Email Authentication — SPF, DKIM, DMARC
Improve email deliverability and prevent spoofing with proper authentication records.
SPF (Sender Policy Framework)
Tells receiving servers which IPs can send email for your domain.
Add this TXT record:
| Type | Name | Value |
|---|---|---|
| TXT | @ | v=spf1 +a +mx include:_spf.yourhostingserver.com ~all |
DKIM (DomainKeys Identified Mail)
Adds a digital signature to your emails.
Setup in cPanel:
- Go to Email Deliverability in cPanel
- Click Manage next to your domain
- If DKIM is not set up, click Install the suggested record
- The DNS record will be added automatically if using our nameservers
DMARC (Domain-based Message Authentication)
Tells receiving servers what to do with emails that fail SPF/DKIM.
Add this TXT record:
| Type | Name | Value |
|---|---|---|
| TXT | _dmarc | v=DMARC1; p=quarantine; rua=mailto:[email protected] |
DMARC Policies
p=none— Monitor only (start here)p=quarantine— Send to spam if failsp=reject— Block entirely if fails
Checking Your Setup
- In cPanel → Email Deliverability shows status
- Use MXToolbox or mail-tester.com to test
- Send a test email to Gmail and check headers for PASS/FAIL
Common Issues
- SPF too many lookups: Keep under 10 DNS lookups in SPF
- DKIM not signing: Ensure the DKIM record in DNS matches cPanel
- Emails still going to spam: Verify all three (SPF + DKIM + DMARC) are set up