Installing SPF and DKIM records for cPanel and WHM

What is SPF and DKIM?

SPF: An SPF record is a type of DNS record that helps protect your domain from email spoofing. Spoofing is when someone sends an email that appears to be from your domain, but is actually from someone else. This can be used to trick people into clicking on malicious links or giving out their personal information. An SPF record tells receiving mail servers which mail servers are authorized to send email on behalf of your domain. When a receiving mail server receives an email that claims to be from your domain, it will check the SPF record to see if the mail server that sent the email is authorized. If the mail server is not authorized, the receiving mail server will likely reject the email.

DKIM: DKIM stands for DomainKeys Identified Mail. It is an email authentication method that helps prevent email spoofing and phishing. DKIM works by adding a digital signature to outgoing emails. This signature is based on a public key that is stored in a DNS record. When a receiving mail server receives an email with a DKIM signature, it can verify the signature using the public key. If the signature is valid, the receiving mail server can be confident that the email was sent from the domain that it claims to be from.

How do I know I am being affected? 

Email Rejections: If you have been recently trying to send out emails and see that it is bouncing back constantly, it is possible that the SPF and DKIM checks the email client you are sending to is failing and being denied due to the lack of records. This can be checked by the information the email provides when it is bounce back and denied by the recipient.:


Note: Notice in the example above it indicates the SPF and DKIM did not pass and as a result has been denied and blocked from reaching the recipient.

Installing SPF and DKIM Records

Step 1: Email Deliverability: You will first want to login to your cPanel account and select the "Email Deliverability" Tool.  


Step 2: SPF and DKIM Errors: When selecting the email deliverability tool, you will see all the domains and the status. The status will indicate what records are missing within the domain in the form of a yellow triangle and which record is missing. 


Step 3: SPF and DKIM Installation Via Repair: Once here you can select "repair" or you can select "manage" to install the needed records.

Step 4: SPF and DKIM Installation Via Manage: If the repair does not work you will need to select "manage" and generate the DKIM key and Install the DKIM and SPF records.

Note:  For users in the shared package tier please verify that the the entry "+include:spf.mfilter.dimenoc.com" is a part of the "Value" field for the SPF record.


Step 5: SPF and DKIM Installation via WHM: You can also update the SPF and DKIM records via WHM however it is not suggested since typos can occur. It is always good to double check the information is correct by going to the domains cPanel "domain deliverability" tool and cross referencing them. The "DNS Zone Manager" tool in WHM is the location where you would add any additional external DNS record such as SPF and DKIM for external services such as google. 


Step 6: SPF and DKIM Validation: If installed correctly, you will see the following status in the previous page.

Note: Please note that it can take up to 24 hours for these records to take effect as it takes time to propagate throughout the internet.

What if you get the warning: SPF and DKIM records does not exist for this domain or similar external error.

If you find that the installation provides an error indicating the system does not control the DNS for the domain, it indicates that the DNS is being handled by an external authoritative nameserver. You will need to set up the SPF and DKIM records on the external systems. 



For further information, reference cPanel's documentation regarding the Email Deliverability tool