What are SPF records?
Sender Policy Framework (SPF) records give you the ability to create a list containing IP addresses (or subnets) that you authorize to send emails on your behalf. This makes it harder for malicious email senders to hide their identity and use your email server for fraud or spam. This will prevent your domain name from being spoofed when an email is received. Doing this will protect against phishing attempts coming from your domain, as well as “identity theft” through emails.
What is DKIM?
DomainKeys Identified Mail (DKIM) helps you ensure emails are not altered between the original and final destination. Each email is signed with a private key that’s validated by a public key set in the DNS of the final destination mail server. This way, if any modifications are attempted during transit for the email, the end user will know when checking.
How to set DKIM and SPF records in cPanel?
Luckily you can set both DKIM and SPF easily by using the following steps. Please note that you’ll need to be logged into cPanel.
- Find the Email section on the home interface of cPanel
- Select “Authentication”
- Under both DKIM and SPF check to ensure that the status is set to Enabled
- If the status indicates that it’s currently disabled, click the “Enable” button
How To Set SPF Without cPanel?
This can usually depend on what you are using for the DNS management of your domain name. However you will want to add (or modify an existing) TXT record for the domain. This TXT record for your domain will contain the SPF record details.
By default, you may want to enter for the TXT record:
Example SPF Record
v=spf1 mx -all
This will prevent any server from sending emails from your domain name, except the one that is listed in your MX record for your domain name. Here is what the SPF record means, broken down.
The v=spf1 part indicates what version of SPF is being used. This will usually affect what the SPF record would look like as a whole. For this we use spf1 for the version. The next part, mx, indicates that email coming from your domain, should be checked against the server listed in the MX record for your domain. Which ties into the last part, -all. This will prevent any mail from being sent from a server that is not listed in your SPF record.