{"id":94,"date":"2026-05-25T15:32:49","date_gmt":"2026-05-25T22:32:49","guid":{"rendered":"https:\/\/cpanelreview.com\/index.php\/2026\/05\/25\/setup-spf-dkim-dmarc-cpanel-email-deliverability\/"},"modified":"2026-05-25T15:32:49","modified_gmt":"2026-05-25T22:32:49","slug":"setup-spf-dkim-dmarc-cpanel-email-deliverability","status":"publish","type":"post","link":"https:\/\/cpanelreview.com\/index.php\/2026\/05\/25\/setup-spf-dkim-dmarc-cpanel-email-deliverability\/","title":{"rendered":"How to Set Up SPF, DKIM, and DMARC Records in cPanel for Better Email Deliverability"},"content":{"rendered":"

Email deliverability is one of the most common pain points for cPanel users. You might have configured everything correctly only to find your messages landing in spam folders or bouncing back entirely. More often than not, the culprit is missing or misconfigured email authentication records. SPF, DKIM, and DMARC are three DNS records that tell receiving mail servers your emails are legitimate and not forged spam. When all three are set up properly in cPanel, your sending reputation improves dramatically and your messages reach inboxes instead of junk folders.<\/p>\n

In this guide, you will learn exactly how to configure SPF, DKIM, and DMARC records directly from your cPanel dashboard. We will walk through each step, explain what each record does, and show you how to verify everything is working correctly using free online tools. Whether you are managing a single domain or dozens, this process ensures your email infrastructure is secure and trustworthy.<\/p>\n

<\/p>\n

Understanding SPF, DKIM, and DMARC<\/h2>\n

Before diving into configuration, it helps to understand what each record does and why you need all three together.<\/p>\n

What is SPF?<\/h3>\n

Sender Policy Framework (SPF) is a DNS record that lists every server authorized to send email from your domain. When a receiving mail server gets a message claiming to be from yourdomain.com<\/code>, it checks the SPF record to see if the sending IP address is on the approved list. If the server is not listed, the message may be flagged as spam or rejected outright. SPF is the first line of defense against email spoofing and is the oldest of the three authentication methods.<\/p>\n

What is DKIM?<\/h3>\n

DomainKeys Identified Mail (DKIM) adds a digital signature to every outgoing email. This signature is generated using a private key stored on your cPanel server, and receiving servers verify it using a public key published in your DNS. If the signature matches, the email is confirmed to have been sent by your server and was not tampered with during transit. DKIM is especially important because it survives email forwarding, unlike SPF, which can break when messages are forwarded through intermediate servers.<\/p>\n

What is DMARC?<\/h3>\n

Domain-based Message Authentication, Reporting, and Conformance (DMARC) tells receiving servers what to do when SPF or DKIM checks fail. You can instruct them to quarantine suspicious messages, reject them outright, or let them through and send you a report. DMARC also provides detailed XML reports that help you monitor who is sending email on behalf of your domain, making it an essential tool for detecting phishing attempts and spoofing campaigns.<\/p>\n

Configuring SPF Records in cPanel<\/h2>\n

Most cPanel hosting providers enable email services by default, which means your SPF record is usually auto-configured for the primary mail server. However, if you send email through third-party services like Google Workspace, Outlook 365, or a transactional email provider such as SendGrid or Mailgun, you need to update the SPF record to include those servers.<\/p>\n

    \n
  1. Log in to your cPanel dashboard and navigate to the Domains<\/strong> section, then click Zone Editor<\/strong> (or DNS Zone Editor<\/strong>, depending on your theme).<\/li>\n
  2. Locate the domain you want to configure. Look for an existing TXT record that starts with v=spf1<\/code>. If one exists, click Edit<\/strong>. If not, click Add Record<\/strong> and select type TXT<\/strong>.<\/li>\n
  3. Enter the following value, adjusting the include statements to match your services:
    \nv=spf1 +a +mx include:_spf.yourhostingprovider.com include:spf.protection.outlook.com ~all<\/code><\/li>\n
  4. Replace _spf.yourhostingprovider.com<\/code> with your hosting provider’s SPF include, and add an include<\/code> for each third-party service you use. The ~all<\/code> tag means “soft fail” \u2014 messages from unauthorized servers are marked as suspicious but not rejected.<\/li>\n
  5. Click Save Record<\/strong>. DNS changes can take anywhere from a few minutes to 48 hours to propagate, though most updates resolve within an hour.<\/li>\n<\/ol>\n

    Enabling DKIM Signing in cPanel<\/h2>\n

    cPanel makes DKIM configuration remarkably simple through the Email Deliverability tool. This feature automatically generates the key pair and publishes the public key to your DNS.<\/p>\n

      \n
    1. In cPanel, scroll to the Email<\/strong> section and click Email Deliverability<\/strong>.<\/li>\n
    2. You will see a list of all domains on your account. Click the Manage<\/strong> button next to the domain you want to configure.<\/li>\n
    3. cPanel displays the current SPF and DKIM status. If DKIM shows as Not Enabled<\/strong>, click Enable<\/strong> in the DKIM section. cPanel generates a 2048-bit RSA key pair and automatically adds the DKIM TXT record to your DNS zone.<\/li>\n
    4. After enabling DKIM, click Validate<\/strong> to confirm the DNS record is published correctly. You should see a green checkmark next to the DKIM status.<\/li>\n
    5. Repeat this process for every domain that sends email from your cPanel server.<\/li>\n<\/ol>\n

      Note:<\/strong> If your DNS is managed externally (for example, through Cloudflare), cPanel cannot add the DKIM record automatically. You will see the required values on the Email Deliverability page and must add them manually through your external DNS provider’s control panel.<\/p>\n

      Setting Up a DMARC Policy in cPanel<\/h2>\n

      DMARC policies are not auto-configured by cPanel, so you must add one manually through the Zone Editor. A DMARC record is a TXT record with a special subdomain format: _dmarc.yourdomain.com<\/code>.<\/p>\n

        \n
      1. Go to Zone Editor<\/strong> in cPanel and select your domain.<\/li>\n
      2. Click Add Record<\/strong> and choose type TXT<\/strong>.<\/li>\n
      3. In the Name<\/strong> field, enter _dmarc<\/code>. (cPanel appends your domain automatically.)<\/li>\n
      4. In the Value<\/strong> field, enter your DMARC policy. A recommended starting policy for most site owners is:
        \nv=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@yourdomain.com; ruf=mailto:dmarc-reports@yourdomain.com; fo=1<\/code><\/li>\n
      5. Here is what each tag means:\n