How to add SPF, DKIM and DMARC records


These records are designed to properly authenticate emails that you send, lowering the chances they'll be sent to Spam or Junk folders. For a more in-depth explanation, see this guide.

Note: DNS records normally propagate and start working between 15min-4hrs after you update them, but in rare cases can take up to 24hrs.

How to enable SPF and DKIM

Step 1 - Log into cPanel and click on Email Deliverability.

Note: If you do not see this option, follow the section below for How to enable SPF and DKIM Pre-cPanel 78.

9d3b831bb289aab4ce14e770c173274dbd4702a5?t=ff7f44c03ea5c2f0072b645b84658183



Step 2 - Find the domain you want to enable SPF and DKIM for, and click on Manage.

241c78f500f11d25ab5a82965a68d06d59c2a820?t=bd41620de8ee1d1f6e733060c4a75fab



Step 3 - Underneath the heading DKIM, click on Install the Suggested Record.

8f461196cab4f7857e7f9d474494eacc8021ee5d?t=a1b6368c2b299314c55e41f2b72581f6



Step 4 - After the DKIM record is installed, underneath the heading of SPF, click on Customize.

cdedd734be87d9b436dfc596d9169c6eb5e4b75f?t=66b6e413fc3dfb756a12442294eb7f97



Step 6 - Under the heading Additional Settings:
(1) Include "spf.mailcluster.com.au". If you have been asked to add other "+include" items like '_spf.google.com', use the 'Add a New +include Item' option.
(2) Click on Install a Customized SPF Record.

a02fd7a26e48464bee3ef24837aeca5c77f994c9?t=83ad4025f1228640998d3f2485c53325



How to enable SPF and DKIM Pre-cPanel 78

Step 1 - Log into cPanel and click on Authentication.

spfdkim01.png



Step 2 - Click Enable for both DKIM and SPF.

spfdkim02.png



Note: If you get a warning or error initially, wait 15 minutes and refresh the page by pressing f5 (windows) or command+f5 (mac). Once enabled you will see the below screen. Note that if you're using a Web Hosting, Reseller or Managed VPS hosting service, this is not the final step.

spfdkim04.png



Step 3 - Scroll down to find Include List (INCLUDE) and click on Add.

spfdkim05.png



Step 4 - Type spf.mailcluster.com.au and click OK.

spfdkim06.png



Step 5 - If you have been asked to add other "+include" items like '_spf.google.com', Repeat steps 3-4. Otherwise, scroll down to the bottom of the page and click Update.

spfdkim07.png


How to enable DMARC

Before you add a DMARC record, make sure you have enabled SPF and DKIM.


Step 1 - Log into cPanel and click on Zone Editor.

8266f72250b26d5b3fdb5bd13a4a31d0703e72c2?t=b709ef94bfc162d90cb3cc5a2df7fdec



Step 2 - Click Manage for the domain you want to add the DMARC to:


f2cbdfc0497ae2d4c47ab28361289365694d9de1?t=7e7ae468ec1bfda3526e558224dde2b8



Step 3 -
Click +Add Record then Add DMARC Record.

26c5e1bf1eac63c121269840205a7c011a13dcb0?t=7f8e211b3f35f3ae05ae3c61bf7b19ad



Step 4 - Confirm the DMARC settings:
(1) Set the TTL to 900.
(2) Select how you want the DMARC record to act:

None: Treat failed SPF emails as normal.
Quarantine: Send failed SPF emails to a SPAM/Junk folder.
Reject: Reject failed SPF emails completely.

(3) Click Add Record.


ca7803335ff4777e2696688bc65e7e35f887296e?t=ffc4edf671c730c123a972f08ca3f0e2


(Optional) How to Add An Advanced DMARC Record

Add a DMARC record as you would in the basic guide, but instead of clicking Add Record, click Optional Parameters first. Once DMARC configuration is complete, click Add Record.

e16bdecebbe217bf1b80b68cf77352afc6fa6841?t=a3cb35a49d45f6b6e30c03eba3ae16c9


Subdomain Policy: Set how the DMARC record applies to email accounts with subdomains.

DKIM and SPF mode: Setting either of these to Relaxed will allow the DKIM/SPF of a subdomain to pass the check if the DKIM/SPF record is for a different subdomain of the primary domain (or the primary domain itself). Setting to Strict means that the DKIM/SPF must match the exact DKIM/SPF of the specific subdomain.

a1b1c49fbdf878af298edcfd8f13b38e493c3188?t=37ed6ca3ac1939a528e52446d84d3a29


Percentage: Sets the percentage of emails which DMARC will check. It's best to leave this at 100.

55bc1e71e9327ef1644074dfeb71c8d4062f5278?t=b1e3fb6372bab619b514cd142dd4e8cc


Generate Failure Reports When: Sets which emails are included in the DMARC failed emails. Select All Checks to only include emails that fail all SPF/DKIM checks. Select Any Check to include emails that fail some, but pass other checks.

Report Format: It's best to select ARFR here as it has been specifically designed for DMARC reports.

6f2dfacd5a0e4275a800688fc21c2e27137a011b?t=d7a5ebec97e410849111fcf7ca657b48


Report Interval: Sets how often a report is sent (86400 seconds is default, which is 24hrs).

Send Aggregate Mail Reports To: Set which email accounts receive complete DMARC reports (including success, failures and partial failures).

Send Failure Reports To: Set which email accounts receive reports of emails which failed DMARC.


f6de34ba69bc31a510088cd2cbdcab944daec0cc?t=2f6d8411c94661d48001c635956c8587




Thank you for your feedback on this article.