Enable DKIM and SPF in cPanel Print

  • DKIM, SPF
  • 1

DKIM (Domain Keys Identified Email) and SPF (Sender Policy Framework) authentication can help verify that email comes from a trusted sender.

You can utilize SPF and DKIM for your domain(s) by enabling these features in your cPanel account and then adding them respectivly as DNS records to your domains.

Notes: Both the DKIM and SPF authentication functions require that you use a DNS server for the domain name.

You may see a warning that the system cannot verify the server as an authoritative nameserver for the specified domain name. If either of the following scenarios is true, ignore the warning:

  • You designated the server as the authoritative DNS server for the domain name, but the change did not yet propagate.

  • The server does not view itself as the authoritative DNS server, but outside servers view it as the authoritative DNS server.

SPF

SPF DNS Record Syntax

An SPF records look like this:

domain.com. IN TXT "v=spf1 +a +mx +ip4:67.225.138.00 ~all"


SPF records can appear a little bit intimidating, but they can be easily broken down into different parts.

  • domain.com is the domain the SPF record applies to. You create a separate SPF record for every domain you want to authenticate.
  • IN TXT is the DNS record type.
  • v=spf1 designates this record as an SPF record.
  • a allows mail to be sent from the server that matches the domain's main A record.
  • mx allows mail to be sent from the domain that matches the email address's MX records.
  • ~all determines how mail is handled if it doesn't match the other rules. The tilde (~) signifies that messages that don't pass will be carefully scrutinized by other spam prevention techniques.

This default SPF record is simple but effective. You can use this record directly by replacing "domain.com" with your domain (remember to keep the ending period). There are, however a few other options.

  • Adding ip4:ipaddress specifies an IPv4 that is allowed to send mail. To use this, replace "ipaddress" with your server's IP address.
  • Adding ip6:ipaddress specifies an IPv6 that is allowed to send mail. To use this, replace "ipaddress" with your server's IP address.
  • If you want mail that doesn't pass your rules to be strongly rejected, use -all instead of ~all.

Enable SPF for your Domain Name

To add SPF for your domains(s) take the following steps:

  1. Login to your cPanel account:

    • www.your-domain/cpanel

    • Once logged in navigate to:

      Email > Authentication

  2. Click on the SPF Enable button

  3. Copy the SPF code to your clipboard. It will look similar to this:

    v=spf1 +a +mx +ip4:67.225.138.00 ~all

    or

    v=spf1 +a +mx +ip4:67.225.138.51 +ip4:67.225.138.000 ~all


  4. Add the SPF code as a TXT record to your domains DNS.

    If you are using your Domain Name Registrar's DNS service or a third party DNS provider you will need to use their service. Contact them if necessary.

    If you are using the free or paid Cloudflare DNS provided with your AlpineWeb Hosting account you can add the SPF record as follows:

    1. Login to your AlpineWeb Backroom Customer account here:

      https://www.alpineweb.com/backroom/clientarea.php

    2. Navigate to:

      My Services > My Services > Cloudflare > Manage > Manage Cloudflare > DNS

    3. Choose TXT from the drop down list and click Add New DNS Record

    4. In the Name field type:

      @

    5. In the Content field paste the SPF record and click the Continue button.

    6. Your domain now has an SPF record.

DKIM

Domain Keys Identified Mail (DKIM) is a way to attach an encrypted digital signature to your email. Like an SPF, DKIM helps prevent email spoofing. Email spoofing is when spammers send email that looks like it's coming from your email address. Spammers spoof your address to make it more likely that recipients will open spam emails, less likely that messages will be marked as spam, and harder to find the true spam source. If your address is spoofed, your server could get flagged as a spam server and you can have trouble sending legitimate mail, even if you aren't doing anything wrong. This is commonly known as having a bad mail reputation.

Outgoing DKIM works by generating an encrypted digital signature that is attached to email messages sent by your server. This signature is generated using a public key you save as a DNS record. Theoretically, only you have access to your DNS records, so mail signed using this key should be unmodified and verified as coming from your server.

Enable DKIM for your Domain Name

To add DKIM for your domains(s) take the following steps:

  1. Login to your cPanel account:

    your-domain/cpanel > Email > Authentication

  2. Click on the DKIM Enable button.

  3. In the text field labled Your current raw DKIM record is: will be the code needed to create the DNS DKIM record. It will resemble the following and consist of three parts: the record Name, the record Type, and the record Content:

      Name: default._domainkey
      Type: IN TXT
      Content: "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkPx6XWPKnicZdxB298EuZ1qB10r2UrBPGQ3uIYAnwg9aqgc6hM1zAsw+Lqq+E9sK+KwjPXL6CfNLkWJ05k6iIaTvd+jv6OygbUaQwtI93p7ZZUu47gk9bYa2SxUqvZ6TDrUfLcj1fML48xdR6f3X3G2ezk+zEWMfphYC/EyjCpGLCElymbQuQELk33XUN/HO" WxbAXOsBYkHiGSg7iA7bxe7JauCKK0NwRh+B9bbuGSb1kL3PaE3u6UpU437ouFqfyen5lCTFCjTVaMA89cgAeUPtZhzgFVodg7hZOL50tdUhjJkc644C1fs8tszAcGL5qMJihP6YRgLEkYSYS3GGwIDAQAB\;
        


  4. Add the DKIM code as a TXT record to your domains DNS.

    If you are using your Domain Name Registrar's DNS service or a third party DNS provider you will need to use their service. Contact them if necessary.

    If you are using the free or paid Cloudflare DNS provided with your AlpineWeb Hosting account you can add the SPF record as follows:

    1. Login to your AlpineWeb Customer account here:

      https://www.alpineweb.com/backroom/clientarea.php

    2. Navigate to:

      My Services > My Services > Cloudflare > Manage > Manage Cloudflare > DNS

    3. Choose TXT from the drop down list and click Add New DNS Record

    4. In the Name field type:

      default._domainkey

    5. In the Content field paste All of the Content that begins with "v=DKIM1; k=rsa; p=MIIB... and click the Continue button.

    6. Your domain now has a DKIM record.

Additional Information

If you need assistance please submit a Service Request from the Customer Backroom or visit the our Contact Us page for additional contact information.


Was this answer helpful?

« Back