Email deliverability is how likely your emails are to reach the recipient's inbox rather than their spam folder. Modern email providers (Gmail, Outlook, Yahoo) require proper authentication before they trust email from your domain. The three key technologies are SPF, DKIM, and DMARC.
Please note: Screens and options may vary slightly depending on your cPanel version and hosting plan.
Using the Email Deliverability Tool
cPanel includes a dedicated Email Deliverability tool that checks your configuration and suggests fixes.
- Log in to your cPanel account.
- In the Email section, click Email Deliverability.
- You'll see a status for each domain. A green tick means the record is correctly configured. A warning triangle means action is needed.
- Click Manage next to the domain to view details and install suggested records.
SPF (Sender Policy Framework)
SPF tells receiving mail servers which servers are authorised to send email on behalf of your domain. It's published as a TXT record in your DNS.
A typical SPF record looks like:
v=spf1 +a +mx +ip4:123.45.67.89 ~all
This means: allow the server's A record, MX servers, and the specified IP to send mail, and soft-fail everything else.
To fix or add an SPF record:
- In the Email Deliverability tool, click Manage for the domain.
- If an SPF record is missing or incorrect, cPanel will suggest the correct record.
- Click Install the Suggested Record or Customise to edit manually.
DKIM (DomainKeys Identified Mail)
DKIM adds a digital signature to your outgoing emails. The receiving server can verify this signature against a public key published in your DNS, confirming the message hasn't been tampered with.
To enable DKIM:
- In the Email Deliverability tool, click Manage for the domain.
- If DKIM is not configured, cPanel will provide the key and suggest a DNS record.
- Click Install the Suggested Record.
DKIM records are TXT records on a subdomain like default._domainkey.yourdomain.com.
DMARC (Domain-based Message Authentication, Reporting & Conformance)
DMARC builds on SPF and DKIM. It tells receiving servers what to do when an email fails SPF and DKIM checks, and where to send reports about these failures.
A basic DMARC record looks like:
v=DMARC1; p=quarantine; rua=mailto:[email protected]
- p=none — Take no action on failures (monitoring only). Good for initial setup.
- p=quarantine — Move failing messages to the spam folder.
- p=reject — Reject failing messages entirely.
To add a DMARC record:
- Go to Zone Editor in cPanel.
- Click Manage for the domain.
- Click Add Record > Add "TXT" Record.
- Set the Name to
_dmarc.yourdomain.com. - Set the Record value to your DMARC policy (start with
p=nonewhile monitoring). - Click Save Record.
Recommended Setup Order
- SPF — Set up first. This is the most basic requirement.
- DKIM — Enable next. This confirms message integrity.
- DMARC — Add last, starting with
p=noneto monitor, then tightening top=quarantineorp=rejectonce you're confident legitimate email is properly authenticated.
Tips
- Always use the Email Deliverability tool to verify your records after making changes.
- If you use third-party services to send email (e.g. Mailchimp, SendGrid, Google Workspace), you'll need to include their servers in your SPF record and configure DKIM for each service.
- Monitor DMARC reports to identify unauthorised senders using your domain.
- Changes to DNS records can take up to 24–48 hours to propagate globally, though most changes take effect within an hour.
What Next?
- Managing DNS Records (Zone Editor) — Edit your DNS records directly.
- Understanding Email Routing (MX Records) — Ensure mail is routed to the correct server.
