Child pages
  • Email Deliverability in WHM
Skip to end of metadata
Go to start of metadata

(WHM >> Home >> Email >> Email Deliverability)

Overview

Use this interface to identify problems with your server's mail-related DNS records. The system uses these records to verify that other servers can trust it as a sender.

Note:

  • Both DKIM and SPF authentication require that you use a DNS server for the domain name. For more information about your DNS servers, contact your service provider.
  • The system modifies the DKIM and SPF records if it is authoritative for a domain's DNS records.
  • For information about setting up your server's nameservers with your registrar, read our How to Set Up Nameservers in a cPanel Environment documentation.

Manage the Domain

This section of the interface displays the following information:

  • Domain — The server's hostname.
  • Mail HELO — The server's HELO configuration.

    Note:

    The Mail HELO information appears if the /etc/mailhelo file configuration and the domain do not match.

DKIM

This section allows you to manage the server's Domain Keys Identified Mail (DKIM) record. DKIM verifies the sender and the integrity of a message. In addition, it allows an email system to prove that spammers did not alter an incoming message while in transit. DKIM also verifies that the messages your server receives come from the specified domain.

If any problems exist with the current record, this section displays the properly-configured DKIM record values in the Suggested "DKIM" (TXT) Record section. It also allows you to copy the Name and Value records that the system provides in the Suggested "DKIM" (TXT) Record section.

  • Generate Local DKIM Key — Generate a DKIM record, if one does not exist.
  • Copy — Copy the Name and Value records that the system provides in the Suggested "DKIM" (TXT) Record section. If you do not possess the authority to edit your record, you can provide this information to the person responsible for the listed nameservers to fix it.
  • View — Modify the Value field's displayed record:
    • Full — The record displays in its entirety. This option is for providers who automatically split their records.
    • Split — The record, divided into 255-character parts. This option is for providers who do not automatically split their records.
  • Download the Private Key — Retrieve the suggested private key. The system directs you to the Download the Private DKIM Key interface.

    Important:

    Exposing your private DKIM key is a security risk. If others obtain your private DKIM key, they could sign emails and impersonate you as a sender. Make certain that you only provide your private DKIM key to a trusted user.

Note:

If you install the DSO PHP handler without ModRuid2 or MPM ITK, and you enable DKIM, emails that you send will display nobody as the sender. The system will not display any information in the Return-PathReply-To, or From fields in the email header.

To add these fields to the email headers, contact your hosting provider and request that they add the missing fields via the following PHP script:

<?php
$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
    'Return-Path: webmaster@example.com' . "\r\n" .
    'Reply-To: webmaster@example.com' . "\r\n" .
mail($to, $subject, $message, $headers);
?>

Warning:

cPanel, L.L.C. does not recommend this configuration.

SPF

This section allows you to manage your domain's Sender Policy Framework (SPF) record. SPF verifies that messages sent from your domain originate from an approved sender.

If any problems exist with the current record, a correct SPF record configuration will appear in the Suggested "SPF" (TXT) Record section. This section also allows you to perform the following actions:

  • Copy — Copy the Name and Value records that the system provides in the Suggested "SPF" (TXT) Record section. If you do not possess the authority to edit your record, you can provide this information to the person responsible for the listed nameservers to fix it.

    Note:

    The View option allows you to modify the record displayed in the Value field:

    • Full — The record displays in its entirety. This option is for providers who automatically split their records.
    • Split — The record is divided into 255-character parts. This option is for providers who do not automatically split their records.
  • View — Modify the Value field's displayed record:

    • Full — The record displays in its entirety. This option is for providers who automatically split their records.
    • Split — The record is divided into 255-character parts. This option is for providers who do not automatically split their records.
  • Customize — Modify the suggested SPF record. This directs you to the Customize an SPF Record interface.

Customize an SPF Record

Use this interface to customize the system's recommended SPF record for a domain. The interface displays the domain's current SPF name and value in the Current "SPF" (TXT) Record section, if one exists, and the system's recommendations in the Suggested "SPF" (TXT) Record section.

You can configure the following settings:

Domain Settings

This section allows you to define the hosts or MX servers allowed to send mail from your domain.

SettingDescription
Additional Hosts

Additional hosts that the system allows to send mail from your domain. The system automatically includes the primary mail exchanger and other servers for which you created an MX record.

  • Click Add A New "Host (+a)" Item to add a new host to the domain's SPF record.
Additional MX Servers

The MX entries allowed to send mail from your domain.

  • Click Add A New "+mx" Item to add a new MX entry to the domain's SPF record.

IP Address Settings

This section allows you to add additional IP Address blocks to the domain's SPF record. The system automatically includes your server's main IPv4 or IPv6 addresses in these lists.

Note:

You can use CIDR notation (for example 10.0.0.0/8 for IPv4, or 2001:db8:1a34:56cf::/64 for IPv6).

Additional Settings

This section allows you to modify additional SPF record settings.

SettingDescription
Include List (INCLUDE)

Additional domains to include in your SPF settings. Use this setting, for example, when you send email through another service, such as Mailchimp ®.

  • Click Add A New "+include" Item to add a new domain approved to send mail from your domain.
Exclude All Other Hosts ("-all" Entry)

Exclude any hosts that the other SPF mechanisms do not allow.

Note:

  • If you enable this setting, the SPF feature causes hosts that you do not define to fail.
  • By default, the system recommends the ~a authorization.

Preview of the Updated Record

This section displays what the updated SPF record will look like, based on its current modifications. Click Install a Customized SPF Record to install the new record.

Note:

If you do not possess the authority to update a domain's SPF record, the system disables the Install a Customized SPF Record option. Use the Copy option to copy the provided record in the text box to your computer's clipboard. Email this information to the person responsible for the nameservers and request that they update the SPF record on the authoritative nameserver.

Reverse DNS (PTR)

This section allows you to view and verify a domain's current pointer record (PTR). A PTR record is a DNS record that resolves an IP address to a domain or host name. The server uses this record to perform a reverse DNS (rDNS) lookup to retrieve the associated domain or host name. A PTR record requires an associated A record.

The interface provides information when a problem exists with this record. It also provides instructions for how to fix your PTR record.

Note:

  • You must have the authority to update a domain's PTR record. If you do not, contact the owner of the IP address. For example, the IP address's data center or your service provider.
  • If smarthosting exists on the server, it will not display this section. When the system relays mail through a smarthost, your server does not deliver the mail. Instead, the configured smarthost delivers your server's mail.

  • You can configure your system's smarthost settings in WHM's Exim Configuration Manager - Basic Editor interface (WHM >> Home >> Service Configuration >> Exim Configuration Manager).

Additional documentation