Email Authentication: SPF, DKIM, and DMARC
Email authentication records help verify that emails sent from your domain are legitimate. Without them, your emails are far more likely to end up in spam folders or be rejected entirely. SillyHost automatically configures SPF and DKIM for domains hosted with us, but understanding these records is important.
SPF (Sender Policy Framework)
An SPF record is a DNS TXT record that specifies which mail servers are allowed to send email on behalf of your domain.
- SillyHost automatically adds an SPF record when you create your first email account.
- A typical SPF record looks like:
v=spf1 +a +mx +ip4:YOUR.SERVER.IP ~all - If you use external email services (e.g., Mailchimp, SendGrid), you must add their include statements to your SPF record.
- You can only have one SPF record per domain. Combine all authorised senders into a single record.
DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to your outgoing emails, allowing the receiving server to verify the message was not altered in transit.
- cPanel automatically generates DKIM keys for your domain.
- To verify DKIM is enabled, go to cPanel > Email Deliverability and check the status for your domain.
- If there are issues, cPanel will provide a Repair button to fix them automatically.
DMARC (Domain-based Message Authentication)
DMARC builds on SPF and DKIM by telling receiving servers what to do when authentication fails. A basic DMARC record looks like:
v=DMARC1; p=none; rua=mailto:dmarc-reports@yourdomain.co.uk
- p=none — Monitor only, take no action on failures (good for starting out).
- p=quarantine — Send failed emails to the spam folder.
- p=reject — Reject failed emails entirely (strictest setting).
Checking Your Setup
Use the Email Deliverability tool in cPanel to review and repair your SPF, DKIM, and DMARC records. You can also use external tools like MXToolbox to verify your configuration is correct.