These are instructions on how to enable Email Authentication on your cPanel hosting account. Email Authentication is a combination of multiple features, as an effort to equip email systems with enough verifiable information to recognise genuine emails, prevent email spoofing and fight off spam.

The DKIM and SPF features are enabled by default for all domains, but some domain setups may use non-standard settings and may require adjustment. If you experience issues with the deliverability of your emails, we recommend verifying and adjusting the email authentication features, but not disabling them.

  1. Login to your cPanel control panel
  2. Go to the ‘Email Authentication’ page
  3. You’ll see a section DomainKeys. DomainKeys is an email authentication system which will verify if incoming email is actually coming from the listed sender. We recommend enabling it by clicking on the Enable button.
  4. You’ll see a section SPF. When a mailserver receives an email purporting to be from you, it may check the SPF records on your domain name to see if the server that sent the email is authorized to do so. Where SPF checking is used, it will help prevent email spoofing (where a spammer/fraudster uses an insecure email server to send email purporting to be from you). We recommend enabling it by clicking on the Enable button.
  5. You will also want to take a minute to configure the advanced settings on the page. These are:
    • Additional Hosts
    • Additional MX Servers
    • Additional IP Blocks
    • Include List – These four lists are important if you use a mailing company (for example MailChimp, ConstantContact) or third party email provider (for example Google Apps for Work, MS Office 365) - These companies will send email from your domain name and they must be included in your SPF record so the emails they send are identified as genuine. You will need to ask the respective company's technical support team exactly what to include in the SPF record. If you do not use any mailing company or third party email provider, you can leave these boxes with the default values only.
    • All Entry – We strongly recommend ticking this box, otherwise the settings won't have any meaningful effect!
      (Technically speaking: By ticking the box you’ll change the mechanism for your SPF record from “?all” (used for statistics and analysis) to “-all” which effectively means the server will reject all email that doesn’t match the mailservers and IP addresses you’ve listed in your SPF record.)
    • Overwrite Existing Entries – You should leave this ticked and click the Update button.
  6. All done! Hopefully you’ll see less nuisance emails and less spam.

You can further enhance the email deliverability and protect your domain from unauthorised use by setting up DMARC records. We have a guide showing you how to do this here: How to create a DMARC record - Maxer

Updated by SP on 06/12/2022

Was this answer helpful? 245 Users Found This Useful (547 Votes)