quickly configure the SPF record:

  1. Log in to your cPanel dashboard and go to Email > Email Deliverability.
  2. Find your domain and click Manage.
  1. Locate the SPF Record. It’s pre-configured and ready for use.
  2. Copy the SPF value provided by cPanel, or use the recommended one:
v=spf1 +a +mx include:your-mail-server ~all
  1. If your DNS is managed externally, like Cloudflare:
    • Add a new TXT Record with:
      • Type: TXT
      • Name: @
      • Value: Paste the SPF record from cPanel.

For third-party services, include their recommended SPF values. For example:

  • Google Workspace: include:_spf.google.com
  • Microsoft 365: include:spf.protection.outlook.com

Step 3: Setting Up DKIM Record

  1. In cPanel, go to Email > Email Deliverability.
  2. Locate your domain and click Manage.
  3. Copy the provided DKIM Record value.
  4. If using an external DNS provider:
    • Add a TXT Record with:
      • Name: default._domainkey
      • Value: Paste the DKIM record from cPanel.

Example:

v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb...

DKIM ensures your emails are authenticated, reducing the chance of being marked as spam.

Step 4: Setting Up DMARC Record

DMARC builds on SPF and DKIM by giving receivers instructions on handling unauthorized emails.

  1. Go to your DNS provider and add a TXT Record:
    • Name: _dmarc
    • Value: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com
    Explanation:
    • p=quarantine: Sends failed emails to spam.
    • rua=mailto:dmarc-reports@yourdomain.com: Receives DMARC reports.

You can adjust the p tag:

  • none: Monitor only.
  • reject: Block failed emails.

Step 5: Verify Your Email Authentication Records

After setting up SPF, DKIM, and DMARC, it’s essential to verify them. Use tools like:

These tools check the validity of your DNS records and ensure they’re properly configured.

Common Issues and Troubleshooting

  • SPF Records Not Detected: Double-check the record’s syntax and include all mail servers.
  • DKIM Failures: Ensure you copied the DKIM record accurately.
  • DMARC Reports Missing: Verify the reporting email address in the rua tag.

Final Tips for Optimizing Email Deliverability

  1. Regularly monitor DMARC reports to spot unauthorized email activities.
  2. If you’re using multiple email providers, ensure all are included in your SPF record.
  3. Review your domain’s reputation with services like Google Postmaster Tools.

By setting up SPF, DKIM, and DMARC records correctly, you’ll improve your email deliverability and build trust with email providers. For more assistance, contact NakibVPS support.