September 12, 2017     0 comments

If your email service is unauthenticated you may face the following issues:

• Emails you send are delivered to Spam/Junk folders
• Emails you send bounce with "SPF record failure" error
• Your inbox gets numerous "Failed delivery" bounce backs of the emails you never sent

In the first case, recipient mail server looks up SPF record for your domain, and if it is not added or does not match the actual outgoing server IP address, such a mail delivery might fail. The checking mechanism is implemented in order to make sure the email comes from a legitimate sender and verified sender.

Second situation takes place when there is no SPF/DKIM configured for your domain or they are configured incorrectly, which lets unauthorized party to forge emails using @yourdomain.com mailbox. Such cases are called mail spoofing.

Email Authentication is an effective set of anti-spoofing and anti-spamming tools and they are available in your cPanel. To enable email authentication, login your cPanel, under the heading Email, click Authentication.

You will then need to enable both DKIM and SPF.

Note: You may see a warning about cPanel unable to verify authoritative nameservers right after enabling. If this happens allow some time for the records to propagate and refresh the page afterwards. The warnings should go away and the DNS checks will be passed.

You got your raw SPF record but the DKIM record will not be displayed on cPanel. To get your DKIM record you will need to be able to view your full email headers. To do this, you can send mail to yourself at an external email address, such as Gmail, Yahoo, or a domain hosted on another server, then check the email headers. Alternatively, you may use a service such as ISnotSPAM.

Once you have the headers from an outbound email, look for this section:

DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=hgunlimited.com; s=default; h=Message-ID:Subject:To:From:Date:
Content-Transfer-Encoding:Content-Type:MIME-Version;
bh=JUmMmS1Lna1PPFKxOCvqS3v+fr8dj4qCwpvucGl1i2o=; b=TNH8rwqFBvZO2m9qcXLollRx82xvvo9RYsfIMl34/k6XMD3WiB6LGMSDCw715EAca6RadiTAq7LtOfAIYhiJ4DE0hPOMnvKGWweypTZLz8cw+x9Zx4I03is55TuxIS5+Vk4g0F5V+gv5Ddr5m8Gni80Yx22aL9qrYkZInBdkU3Z0lTavUgxdLdARscOcS4apQmuOnQfOqOPR8Nof1tg3YhiLs6cTQ/cR+6fT0gngw9+70owkSpY6mydOl1KLDpJBYWHNgyoBFQhx+QqalFZMIj+w2i+3yBdP+EE0nUhBS2J5rxpTett+cfV4Mkmoc88yI1zFYdyld4xBWeeZvgGBmw==; 

You will need to copy the entire value after DKIM-Signature: for creating your DKIM record. After you have both the raw SPF record and the DKIM record, there is one final step.

Go to the Domains heading and click Zone Editor.

Click on Manage.

Check through the list of records. Your TXT records for DKIM and SPF should already be there. If they are not, click +Add Record > Add TXT Record. Add in the following records:

After you have added your new DNS records they should function correctly within 4 to 8 hours if your nameservers are already set to your DNS host, or 24 to 48 hours after you update your nameservers.

How helpful was this article to you?