How to add/modify SPF record using CPANEL-Gmail for domain SPF

SPF stands for Sender Policy Framework.One can create SPF for a domain.It specifies which mail servers are permitted
to send mails on behalf your domain.Some mail servers don't accept incoming messages if it is coming from a domain that have no SPF record. So it's good idea to set it.

CPANEL - is widely used control panel on commercial Linux hosts. To setup SPF record for domain.
  • Login into Cpanel by tying http://example.com:2082 where example.com is your domain.
  • To write this post I logged into Cpanel where Cpanel version is 11.It is displayed at top left hand corner of the cpanel.
  •  Now look for section mail
  •  Under mail look for "Email Authentication"

  • Click on Email Authentication - Email Authentication in Cpanel
  • Under SPF section status would be Disabled - Click Enable button.It will lead to following page
  •  By default current host is included in SPF record. Click on "Go Back" and you can see following. SPF record added.
  • Now, You want to add "include" Google as email sending entity.Make sure before you start this SFP enabling you have already pointed MX record to Google mail exchanger.
  • Now Go to "Include" section on SPF record configuration page add click "Add".A popup window appear put following value





    __spf.google.com
     
    Gmail for domain SPF record Added using CPANEL 
  • By default Cpanel appends "?all" at the end of SPF record.This is as good as none.If you are sure you would not send mail other that your hosted IP and Google Check "All entry (ALL)".
  • Click Update. It will bring a status page
  • SPF has been enabled.
    Your raw SPF record is : v=spf1 a mx ip4:74.52.35.98 include:_spf.google.com -all
  •  -all at the end that means all other hosts in the world which will try to relay email on behalf of your domain will be rejected.


9 comments:

  1. My mails are going to spam folder. I have added v=spf1 include:_spf.google.com ~all

    Kindly suggest a remidy.

    ReplyDelete
  2. Thank you for this "how to"!
    It works for me! ;)

    ReplyDelete
  3. Note to others: That is ONE preceeding underscore, not TWO. _spf.google.com .

    Google describes this here: http://www.google.com/support/a/bin/answer.py?answer=178723

    Once created, you can validate your SPF record(s) here:
    http://www.kitterman.com/

    Creating an SPF is very important. I wasn't very aware of the need for SPF until I acquired a dedicated server and Hotmail started dropping emails from my domain into a black hole (without any bounce or even entrance into the recipient's spam folder).

    I don't normally use Google's servers to send mail through, but added this for safety in case I ever do such. Those who do use this simple method of adding accounts to GMail should really consider sending through your real SMTP server instead - as it looks much more professional to the recipient.

    ReplyDelete
  4. I have followed this routine as listed above but still can not have mails sent from my websites contact form delivered to me.

    ReplyDelete
  5. DKIM is another important thing to turn on, or maybe your code is just broken

    ReplyDelete
  6. How about "Publishing an SPF record that uses -all instead of ~all may result in delivery problems." ?

    ReplyDelete
  7. You should always specify '-all', in my opinion, else SPF seems useless. I don't know about '~all' (note the different prefix). I am not aware of that being valid, but perhaps I am unaware of something. If invalid, then it would certainly negate your SPF DNS record into nothingness.

    Now we have DMARC BTW, which standardizes the way SPF and DKIM are utilized.

    ReplyDelete
  8. It seems I am incorrect in my last post (moderator please don't post it ;p). That's what I get for writing before looking on a subject I'm not an expert in.

    "Publishing an SPF record that uses -all instead of ~all may result in delivery problems. See Google IP address ranges for details about the addresses for the Google Apps mail servers."

    - SRC: http://support.google.com/a/bin/answer.py?hl=en&answer=178723

    ReplyDelete
  9. I've found it. Go to the WHM panel.
    DNS functions -> Edit DNS Zone

    ReplyDelete