title: Email Deliverability in cPanel created at: Mon Oct 21 2024 09:17:27 GMT+0000 (Coordinated Universal Time) updated at: Sat Feb 08 2025 14:22:32 GMT+0000 (Coordinated Universal Time) --- # Email Deliverability in cPanel # Overview Use this interface to identify problems with your mail-related DNS records for one or more of your domains. The system uses these records to verify that other servers can trust it as a sender. !! Important !! For the *Email Deliverability* interface to appear, your hosting provider **must** enable *Email Deliverability* in WHM’s [*Feature Manager*](https://docs.cpanel.net/whm/packages/feature-manager) interface (*WHM » Home » Packages » Feature Manager » Feature Lists*). !! Once the hosting provider enables the *Email Deliverability* interface, both DKIM (DomainKeys Identified Mail) and SPF (Sender Policy Framework) authentication **require** that you use a DNS server for the domain name. For more information about your DNS servers, contact your hosting provider. !! If you use a third-party email service, such as [\_Gmail\_\_\_](https://support.google.com/a/answer/174124?hl=en) or [\_Microsoft Outlook 365\_\_\_](https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/use-dkim-to-validate-outbound-email?view=o365-worldwide) , refer to their documentation for instructions on configuring DKIM and SPF. # Email Deliverability table The Email Deliverability table lists your domains, provides the status of the domains’ DNS Records, and allows you to manage those mail-related DNS records: | Feature | Description | | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | *Domain* | Click the *Domain* option to order your domain alphabetically. | | ![media\_Email%20Deliverability%20in%20cPanel/QSaCHsgJZAlAY7-emaildeliverabilitygear.png](media_Email%20Deliverability%20in%20cPanel/QSaCHsgJZAlAY7-emaildeliverabilitygear.png) | Click the gear icon to select the number of entries you want to display per page or refresh the table results. | | ![media\_Email%20Deliverability%20in%20cPanel/Z7I6JakB5lgPma-emaildeliverabilitymaindomain.png](media_Email%20Deliverability%20in%20cPanel/Z7I6JakB5lgPma-emaildeliverabilitymaindomain.png) | The *Main Domain* label identifies the domain that your hosting provider used to create this account. | | *Email Deliverability Status* | This row displays the status of each domain’s mail-related DNS records. | | *Repair* | This feature allows the system to repair a domain’s invalid records. A window appears in the interface that allows you to review and confirm the system’s recommendations for any invalid records. You can copy or customize a suggested record before you approve the system’s repairs. The system will recheck any repaired records. This process can take up to five minutes, depending on the server.<br />!! Note<br />!! This option is unavailable if the system does **not** control the domain’s DNS records.<br />!! You **cannot** simultaneously update two or more domains whose records exist on the same zone. However, if two or more domain records exist on separate zones, you can simultaneously update them.<br />!! Reloading the interface does **not** interrupt the repair process. | | ![media\_Email%20Deliverability%20in%20cPanel/rpvtv\_k6LS\_0BV-manage-icon.png](media_Email%20Deliverability%20in%20cPanel/rpvtv_k6LS_0BV-manage-icon.png) | Click the [*Manage the Domain*](https://docs.cpanel.net/cpanel/email/email-deliverability-in-cpanel/#manage-the-domain) option to manually resolve issues with your domain’s mail-related DNS records. A new interface will appear. | # Manage the Domain To access this interface, click *Manage* for the domain you wish to configure. The *Manage the Domain* interface allows you to manually configure a domain’s mail-related DNS records. Use this interface to resolve any outstanding issues with a domain’s records. The top of this interface displays the following information: * *Domain* — The domain name. * *Mail HELO* — The domain’s [HELO](https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_transport_example) configuration. !! Note\ This information appears if the HELO configuration and domain do **not** match. A message about HELO configuration will also appear for the Reverse DNS (PTR) section. ## DKIM This section allows you to manage a domain’s DKIM record. DKIM verifies the sender and the integrity of a message. In addition, it allows an email system to prove that spammers did not alter an incoming message while in transit. DKIM also verifies that the messages your domains receive come from the specified domain. !! Important !! To correctly install a DKIM record, your server **must** be the authoritative nameserver. If it is not, you can locally install this record. You **must** also contact your nameserver provider to update the authoritative nameserver. If any problems exist with the current record, this section displays the properly-configured DKIM record values in the *Suggested “DKIM” (TXT) Record* section. It also allows you to perform the following actions: | Feature | Description | | ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Generate Local DKIM Key* | Generate a DKIM record, if one does not exist. | | *Copy* | Copy the *Name* and *Value* records that the system provides in the *Suggested “DKIM” (TXT) Record* section. You can provide these records to the nameserver provider for the listed nameservers to fix it. | | *View* | Modify the *Value* field’s displayed record:<br />- *Full* — The record displays in its entirety. This option is for providers who automatically split their records. <br />- *Split* — The record, divided into 255-character parts. This option is for providers who do not automatically split their records. | | *View the Private Key* | Retrieve the suggested private key. The system directs you to the *View the Private DKIM Key* interface.