Hi all.
I’m using cPanel for emails and having some deliverability issues and wanted to know what the following DNS records are or how to generate them, so I can add them to each domain.
DMARC
DKIM
SPF
Thanks for you help.
Wilford
A good place to start is Dmarcian . A lot of info and tools and you can sign up for a free account to get started on 2 domains. I learned a lot using them years ago.
NelsonK Leader
DMARC you don’t need and won’t buy and won’t use.
DKIM and SPF are essential to send mail, and I’ll explain their setup herein.
DMARC - You don’t need it and won’t be using it unless you’re purchasing the DMARC third party analyzer and reports based on a DMARC installation which sets and enforces policy (routing/acceptance/rejection/etc.) that you set for when you access 3rd Party Mail services like Gmail via POP or SMTP from one of cPanel’s (likely in your case) built in Mail Clients (Horde, RoundCube, etc.). I’ve never seen this deployed by anyone, never had a request for it, and I’ve seen a lot of WHM/cPanel setups.
DKIM and SPF - these records should be considered as both required (in tandem) if you wish to be able to reliably send mail via SMTP relay from your hosted account (with SMTP enabled) and have your own canonical domain name as the authenticated origin point in the mail headers. This is absolutely ESSENTIAL if you don’t want about half or more of your SMTP mail rejected either by recipient or by any SMTP relay en route to recipient. You need these.
- Make sure SMTP is authorized by your upstream.
- If you’re the up-stream, you’ll have Web Host Manager (cPanel’s WHM) and you’ll know whether or not you have SMTP enabled for the relative cPanel account. If you do have WHM, the default setting for an SMTP enabled account in “Tweak” and elsewhere is to auto-generate and auto-create DKIM and SPF entries into an enabled account’s DNS zone record, and they will be present. Also default for SMTP-enabled accounts is the placement of the correct records for subsequent validation into the /.well-known/pk-validation/ file as required.
- If you’re not the upstream yourself and are only working with a cPanel account, then after doing #1 above and verifying your upstream has SMTP enabled, ask your upstream to also generate those DNS entries automatically into your zone record. Every WHM (cPanel) host on the planet has a setup for this. (Also tell them you want AutoSSL enabled while they’re at it, preferably Comodo, but Let’s Encrypt is fine also.)
- If your upstream does have your cPanel account enabled for SMTP but can’t figure out the zone records, first start planning to get a different provider when your contract expires, and then set up (or verify) those records yourself in cPanel.
IF your upstream has your SMTP enabled but -not- set up, they’re likely to have cPanel configured so you can see an “Email Authentication” option. Go into that option and switch on both DKIM and SPF. If your upstream provider has anything close to the default WHM/cPanel settings, doing this will create the key for DKIM and create the DKIM and SPF entries and place them in your DNS zone record.
BUT IF your upstream has a different setup where the cPanel user isn’t empowered to switch those on, then likely your upstream ALREADY has your SMTP enabled AND auto-generated your DKIM keys and DKIM and SPF entries in your DNS zone records – in this case you will not likely see that “Authentication” option in your cPanel’s Email section. Instead, you can check to be sure these are assigned and configured and set up in your DNS by looking for something in your cPanel’s email section called “Email Deliverability” from which you’ll find the domain name (if you have more than one in your cP account) and click on the MANAGE icon to its right. You’ll then be shown the DKIM and SPF and PTR records from your DNS Zone records for that canonical domain name.
DKIM should look like this:
Name: default._domainkey.(yourdomainname.tld).
Value: v=DKIM1; k=rsa; p=(big long private key here);
SPF should look like this:
Name: (yourdomainname.tld).
Value: v=spf1 +a +mx +ip4:(your upstream server’s IPv4 address for SMTP) +ip4:(your site’s unique or shared IPv4 address) ~all
Reverse DNS (PTR Record) should look like this:
Name: (your site’s unique or shared IPv4 address).in-addr.arpa.14.175.154.184.in-addr.arpa.
Value: (yourdomainname.tld).
If they don’t look like that, or if you don’t have either option in your cPanel email, then your only option is to contact your upstream provider and have them set it up for you , assuming it’s in your contract to receive it.
Hope this has been helpful.
If so, please mark this as being the solution.
Thanks!
-Nelson
Curated by: https://www.ParagonHost.net
