Email Authentication in cPanel
In this article, we want to show you how to use the e-mail authentication tools available in cPanel.
Difference between Email Filtering and Email Authentication
Both actions are used to prevent email spam, but their application is radically different and they cannot be used interchangeably.
Email filters scan the contents of the incoming messages while the authentication tools are used to authenticate the identity to the outgoing mail sender.
Email filters work mostly on the receiving mail server while the email authenticaion DNS records are published on the sending mail server.
Email filters work using mostly text-based tools, while email authentication tools work on a DNS basis.
You can activate all available authentication tools (DKIM, SPF, DMARC) and yet send several thousand spam messages - the availability of correct authentication records will not prevent the filtering on the receiving email servers.
Usually the email authentication checks are done on a mail server level basis while email filtering is mostly activated as user/account level action.
cPanel's Email Authentication
cPanel's Authentication interface allows you to enable or disable Domain Keys Identified Mail (DKIM) and Sender Policy Framework (SPF). The system uses this information to verify that a trusted sender sent the messages.
To enter cPanel Authentication interface go to cPanel > Email and click on Authentication link:
Domain Keys Identified Mail (DKIM)
When DKIM is enabled the receiving email server extracts the signature and claimed
From: domain from the email headers.
The public key is retrieved from the DNS system for the claimed
From: domain. The public key is used by the receiving mail system to verify that the signature was generated by the matching private key.
DKIM verifies the sender and integrity of a message. It allows an email system to prove that spammers did not alter an incoming message while in transit (forgery), and that the messages that your domains receive come from the specified domain.
To enable DKIM, click Enable. To disable DKIM, click Disable.
Sender Policy Framework (SPF)
SPF adds all IP addresses to a list of servers that can send mail from your domain. The receiving mail server extracts the domain's SPF record, and then checks if the source email server IP is approved to send emails for that domain.
To enable SPF, click Enable. To disable SPF, click Disable.
DKIM and SPF Online Checker
You can check if your DKIM and SPF records are valid using this proven for many years online toolbox:
When checking DKIM you must include a colon and the selector name at the end of the domain name. That is needed because you can use different selectors with a single domain name -
If you are sending email from your website do not use those simple PHP scripts that are circling the web. We recommend using phpMailer as proven email script that offers both complete compliance with the latest RFC and excellent security features like SMTP Authentication and SSL.
We'll show you how to use phpMailer in another tutorial.
DKIM and SPF are excellent tools that authenticate your true identity as an email sender by proving your mail server's IP address (SPF) and by publishing the public key (DKIM).