Email delivery relies on authentication protocols like SPF, DKIM, and DMARC to prevent spoofing and ensure messages securely reach the intended recipient's inbox. Configuring these records is essential for reliable emailing.


How Email Delivery Works

When an email is sent, the receiving server checks that it originates from an authorized source before accepting. SPF, DKIM, and DMARC authenticate the sender.


SPF (Sender Policy Framework)

Validates sending servers against authorized IP addresses listed in DNS to prevent spoofing.


DKIM (DomainKeys Identified Mail)

Adds encrypted signature to verify the email signer and ensure no tampering occurred.


DMARC (Domain-based Message Authentication)

Uses SPF and DKIM to determine authentication and routing instructions for emails.


DMARC Policies

  • Reject - Rejects unauthenticated email. Best for strict enforcement.
  • Allow - Accepts unauthenticated email. Can assist in DMARC rollout.
  • Quarantine - Sends unauthenticated email to spam or quarantine folder.
  • Monitor - Doesn't reject or quarantine but reports failures. Useful for testing.

DMARC Record Syntax

  • v=DMARC1; - Starts the DMARC record
  • p=reject; - Reject policy tells the receiver to reject unauthenticated email
  • p=allow; - Allow policy tells the receiver to accept unauthenticated email
  • pct=100; - Percentage of messages the policy should apply to
  • ruf=mailto:[email protected]; - Address to send aggregate/forensic reports
  • ri=86400; - Interval in seconds between sending reports

Configuring SPF

Add an SPF TXT record in your domain's DNS listing authorized server IPs. Syntax example:

v=spf1 ip4: ~all


Configuring DKIM

Add a DKIM TXT record with your unique public key to DNS. Your email provider gives requirements.


Configuring DMARC

Add a DMARC TXT record indicating your SPF/DKIM policies. Syntax example:

v=DMARC1; p=reject; pct=100; ruf=mailto:[email protected]


Setting Up in cPanel

In cPanel:

  • SPF - Add in DNS Zone Editor or Setup SPF Record option.
  • DKIM - Generate keys in DKIM Manager, then add TXT record to DNS.
  • DMARC - Add TXT record in DNS Zone Editor based on your policies.


Implementing SPF, DKIM, and DMARC provides critical email authentication to ensure secure delivery to recipients' inboxes.



Was this answer helpful? 0 Users Found This Useful (0 Votes)