Live Chat

Domain Scan

(empty)

Login


How to Increase Your Email Deliverability with SPF, DKIM, and DMARC
(24-aug-2024)

Laptop displaying floating email icons with text explaining how to increase email deliverability using SPF, DKIM, and DMARC.

Email deliverability is a crucial aspect of maintaining your online presence, especially for businesses. Ensuring that your emails reach your recipients' inboxes, rather than their spam folders, involves configuring SPF, DKIM, and DMARC records in your DNS settings. This blog post will guide you through the process of adding these records, explain the purpose of these records, and demonstrate how they improve email deliverability.

Understanding SPF, DKIM, and DMARC Records

SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based Message Authentication, Reporting, and Conformance) are essential DNS TXT records that help authenticate your emails.
  • SPF: Specifies which mail servers are authorized to send emails on behalf of your domain. This helps prevent spammers from sending unauthorized emails that appear to come from your domain, reducing the chances of your emails being marked as spam.
  • DKIM: Adds a digital signature to your emails, ensuring that the content hasn't been altered during transmission. This adds another layer of security, making it harder for malicious actors to tamper with your emails.
  • DMARC: Works in conjunction with SPF and DKIM, allowing the domain owner to specify how emails that fail these checks should be handled (allowed, quarantined, or rejected). DMARC also provides a mechanism for receiving reports about how emails are being processed by various email providers.

Adding SPF, DKIM, and DMARC Records to Your DNS Panel

When updating TXT records like SPF, DKIM, and DMARC, it's essential to update them in the correct DNS zone. This means you need to make these changes in the location where your domain's DNS settings are actually managed. If your domain's nameservers are controlled through a particular provider, you must ensure that the TXT records are updated in that provider's DNS management interface. It's crucial to know where your nameservers are configured because updating the records in the wrong place will not have any effect. To check what nameservers you have already updated on your domain, you can use this tool.
Alright, let's find out how we can generate an SPF record using the cPanel itself.
Important: If your emails are hosted with register.lk, you can use the steps outlined below to generate your SPF and DKIM records. However, if you're utilizing a third-party email hosting service, please ensure that SPF and DKIM records are generated through your specific email hosting provider.

How to Add an SPF Record

  1. Access cPanel:
    • Log in to your Register.lk cPanel.
    • Navigate to the "Email Deliverability" section.
    Navigating to Email Deliverability in cPanel
  2. Select Your Domain:
    • Choose the domain for which you want to set up the SPF record. The page will display the current status of the SPF and DKIM records. If the records are not properly created, the status will show "Problem Exist (DKIM and SPF)". In that case, click on "Manage".
    Selecting and Managing Domain for SPF Record
  3. Copy the SPF Record's Name and Value:
    • Copy the Name and Value fields provided under the "SPF" section.
    SPF Record Data in cPanel

Update Your Main DNS Zone

Follow the steps below only if you have pointed your domain to Register.lk hosting packages directly through nameservers. If not, you need to add the copied records to the Main DNS Zone of your domain, which is pointed to by your domain's nameservers.
  • Go to Zone Editor in cPanel.
  • Click on the Add Record button.
  • In the Name field, paste the details of the SPF record's name.
  • For TTL, keep the default value (usually 14400).
  • Select TXT as the record type.
  • In the Record field, paste the value copied in the above steps.
  • Save the record.
Next, let's move on to setting up the DKIM record. Just like SPF, DKIM is crucial for email security.

How to Add a DKIM Record

DKIM is another crucial record that ensures the integrity of your emails by adding a digital signature.
Let's find out how we can generate a DKIM record using the cPanel itself.
  1. Access cPanel:
    • Log in to your Register.lk cPanel.
    • Navigate to the "Email Deliverability" section.
  2. Select Your Domain:
    • Choose the domain for which you want to set up the DKIM record. The page will display the current status of the SPF and DKIM records. If DKIM is not set up or needs to be updated, click on "Manage".
  3. Copy the DKIM Record's Name and Value:
    • Under the "DKIM" section, you will see the DKIM record details. Copy the Name and Value fields.
    DKIM Record Data in cPanel

Update Your Main DNS Zone

Follow the same steps outlined earlier in the "How to Add an SPF Record" section to update the DKIM Record in your Main DNS Zone. Make sure you update the correct DNS management interface based on where your domain's nameservers are pointed to.

Tip:

If you don't have SPF and DKIM records already set up in your cPanel > Zone Editor, you can use the "Repair" button in the Email Deliverability section to update it automatically. However, if there is already an incorrect SPF record and DKIM record, you should manually remove the incorrect ones before adding the new records; otherwise, you would receive an error after clicking the repair button.


Alright, now that we've covered SPF and DKIM, let's move on to adding a DMARC record. Unlike SPF and DKIM, generating a DMARC record cannot be done from cPanel; we should use a third-party tool for that.

How to Add a DMARC Record

Adding a DMARC record provides an additional layer of protection and ensures that your emails are properly authenticated. Before we proceed with the steps, ensure that you have valid SPF and DKIM records already in place. To generate a DMARC record, we will use the Global Cyber Alliance DMARC Guide.
Go through the wizard to complete the following steps.
  1. Generate a DMARC Record:
  2. Set the DMARC Policy Level:
    • Choose the appropriate policy level, which determines what action should be taken if an email fails SPF and DKIM checks:
      • None: Monitor emails without affecting deliverability.
      • Quarantine: Send suspicious emails to the spam folder.
      • Reject: Block emails that fail SPF and DKIM checks.
    • For beginners, it's advisable to start with the None option.
  3. Optional: Aggregate Reports:
    • You can specify an email address to receive daily reports about email activity. Be cautious as this can lead to a large volume of reports if your domain sends a lot of emails. Consider skipping this step unless you need detailed reporting.
  4. Optional: Forensic Reports:
    • This option adds the 'ruf' tag to your DMARC policy, generating forensic reports when available. However, due to privacy regulations, these reports might not always be generated. Consider skipping this step.
  5. Subdomain Policy:
    • Decide whether you want the DMARC policy to apply to your subdomains as well.
  6. DMARC Record Frequency:
    • Choose how often you want the DMARC record to be generated.

Alright, now you can see the generated DMARC record.
This is what the result would look like: Generated DMARC Record text example with domain and parameters. Adding DMARC records can vary depending on the DNS panel you use. To update your Main DNS Zone in the cPanel, follow the similar steps you've used previously for other records.
This is how it looks like when you are setting up the DMARC record in cPanel. Screenshot showing the setup of a DMARC record in cPanel, with fields for entering the DNS record details Verifying Your SPF, DKIM, and DMARC Records
After adding the SPF, DKIM, and DMARC records, it may take some time for DNS propagation. To verify that your records have been updated correctly, you can use the following tools:

Conclusion

By properly setting up SPF, DKIM, and DMARC records, you significantly improve your email deliverability and protect your domain from email spoofing and phishing attacks. Always remember to update these records in the correct DNS zone based on where your domain's nameservers are pointed. Following these steps will help ensure that your emails reach your recipients' inboxes, improving communication and trust with your audience.

Setting up SPF, DKIM, and DMARC not only boosts your email deliverability but also helps improve your email reputation. A small effort today ensures secure and trustworthy communication.


Written by: Register.lk Support Hero - Kesaru
BACK 2 BLOG