Email Authentication
cPanel’s email authentication features provide information about outgoing messages. This helps the receiving server verify that the email is coming from a trusted sender.
Note: Both the DKIM and SPF authentication functions require the server to be a DNS server for the domain name. For more information about DNS servers, review the terms of your hosting contract.
Set up DKIMDKIM helps verify the sender and integrity of a message. It allows an email system to prove that a message was not altered during transit (meaning it is not forged), and that the message came from the specified domain.
- To use DKIM, click Enable.
- To disable DKIM, click Disable.
Note: If a warning is displayed claiming cPanel is unable to verify that the server is an authoritative nameserver for the specified domain name and either of the following scenarios is true, then please ignore it.
- The server has been changed to be the authoritative DNS server for the domain name, but the change has not yet propagated.
- The server does not view itself as the authoritative DNS server, but outside servers do view it as authoritative.
Set up SPFThis function attempts to prevent spammers from sending email while forging your domain’s name as the sender (spoofing). This authentication function works by adding IP addresses to a list, specifying computers that are authorized to send mail from your domain(s). It verifies that messages sent from your domain(s) are coming from the listed server, reducing the amount of backscatter you receive.
- To use SPF, click Enable.
- To disable SPF, click Disable.
Note: If a warning is displayed claiming cPanel is unable to verify that the server is an authoritative nameserver for the specified domain name and either of the following scenarios is true, then please ignore it.
- The server has been changed to be the authoritative DNS server for the domain name, but the change has not yet propagated.
- The server does not view itself as the authoritative DNS server, but outside servers do view it as authoritative.
Advanced Settings
This section includes a number of ways to configure SPF authentication. The available options are:
- Additional Hosts that send mail for your domains (A): The additional hosts specified here are automatically approved to send mail from your domain(s). You may add and remove hosts using the appropriate buttons.
- Additional MX servers for your domains (MX): MX entries specified here are able to send mail from your domain(s).
- Additional Ip blocks for your domains (IP4): IP addresses approved to send mail from your domain(s). Your server's main IP address is automatically included in this list. If you add IP addresses, you must use CIDR notation. (Example:
192.168.0.1/32)- Include List (INCLUDE): This feature allows you to specify additional hosts to include in your SPF settings. This is useful when sending mail with another service.
- All Entry (ALL): If you enable this option, the SPF feature causes hosts that are not defined in the above lists to fail. If you disable this option, the SPF feature will not cause undefined hosts to automatically fail; instead, undefined hosts will be marked as Neutral. When a server receives mail from a neutral host, the server will act as if SPF was not enabled. Once you have tested the entries in the above lists and confirmed that they are correct, you should enable this feature.
- Overwrite Existing Entries: If you select this option, the system will overwrite existing SPF entries.
Click Update to save your changes.
Additional InformationAdd Headers in DKIM
If you already use DSO and you enable DKIM, emails sent will not have information in the Return-Path, Reply-To, or From fields in the email header. As a result, DKIM will show that
nobodyis the sender. If you use a PHP script, you should manually add the headers. The following is an example of a PHP script that adds the missing parts to an email header:$to = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
'Return-Path: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .mail($to, $subject, $message, $headers);
?>
The spf_installerYou can use the
spf_installfunction via the command line to add an SPF record to the zone files for all domains that belong to a user.For example, to add an SPF record to all domains registered to username
johnon the cPanel server, run the following command asroot:
/usr/local/cpanel/bin/spf_installer johnIf the script is successful, you will not receive confirmation via the command line. Instead, navigate to Home >> cPanel >> Email Authentication on each domain owned by the user. The SPF status will show as Enabled.