{"id":11490,"date":"2025-05-06T14:02:31","date_gmt":"2025-05-06T08:17:31","guid":{"rendered":"https:\/\/nestnepal.com\/blog\/?p=11490"},"modified":"2026-06-22T11:56:49","modified_gmt":"2026-06-22T11:56:49","slug":"set-up-spf-record-dkim-record-dmarc-policy","status":"publish","type":"post","link":"https:\/\/nestnepal.com\/blog\/set-up-spf-record-dkim-record-dmarc-policy\/","title":{"rendered":"How to Set Up SPF, DKIM, and DMARC Records – The Easiest Way to Authenticate Users"},"content":{"rendered":"
If you’re running a website or business and using a domain-based email<\/a> (like <\/span>info@yourcompany.com<\/span><\/i>), then setting up an SPF record, a DMARC policy, and a DKIM record isn\u2019t just a good idea – it’s essential. Without them, your emails could get flagged, blocked, or impersonated.<\/span><\/p>\n This guide walks you through how to properly set up SPF, DKIM, and DMARC using cPanel or any DNS manager, even if you’re not a tech expert.<\/span><\/p>\n SPF tells receiving email servers which IPs or servers are allowed to send mail on behalf of your domain. If it\u2019s not on the list, it\u2019s fake and blocked.<\/span><\/p>\n DKIM adds a digital signature to every email your domain sends. It verifies that the content hasn\u2019t been tampered with and came from you.<\/span><\/p>\n – Start light with DMARC (`p=none`)<\/span> Setting up SPF, DKIM, and DMARC records is non-negotiable if you’re serious about protecting your domain, brand, and users.<\/span> Sender Policy Framework is a DNS record that authorizes specific servers to send emails on behalf of your domain. Without it, your emails might land in spam folders or get rejected by recipient servers.<\/p>\n Go to your cPanel dashboard \u2192 Zone Editor \u2192 Choose your domain \u2192 Add a TXT record with your SPF value (e.g., v=spf1 include:zoho.com ~all). Always validate it using tools like MXToolbox.<\/p>\n DKIM (DomainKeys Identified Mail) digitally signs your emails to confirm they were sent from your domain and haven\u2019t been altered. It boosts deliverability and prevents tampering.<\/p>\n Your email provider (e.g., Zoho, Google Workspace) generates the DKIM record. You then add it as a TXT record in your DNS via cPanel or your DNS manager.<\/p>\n DMARC (Domain-based Message Authentication, Reporting & Conformance) builds on SPF and DKIM. It tells receiving mail servers what to do if emails fail authentication (e.g., quarantine or reject them) and lets you monitor spoofing via reports.<\/p>\n Log in to cPanel \u2192 Zone Editor \u2192 Add a TXT record for _dmarc.yourdomain.com with a value like: Common reasons include:<\/p>\n Not recommended. Start with p=none to monitor issues. Gradually move to quarantine, then reject after confirming email flow is safe.<\/p>\n Use free tools like:<\/p>\n Your emails may:<\/p>\n Yes! If you’re hosting with Nest Nepal, our support team can guide you in setting up or validating your SPF, DKIM, and DMARC records for optimal security and deliverability.<\/p>\n If you’re hosting with a provider like <\/span>Nest Nepa<\/b><\/a>l, our support team can assist in verifying and applying your SPF, DKIM, and DMARC records.<\/span>What Are SPF, DKIM, and DMARC Records<\/a>?<\/b><\/h2>\n
\u2705 SPF (Sender Policy Framework)<\/b><\/h3>\n
<\/p>\n\u2705 DKIM (DomainKeys Identified Mail)<\/b><\/h3>\n
<\/p>\n\u2705 DMARC (Domain-based Message Authentication, Reporting & Conformance)<\/b><\/h3>\n
