Improving email delivery with SPF, DKIM, and DMARC
In an effort to cut down on spam and email spoofing, many spam filters and mail providers use DNS entries to ensure emails are coming from approved sources.
Google (Gmail) and other providers started relying more heavily on these entries early in 2022 and we have seen an increase in bounces and complaints as a result.
All of these records can be added and maintained in cPanel. However, if you require assistance with setting these up please reach out to our support team and we can help out. Please note that errors in these records may render your emails undeliverable!
These DNS entries are SPF, DKIM, and DMARC.
- Sender Policy Framework is a record that tells other providers exactly which hosts, domains, and IPs are allowed to relay mail on your behalf. This cuts down on spoofed emails as an email pretending to be you but sent from some hacked account overseas will not pass SPF.
- Our recommended SPF record, which includes all of our outbound email servers, is “v=spf1 include:spf.antispamcloud.com ~all”
- If you send mail through other sources, such as an invoice or payments system, a third-party shopping platform, mailing list provider, etc. then you will need to reach out to that provider for the appropriate SPF record.
- SPF can be managed through the Email Deliverability option in cPanel. Click the Customize button for a setup wizard that can assist with adding those third-party senders as needed.
- Domain Keys uses a type of encryption to verify emails are sent from a valid sender. The DKIM record is a public key added to your domain’s DNS. A matching private key is saved on your hosting server. Any emails you send will have a part encrypted by the private key on the server. When the recipient’s server receives the email, it can verify the encrypted part against the public record. If it matches, then it’s a valid email.
- If you use third-party services as above, you may need to check with these providers to find out how they support DKIM and if you need to add any records to your account.
- DKIM must be added using the Email Deliverability option in cPanel and there are no configuration options available at this time.
- Domain-based message authentication, reporting, conformance is a DNS entry that tells receiving mail servers what to do if emails fail SPF and/or DKIM. While it’s not a required DNS entry, it does help with delivery in some cases.
To add a DMARC entry in cPanel:
- Click on the Zone Editor
- Click Manage next to your domain name
- On the Zone Records screen, click the down arrow next to Add Record and choose DMARC.
- Click Save Record as the default options are typically fine. However, you can click the Optional Parameters link to change settings, add an email address for bounce reports, and more.
Again, if you are unsure how to proceed with any of these or would rather have our support team check your settings, please open a ticket and we’ll be happy to help.