Page tree
Skip to end of metadata
Go to start of metadata

This document is for a previous release of cPanel & WHM. To view our latest documentation, visit our Home page.

For cPanel & WHM 11.46

(Home >> Mail >> Email Authentication)

Overview

cPanel’s email authentication features provide information about outgoing messages. This helps the server that receives the messages verify that the email comes from a trusted sender.

Note

Both the Domain Keys Identified Mail (DKIM) and Sender Policy Framework (SPF) authentication functions require the server to be a DNS server for the domain name. For more information about DNS servers, review the terms of your hosting contract.

Set up DKIM

DKIM helps verify the sender and integrity of a message. It allows an email system to prove that a message was not altered while in transit (which means that it is not forged), and that the message came from the specified domain.

  • To use DKIM, click Enable.
  • To disable DKIM, click Disable.

Note

A warning may display that claims that the system cannot verify that the server is an authoritative nameserver for the specified domain nameIf either of the following scenarios is true, ignore the warning:

  • You changed the server to be the authoritative DNS server for the domain name, but the change has not yet propagated.
  • The server does not view itself as the authoritative DNS server, but outside servers view it as the authoritative DNS server.

Add headers in DKIM

If you already use the DSO PHP handler and you enable DKIM, emails that you send will not have any information in the Return-Path, Reply-To, or From fields in the email header. As a result, DKIM will show that nobody is the sender. If you use a PHP script, manually add the headers.

The following is an example of a PHP script that adds the missing parts to an email header:

 
<?php
$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
    'Return-Path: webmaster@example.com' . "\r\n" .
    'Reply-To: webmaster@example.com' . "\r\n" .
mail($to, $subject, $message, $headers);
?>

Set up SPF

SPF attempts to deny spammers the ability to send email while they forge your domain’s name as the sender (spoofing). This authentication function adds IP addresses to a list that specifies computers that are authorized to send mail from your domain(s). It verifies that messages that your domain(s) send come from the listed server, which reduces the amount of backscatter that you receive.

  • To use SPF, click Enable.
  • To disable SPF, click Disable.

Note

If a warning displays that claims cPanel cannot verify that the server is an authoritative nameserver for the specified domain name and either of the following scenarios is true, ignore the warning:

  • You changed the server to be the authoritative DNS server for the domain name, but the change has not yet propagated.
  • The server does not view itself as the authoritative DNS server, but outside servers do view it as authoritative.

The spf_installer

You can use the spf_install function from the command line to add an SPF record to all of a user's domains' zone files.

For more information about this script, read The /bin/spf_installer Script documentation.

Advanced Settings

This section includes the following ways that you can configure SPF authentication:

SettingDescription
Additional Hosts that send mail for your domains (A):

The system automatically approves additional hosts that you specify to send mail from your domain(s).

  • Click Add to add domains.
  • Click Remove to remove domains.
Additional MX servers for your domains (MX):Specify MX entries that can send mail from your domain(s).
Additional IP Address blocks for your domains (IPv4):

IP addresses that you approve to send mail from your domain(s). The system automatically includes your server's main IP address in this list.

Note:

If you add IP addresses, you must use CIDR notation. (For example, 192.168.0.1/32)

Include List (INCLUDE):This feature allows you to specify additional domains to include in your SPF settings. This is useful when you send mail with another service.
All Entry (ALL):If you enable this option, the SPF feature causes hosts that you do not define in the above lists to fail. If you disable this option, the SPF feature will not cause undefined hosts to automatically fail. Instead, the system marks undefined hosts as Neutral. When a server receives mail from a neutral host, the server will act as if SPF was not enabled. After you test the entries in the above lists and confirm that they are correct, enable this feature.
Overwrite Existing Entries:If you select this option, the system overwrites existing SPF entries.

Click Update to save your changes.