How to Set Up SPF, DKIM, and DMARC Records – The Easiest Way to Authenticate Users

The Ultimate Guide to Email Authentication for Hosting Clients & General Users

Email spoofing, spam filters, failed delivery, sound familiar?

If you’re running a website or business and using a domain-based email (like info@yourcompany.com), then setting up an SPF record, a DMARC policy, and a DKIM record isn’t just a good idea – it’s essential. Without them, your emails could get flagged, blocked, or impersonated.

spf-record This guide walks you through how to properly set up SPF, DKIM, and DMARC using cPanel or any DNS manager, even if you’re not a tech expert.

What Are SPF, DKIM, and DMARC Records?

✅ SPF (Sender Policy Framework)

spf-record

SPF tells receiving email servers which IPs or servers are allowed to send mail on behalf of your domain. If it’s not on the list, it’s fake and blocked.

✅ DKIM (DomainKeys Identified Mail)

dkim-record

DKIM adds a digital signature to every email your domain sends. It verifies that the content hasn’t been tampered with and came from you.

✅ DMARC (Domain-based Message Authentication, Reporting & Conformance)

dmarc-policy DMARC ties SPF and DKIM together and tells receiving servers what to do if a message fails either check. It also lets you get reports of spoofing attempts.

Step-by-Step: Setting Up SPF, DKIM, and DMARC in cPanel

1. ✅ Set Up SPF Record


  1. Log in to cPanel -> Go to Zone Editor
    b. Add an SPF TXT Record (example): v=spf1 include:zoho.com ~all

2. ✅ Enable DKIM Record


  1. Get your DKIM record from your email provider (e.g., Zoho or Google)
    b. Add a TXT record to your DNS (example): zoho._domainkey.yourdomain.com

 

3. ✅ Configure DMARC Policy


  1. Add a TXT record for _dmarc.yourdomain.com
    Record: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; sp=none; aspf=r

Best Practices & Pro Tips

– Start light with DMARC (`p=none`)
– Check for typos in DNS entries
– Use tools like MXToolbox for validation
– Rotate DKIM keys occasionally
– Review DMARC reports

Troubleshooting Common Issues

Problem Cause Fix
Emails are going to spam SPF/DKIM record not set or incorrect Double-check DNS records
Emails not delivered DMARC record policy is too strict Set DMARC to none temporarily
DKIM validation fails Key not published properly Re-copy and verify the public key
You’re not receiving reports rua= email misconfigured Use a valid inbox for reports

 

Final Words: Be the Guardian of Your Domain

Setting up SPF, DKIM, and DMARC records is non-negotiable if you’re serious about protecting your domain, brand, and users.
With just 10-15 minutes of setup, you:
– Prevent spoofing attacks
– Improve email delivery
– Build trust with your recipients
– Gain visibility into impersonation attempts

Summary

Record Purpose DNS Format
SPF Record Authorize servers to send email TXT
DKIM Record Sign the email with a digital key TXT
DMARC Policy Control spoofing policy TXT

FAQs:

1. What is SPF, and why is it important for my domain email?

Sender Policy Framework is a DNS record that authorizes specific servers to send emails on behalf of your domain. Without it, your emails might land in spam folders or get rejected by recipient servers.

2. How do I add an SPF record using cPanel?

Go to your cPanel dashboard → Zone Editor → Choose your domain → Add a TXT record with your SPF value (e.g., v=spf1 include:zoho.com ~all). Always validate it using tools like MXToolbox.

3. What does DKIM do for my domain email?

DKIM (DomainKeys Identified Mail) digitally signs your emails to confirm they were sent from your domain and haven’t been altered. It boosts deliverability and prevents tampering.

4. Where do I find my DKIM record?

Your email provider (e.g., Zoho, Google Workspace) generates the DKIM record. You then add it as a TXT record in your DNS via cPanel or your DNS manager.

5. What is DMARC policy, and how is it different from SPF and DKIM?

DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on SPF and DKIM. It tells receiving mail servers what to do if emails fail authentication (e.g., quarantine or reject them) and lets you monitor spoofing via reports.

6. How do I create a DMARC record in cPanel?

Log in to cPanel → Zone Editor → Add a TXT record for _dmarc.yourdomain.com with a value like:
v=DMARC1; p=quarantine; rua=mailto:you@yourdomain.com; aspf=r

7. Why are my emails still going to spam even after setting SPF and DKIM?

Common reasons include:

  • Missing or incorrect records
  • No DMARC policy
  • Low sender reputation
  • Content-based spam filters
  • Double-check your DNS entries and test with spam-checking tools.

8. Should I set DMARC policy to ‘reject’ right away?

Not recommended. Start with p=none to monitor issues. Gradually move to quarantine, then reject after confirming email flow is safe.

9. How can I check if my email records are working properly?

Use free tools like:

  • MXToolbox
  • Mail-tester.com
  • DMARC Analyzer
    These help validate SPF, DKIM, and DMARC setups.

10. What happens if I misconfigure my SPF or DKIM records?

Your emails may:

  • Fail delivery
  • Get flagged as spam
  • Be vulnerable to spoofing
    Always double-check syntax and values when adding records.

11. Can I get help from my hosting provider to configure these?

Yes! If you’re hosting with Nest Nepal, our support team can guide you in setting up or validating your SPF, DKIM, and DMARC records for optimal security and deliverability.

Need Help?

If you’re hosting with a provider like Nest Nepal, our support team can assist in verifying and applying your SPF, DKIM, and DMARC records.

Share this article
Shareable URL
Prev Post

How to Read Error Logs & Solve Hidden Website Issues from the cPanel Logs

Leave a Reply

Your email address will not be published. Required fields are marked *

Read next