<\/span> DMARC ties SPF and DKIM together and tells receiving servers what to do if a message fails either check. It also lets you get reports of spoofing attempts.<\/span><\/p>\nStep-by-Step: Setting Up SPF, DKIM, and DMARC in cPanel<\/b><\/h2>\n
1. \u2705 Set Up SPF Record<\/b><\/h3>\n
\n
\n<\/span>Log in to cPanel -> Go to Zone Editor<\/span>
\n<\/span> b. Add an SPF TXT Record (example): v=spf1 include:zoho.com ~all<\/span><\/li>\n<\/ol>\n2. \u2705 Enable DKIM Record<\/b><\/h3>\n
\n
\n<\/span> Get your DKIM record from your email provider (e.g., Zoho or Google)<\/span>
\n<\/span> b. Add a TXT record to your DNS (example): zoho._domainkey.yourdomain.com<\/span><\/li>\n<\/ol>\n3. \u2705 Configure DMARC Policy<\/b><\/h3>\n
\n
\n<\/span> Add a TXT record for _dmarc.yourdomain.com<\/span>
\n<\/span> Record: v=DMARC1; p=quarantine; rua=mailto:dmarc-reports@yourdomain.com; sp=none; aspf=r<\/span><\/li>\n<\/ol>\nBest Practices & Pro Tips<\/b><\/h2>\n
\n<\/span> – Check for typos in DNS entries<\/span>
\n<\/span> – Use tools like MXToolbox for validation<\/span>
\n<\/span> – Rotate DKIM keys occasionally<\/span>
\n<\/span> – Review DMARC reports<\/span><\/p>\nTroubleshooting Common Issues<\/b><\/h2>\n
\n\n
\n Problem<\/b><\/td>\n Cause<\/b><\/td>\n Fix<\/b><\/td>\n<\/tr>\n \n Emails are going to spam<\/span><\/td>\n SPF\/DKIM record not set or incorrect<\/span><\/td>\n Double-check DNS records<\/span><\/td>\n<\/tr>\n \n Emails not delivered<\/span><\/td>\n DMARC record policy is too strict<\/span><\/td>\n Set DMARC to <\/span>none<\/span> temporarily<\/span><\/td>\n<\/tr>\n \n DKIM validation fails<\/span><\/td>\n Key not published properly<\/span><\/td>\n Re-copy and verify the public key<\/span><\/td>\n<\/tr>\n \n You\u2019re not receiving reports<\/span><\/td>\n rua=<\/span> email misconfigured<\/span><\/td>\n Use a valid inbox for reports<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n Final Words: Be the Guardian of Your Domain<\/b><\/h2>\n
\n<\/span> With just 10-15 minutes of setup, you:<\/span>
\n<\/span> – Prevent spoofing attacks<\/span>
\n<\/span> – Improve email delivery<\/span>
\n<\/span> – Build trust with your recipients<\/span>
\n<\/span> – Gain visibility into impersonation attempts<\/span><\/p>\nSummary<\/b><\/h2>\n
\n\n
\n Record<\/b><\/td>\n Purpose<\/b><\/td>\n DNS Format<\/b><\/td>\n<\/tr>\n \n SPF Record<\/span><\/td>\n Authorize servers to send email<\/span><\/td>\n TXT<\/span><\/td>\n<\/tr>\n \n DKIM Record<\/span><\/td>\n Sign the email with a digital key<\/span><\/td>\n TXT<\/span><\/td>\n<\/tr>\n \n DMARC Policy<\/span><\/td>\n Control spoofing policy<\/span><\/td>\n TXT<\/span><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n FAQs:<\/b><\/h2>\n
1. What is SPF, and why is it important for my domain email?<\/h3>\n
2. How do I add an SPF record using cPanel?<\/h3>\n
3. What does DKIM do for my domain email?<\/h3>\n
4. Where do I find my DKIM record?<\/h3>\n
5. What is DMARC policy, and how is it different from SPF and DKIM?<\/h3>\n
6. How do I create a DMARC record in cPanel?<\/h3>\n
\nv=DMARC1; p=quarantine; rua=mailto:you@yourdomain.com; aspf=r<\/p>\n7. Why are my emails still going to spam even after setting SPF and DKIM?<\/h3>\n
\n
8. Should I set DMARC policy to ‘reject’ right away?<\/h3>\n
9. How can I check if my email records are working properly?<\/h3>\n
\n
\nThese help validate SPF, DKIM, and DMARC setups.<\/li>\n<\/ul>\n10. What happens if I misconfigure my SPF or DKIM records?<\/h3>\n
\n
\nAlways double-check syntax and values when adding records.<\/li>\n<\/ul>\n11. Can I get help from my hosting provider to configure these?<\/h3>\n
Need Help?<\/b><\/h2>\n