While working for an MSP for over the last decade, I’ve setup countless SPF records for different businesses. It’s important to have an SPF record, which is a DNS record that helps validate email is being sent from your domain. This is done in order to protect against SPAM and fraudulent/spoofed emails. Many email providers and filtering solutions won’t deliver email if it fails an SPF check.
Now that I’ve helped explain what SPF is, I’ll tell you how it burned me. I was applying for jobs and was using my personal email address and domain, which is firstname.lastname@example.org. Sure, I could have used my Gmail address, but I wanted to make my resume stand out a bit and show a potential new employer that I’m capable of having my own domain name and email address.
I thought everything was fine and dandy until I received an email from a potential employer about missing an important interview meeting invite. I was shocked that I hadn’t received the email. I was sent the NDR (non-delivery report) and it showed that my domain failed an SPF record check when email to my domain was being auto forwarded to my Gmail account where I normally check my mail.
I scrambled to log into my domain settings in CPanel to try to fix the problem. Luckily, CPanel makes it easy to publish SPF DNS records and I’ll show you below how to do this.
CPanel SPF & DKIM Setup Steps
- Once logged into CPanel, click Email Deliverability, under the Email section.
- On the next page, you’ll see a listing of your domains and it’ll indicate whether you have DKIM and SPF records setup properly. In my example below, I don’t have records setup and tells me that “Problems Exist”. Click the Manage button to create the records.
- Under the SPF section on the next page, click the button to “Install The Suggested Record”.
- While in here, I suggest clicking the “Install Suggested Record” button for DKIM. DKIM stands for DomainKeys Identified Mail and is another email authentication standard used along with SPF. It uses public key encryption to prove that the email sent from your domain wasn’t altered (integrity) and that it came from your domain (authentication).
- After installing the records, go back to the Email Deliverability page. Both the DKIM and SPF records should now show a Valid status.
Level Up to DMARC
If you want to take it a step further, setup full DMARC. DMARC stands for “Domain-based Message Authentication, Reporting & Conformance”. It’s an email authentication, policy, and reporting protocol. It works with SPF and DKIM and tells receiving mail severs what to do if email fails and SPF and DKIM record check. DMARC is cool because you can even setup DMARC to have mail servers send reports to you, which you can use to try to prevent authentication problems or malicious email activity involving your domain.
Below are the steps to setup DMARC in CPanel.
- Under Domains, click Zone Editor.
- Click the Manage button next to your domain name.
- Click drop down arrow next to the + Add Record button then select Add “TXT” Record.
- You’ll be presented with the necessary fields to complete the TXT record setup. Enter the information in Table 1 for the record then click Add Record. For the record information, you have three options to pick from. Descriptions are listed beside each one.
|Record||In this field you must choose how you want recipient servers to handle email from your domain that fails SPF/DKIM validation. Options are outlined below in red:|
None: v=DMARC1; p=none; sp=none; rf=afrf; pct=100; ri=86400
Reject: v=DMARC1; p=reject; sp=none; rf=afrf; pct=100; ri=86400
Quarantine: v=DMARC1; p=quarantine; sp=none; rf=afrf; pct=100; ri=86400
- Test the DMARC record setup by going to MXToolbox.com and selecting the DMARC test from the menu at the top of the page. Enter in your domain then click the DMARC Lookup button. After the test completes, you should see a green status and the returned record with your DMARC information.
Hopefully my brief tutorial helped someone out there learn more about email security and authentication. I also hope that it will help someone from missing important emails and will help with eliminating SPAM and email authentication problems involving a domain.