SPF and DKIM Records

cPanel FAQs, Tutorials and How To Guides
With Over 80 different features

Email Authentication Tools

Updated: June 7, 2022
By: RSH Web Editorial Staff
cpanel Email Authentication faq

cPanel Email Authentication Tool – SPF and DKIM Records

When Email services are unauthenticated, you may face the following issues
Emails you send are delivered to the Spam-Junk folders
Emails that are sent bounce with "SPF Record Failure" error
Your Inbox gets many "Failed delivery" bounce backs of the emails you never sent

In the first case, recipient Email Server will look up SPF records for your Domain Name and if it is not added or does not match actual outgoing server IP address, such a mail delivery will fail. Such checking mechanism is done in order to make sure email comes from a legitimate sender and a verified sender

The second situation takes place when there are no SPF - DKIM records configured for your domain name, or they are configured incorrectly, which lets unauthorized party to forge emails using @yourdomain.com mailbox. Such cases are called Email Spoofing

Email Authentication is an effective set of anti-spoofing and anti-spamming tools that are available in cPanel

To use log into cPanel, then under the "Email Section" you will see "Authentication Menu"


Consisting of two major components, SPF and DKIM records setup
In order to enable follow these instructions

Click on Enable and the records will be added to the DNS zone of all hosted domains automatically:

cPanel Email Authentication Tool

Right after enabling you may see a warning about authoritative Name Servers

cPanel DKIM Record

It may take some time for the records to propagate and refresh the page afterwards. The warnings will eventually go away and DNS checks will be passed

cPanel SPF and DKIM Records

SPF record

The vast majority of spam emails have fake "Spoofed" data in the "From" field. Spammers and fraudsters use special tools to send their mail on behalf of a real owner of the e-mail address

SPF record "Sender Policy Framework" is a very effective and simple method which lets you avoid these issues. If your domain name has correct SPF records, then it will be very difficult to send fake Emails on behalf of your Domain

The main concept of SPF records is that an owner of a Domain Name publishes the information about IP addresses that are authorized to send mail from that Domain. The receiving Email Server compares the information in the envelope sender address with the information published by the Domain Name owner. If these details match then e-mail is then delivered


Sometimes cPanel automatically fetches incorrect Server outgoing IP addresses. This can happen when the outgoing Email IP was changed due to poor mail reputation or blacklists. Contact RSH Web Services, and we will gladly re-check if the correct IP is added to your SPF record


SPF records has its own specific syntax. It is strongly recommended to familiarize yourself with SPF record syntax documentation if you are going to customize the records manually


SPF records are added to your Domain Name DNS zone as TXT record. There are cases when you need to add a second TXT record to verify your domain name ownership for some Services. It is not recommended to modify existing SPF records, it is better to add a new one instead

DKIM Record

DKIM (DomainKeys Identified Mail) is another way of Email Authentication. This method uses information about Domain Names which is published by the Domain owner. This information allows receiving email Servers to verify if the Email was sent by a legal owner of that Domain

Once TXT record which contains DKIM has been added to the DNS zone file, a special code is added to the headers of outgoing Emails. Receiving email Servers compare these headers with the information in DNS zone files and if it matches then the Email is delivered

DomainKeys(DK) and DomainKeys Identified Mail (DKIM) are different Records

DomainKeys(DK) are not available on our shared servers as DK implementation was converted to DKIM and extended in a number of ways as of cPanel 11.32 and later releases

Some differences between DomainKeys and DKIM include
Multiple signature algorithms (as opposed to just one available with DomainKeys)
More options with regard to canonicalization that can validates both header and body
Ability to delegate signing to third parties
Ability for DKIM to self-sign the DKIM-Signature header field and to protect against its being modified
Ability for wildcard option on some parameters
Ability to support signature timeouts in DNS

If having DomainKeys is a requirement we suggest upgrading to VPS Server where you will be able to set up this feature

These simple actions will let you be sure that no one is able to send spam on your behalf and your e-mail will not be delivered to spam folders

Tweet  Share  Pin  Tumble  Email

We welcome your comments, questions, corrections and additional information relating to this article. Please be aware that off-topic comments will be deleted.
Or if you need specific help with your account, feel free to contact us anytime
Thank you

More Articles Of Interest

Simple, Fast and Secure cPanel Hosting