Updated on Sep 17, 2019
As we all know, spam is a serious issue online, and at the same time, something we are all well familiar with. There is probably no internet user who has not come in contact with spam, especially via emails.
Currently, according to different sources and studies, 45 to 55% of all emails are spam. That is more than 15 billions spam emails per day. Due to the increasing damage for businesses done by spam, more and more systems are being implemented to push back spammers. In all of this, some legit emails may get caught in the crossfire and be sent to a spam folder or even be discarded. There is where authentication records come into play to help spam filters understand when an email has a legitimate source. The Email Deliverability toolkit is available in cPanel to help you easily utilize these anti-spoof and spam prevention records.
To increase the Email Deliverability for your domain, check the following sections:
Email Authentication Records (also called protocols, techniques, technologies or systems) are a set of values which are generated for a specific domain/DNS zone. Due to this, they cannot be later altered by a 3rd party with malicious intent. These are the marks that receiving servers look into when an email is sent towards them. If these marks are not corresponding with the zone/domain from which the email is coming, the incoming server will mark them as spam.
DomainKeys Identified Mail (DKIM) is a record that adds to the header of each email an encrypted domain name identifier string. Trust ratings are based on domain name reputation so legit businesses will experience no issues. Spammers, on the other hand, will have a bad reputation due to continuously being added in blacklists. Once the receiving server detects this and the DKIM reputation checks out, the authentication is validated.
The DKIM is unique and is not entangled with other parts of the email such as the "From:" field so it cannot be manipulated via spoofing.
The Sender Policy Framework (SPF) is one of the first significant strides against spoofing. The now popular DMARC protocol uses the result generated from the SPF and DKIM checks to link to the author's "From:" domain name. As a prerequisite technology, SPF lacks the reporting capabilities of DMARC but together, they relay enough information to the receiver regarding the trustworthy rating of the origin of the email.
So, when the outgoing email server isn't included in the SPF record connected to that specific domain, the email will be considered questionable and can be rejected by the receiver.
In short, with the SPF record, you can specify which IP addresses or hostnames are authorized to send email from a specific domain.
The Pointer record (PTR) is also called a Reverse DNS Record as it maps an IP address to a hostname unlike other DNS records that do the opposite. When entering an IP address, the PTR records will resolve to the associated domain. The PTR record compliments the A record, and in authentication checks, both are required. If there is a mismatch in these two records, the email will be marked as spam.
Before cPanel v78, users had to use the Authentication or DNS Zone Editor to manage their DKIM or SPF records. However, with v82 cPanel introduced a full-service toolkit called Email Deliverability, which can be used to manage not only DKIM and SPF but also PTR records with only a few clicks with more records potentially in the pipeline in future versions. This new feature will also automatically detect pre-existing issues with the records mentioned above and offer fast repair options. All of this is done to improve your email deliverability without the need for you to learn specific syntax of records and edit them manually.
To check your email records' validity, please access your cPanel → Email Deliverability.
Once there, you will see a list of all the domains you have added in cPanel. In this example, you can see there is an issue with the SPF record for the particular domain. To fix it you can simply click Repair and then confirm the change or preview the configuration of all records via the Manage button.
The DKIM record is valid in this example, but if there was an issue with it or it was not even generated, that would have been addressed here easily.
Next is the SPF record, which in our case lacks an IP address as part of its value. Click on the "Install the suggested record" button, and after a few seconds, you will receive a confirmation of the successful change.
Lastly, you will be able to check your PTR record. In our case, the same is valid. We are observing nominal behavior from the Email Deliverability Interface with no issues being detected.
As you can see, with just a few clicks and no prior knowledge on the topic, you can alter authentication records and increase the deliverability of your emails considerably. Of course, for more advanced users, there are also customization options in which Additional Hosts, MX Servers, and IP Addresses can be added.
At FastComet, we are using a complex Spam Filtering system for all outgoing emails on our Shared Hosting servers. It is called SpamExperts, and it is the world's leading vendor when it comes to spam filtering and prevention.
The SpamExperts integration is available on all our Shared Hosting plans, and it is also available as an add-on for our Cloud VPS/Dedicated CPU clients. The spam filtering is only available for outgoing emails, and it does not cover the incoming messages received by your email accounts.
When you connect to a mailbox (which is protected by SpamExperts) using SMTP, and you send out an email message, it will be forwarded to the SpamExperts Cloud Service. They will filter all spam emails and held them back in a queue, while sending all legitimate emails towards their final destination - Gmail, Hotmail, etc. Your emails have been sent from the SpamExperts Cloud using their IP addresses, not the Shared IP address assigned to your hosting account with us. Because of that, the SPF record set for your domain name must include the specific hostnames. That will verify that your emails are indeed passing through the SpamExperts Cloud.
The default SPF record for domains that are protected by our SpamExperts outbound filters is:
v=spf1 a:5817.submission.antispamcloud.com a:release.antispamcloud.com -all
Of course, you can also include the IP address of your server as a permitted sender by clicking on the "Install the suggested record" button. That was the issue detected by cPanel in the example which we provided in section 2.
You can't update two or more domains at the same time if their records exist on the same zone. The bulk records update is possible only in case the domains' records exist on different zones.
If you are using a remote server for your emails, you will not be able to use this particular cPanel function. In such cases, you will need to configure the DKIM and SPF records manually.
Even if you are confident in your current records configuration, we recommend that you check the new Email Deliverability function via your cPanel.