Email Deliverability in WHM

Valid for versions 82 through the latest version

Version:

82


Last modified: February 22, 2024

Overview

Use this interface to identify problems with your server’s mail-related DNS records. The system uses these records to verify that other servers can trust it as a sender.

Note:
  • Both DomainKeys Identified Mail (DKIM) and Sender Policy Framework (SPF) authentication require that you use a DNS server for the domain name. For more information about your DNS servers, contact your hosting provider.

  • The system modifies the DKIM and SPF records if it is authoritative for a domain’s DNS records.

  • For steps to set up your server’s nameservers with your registrar, read our How to Set Up Nameservers in a cPanel & WHM Environment documentation.

Manage the Domain

This section of the interface displays the following information:

  • Domain — The server’s hostname.
  • Mail HELO — The server’s HELO configuration.
    Note:

    This information only appears if the /etc/mailhelo file configuration and the domain don’t match.

DKIM

This section allows you to manage the server’s DKIM record. DKIM verifies the sender and the integrity of a message.

  • It allows an email system to prove that spammers didn’t alter an incoming message while it was in transit.
  • It verifies that the messages your server receives came from the specified domain.

Suggested DKIM record

If any problems exist with the current record, this section displays the properly-configured DKIM record values in the Suggested “DKIM” (TXT) Record section. This section allows you to perform the following actions:

  • Generate Local DKIM Key — Generate a DKIM record if one doesn’t exist.

  • Copy — Copy the Name and Value records that the system provides. If you don’t have the correct permissions to edit your record, give this information to your system administrator.

  • View — Modify the Value field’s displayed record:

    • Full — The record displays in its entirety. Use this setting if you automatically split your records.

    • Split — The record displays in 255-character parts. Use this setting if you don’t automatically split your records.

  • View the Private Key — Retrieve the suggested private key. The View the Private DKIM Key interface will appear.

    Important:

    Exposing your private DKIM key is a security risk. If others obtain your private DKIM key, they could sign emails and impersonate you as a sender. Make certain that you only provide your private DKIM key to a trusted user.

The DSO PHP handler without ModRuid2 or MPM ITK

Warning:

WebPros International, LLC does not recommend this configuration.

If you install the DSO PHP handler without ModRuid2 or MPM ITK and you enable DKIM:

  • Emails that you send will display nobody as the sender.
  • The system won’t display any information in the Return-Path, Reply-To, or From fields in the email header.

To add these fields to your email headers, add the missing fields via the following PHP script or contact your system administrator:

1
2
3
4
5
6
7
8
9
<?php
$to      = 'nobody@example.com';
$subject = 'the subject';
$message = 'hello';
$headers = 'From: webmaster@example.com' . "\r\n" .
    'Return-Path: webmaster@example.com' . "\r\n" .
    'Reply-To: webmaster@example.com' . "\r\n" .
mail($to, $subject, $message, $headers);
?>

SPF

This section allows you to manage a domain’s SPF record. SPF verifies that an approved sender sent messages originating from a domain.

Suggested SPF record

If any problems exist with the current record, a correct SPF record configuration will appear in the Suggested “SPF” (TXT) Record section. This section also allows you to perform the following actions:

  • Copy — Copy the Name and Value records that the system provides. If you don’t have the correct permissions to edit your record, give this information to your system administrator.

  • View — Modify the Value field’s displayed record:

    • Full — The record displays in its entirety. Use this setting if you automatically split your records.

    • Split — The record displays in 255-character parts. Use this setting if you don’t automatically split your records.

  • Customize — Modify the suggested SPF record. The Customize an SPF Record interface will appear.

Customize an SPF record

Use this interface to customize the system’s recommended SPF record for a domain.

  • The interface displays the domain’s current SPF name and value in the Current “SPF” (TXT) Record section.
  • The interface displays the system’s recommendations in the Suggested “SPF” (TXT) Record section.

You can configure the following settings:

Domain settings

This section allows you to define the hosts or MX servers that can send mail from a domain.

  • Click the appropriate + icon (+) under a heading to add items to the SPF record.
  • Use the text boxes under each heading to modify existing items of that type in the SPF record.
  • Click the X icon (X) for the appropriate text box to delete an item in the SPF record.

You can perform these steps under the following headings:

Additional Hosts

Under Additional Hosts, you can create and manage additional hosts that the system allows to send mail from your domain. The system automatically includes the primary mail exchanger and other servers for which you created an MX record.

Additional MX Servers

Under Additional MX Servers, you can create and manage the MX entries that can send mail from a domain.

IP Address Settings

Under IP Address Settings, you can create and manage additional IP address blocks to the domain’s SPF record.

  • The system automatically includes your server’s main IPv4 or IPv6 addresses.
  • You can use CIDR notation to update these settings (for example, 10.0.0.0/8 or 2001:db8:1a34:56cf::/64).

Additional Settings

Under Additional Settings, you can create and manage additional SPF record settings.

  • Use the items under Include List (INCLUDE) to include additional items in your SPF settings. For example, you could use this when you send email through another service, such as Mailchimp®.

  • Use the items under Exclude All Other Hosts ("-all" Entry) to exclude any hosts that the other SPF mechanisms don’t allow.

    Note:
    • If you enable this setting, the SPF feature causes undefined hosts to fail.
    • By default, the system recommends the ~all entry. This entry instructs servers to accept mail from unmatched hosts, but warn that unauthorized hosts may have sent the messages.

Preview of the Updated Record

This section displays a preview of the updated SPF record based on your current modifications.

  • Click Copy to copy the provided record.
  • Click Install a Customized SPF Record to install the new record.
Note:

If you don’t have the authority to update a domain’s SPF record, the system disables this section. Instead, click Copy to copy the provided record and send it to your system administrator.

Reverse DNS (PTR)

This section allows you to view and verify a domain’s current pointer (PTR) record. A PTR record is a DNS record that resolves an IP address to a domain or hostname. The server uses this record to perform a reverse DNS (rDNS) lookup to retrieve the associated domain or hostname. A PTR record requires an associated A record.

The interface provides information when a problem exists with this record. It also provides instructions to fix your PTR record.

Note:
  • You must have the authority to update a domain’s PTR record. If you don’t, contact the owner of the IP address.

  • If you have configured smarthosting on the server, this section won’t appear.

    • When the system relays mail through a smarthost, your server doesn’t deliver the mail. Instead, the configured smarthost delivers your server’s mail.
    • You can configure your system’s smarthost settings in the Basic Editor section of WHM’s Exim Configuration Manager interface (WHM » Home » Service Configuration » Exim Configuration Manager).

Additional Documentation