<br />!! Important<br />!! Exposing your private DKIM key is a **security risk**. If others obtain your private DKIM key, they could sign emails and impersonate you as a sender. Make **certain** that you only provide your private DKIM key to a trusted user.<br />!! DKIM may not verify emails that you send from PHP applications, even if you’ve enabled DKIM. This means that your hosting provider installed the [DSO PHP handler](https://docs.cpanel.net/ea4/php/php-handlers) **without** the [MPM ITK](https://docs.cpanel.net/ea4/apache/apache-modules/apache-module-mpm-itk/) Apache module. If this occurs, ask your hosting provider to enable the following options in WHM’s [*Exim Configuration Manager*](https://docs.cpanel.net/whm/service-configuration/exim-configuration-manager) interface (*WHM » Home » Service Configuration » Exim Configuration Manager*):<br /> !! *Query Apache server status to determine the sender of email sent from processes running as nobody*.<br /> !! *Trust X-PHP-Script headers to determine the sender of email sent from processes running as nobody*. | ## SPF This section allows you to manage a domain’s SPF record. SPF verifies that the messages your domains send originated from a listed server. In addition, it provides a list of servers approved to send mail from your domains. If any problems exist with the current record, a correct SPF record configuration will appear in the *Suggested “SPF” (TXT) Record* section. This section also allows you to perform the following actions: | Feature | Description | | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Copy* | Copy the *Name* and *Value* records that the system provides in the *Suggested “SPF” (TXT) Record* section. You can provide these records to the nameserver provider for the listed nameservers to fix it. | | *View* | Modify the *Value* field’s displayed record:<br />- *Full* — The record displays in its entirety. This option is for providers who automatically split their records. <br />- *Split* — The system divides the record into 255-character parts. This option is for providers who do not automatically split their records. | | *Customize* | Modify the suggested SPF record. This directs you to the *Customize an SPF Record* interface. | ### Customize an SPF Record Use this interface to customize the system’s recommended SPF record for a domain. The interface displays the domain’s current SPF name and value in the *Current “SPF” (TXT) Record* section, if one exists, and the system’s recommendations in the *Suggested “SPF” (TXT) Record* section. You can configure the following settings: | Feature | Description | | ------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | *Domain Settings* | This section allows you to define the hosts or MX servers allowed to send mail from your domain:<br />- *Additional Hosts* — Additional hosts that the system allows to send mail from your domains. The system automatically includes the primary mail exchanger and other servers for which you created an MX record. <br /> - Click *Add A New “Host (+a)” Item* to add a new host to the domain’s SPF record. <br />- *Additional MX Servers* — The MX entries allowed to send mail from your domains. <br /> - Click *Add A New “+mx” Item* to add a new MX entry to the domain’s SPF record. | | *IP Address Settings* | This section allows you to add additional IP Address blocks to the domain’s SPF record. The system automatically includes your server’s main IPv4 or IPv6 addresses in these lists.<br />!! Note<br />!! You can use [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing) (for example, `10.0.0.0/8` for IPv4, or `2001:db8:1a34:56cf::/64` for IPv6). | | *Additional Settings* | This section allows you to modify additional SPF record settings:<br />- *Include List (INCLUDE)* — Additional domains to include in your SPF settings. Use this setting, for example, when you send email through another service, such as Mailchimp. <br /> - Click *Add A New “+include” Item* to add a new domain approved to send mail from your domain. <br />- *Exclude All Other Hosts ("-all" Entry)* — Exclude any hosts that the other SPF mechanisms do **not** allow.!! Note<br />!! If you enable the *Exclude All Other Hosts ("-all" Entry)* setting, the SPF feature causes hosts that you do **not** define to fail.<br />!! By default, the system recommends the `~all` entry. This entry instructs servers to accept mail from unmatched hosts, but warn that unauthorized hosts might have sent the messages. | | *Preview of the Updated Record* | This section displays what the updated SPF record will look like, based on its current modifications. Click *Install a Customized SPF Record* to install the new record.<br />!! Important<br />!! To correctly install an SPF record, your server **must** be the authoritative nameserver. If it is not, you can locally install this record. You **must** also contact your nameserver provider to update the authoritative nameserver. | ## DMARC This section allows you to set a domain’s [DMARC](https://docs.cpanel.net/knowledge-base/cpanel-product/cpanel-glossary/#domain-based-message-authentication-reporting-and-conformance-dmarc) record. A DMARC record sets a policy that tells servers how to handle mail based on the domain’s SPF and DKIM records. !! Important !! DMARC **requires** valid SPF and DKIM records. The domain **must** have valid SPF and DKIM records for the DMARC record to be active. ### Suggested DMARC record Use the *Suggested DMARC (TXT) Record* section to copy or install the system’s recommended DMARC record for your domain. To add the DMARC record, perform **one** of the following actions: * If your server is **not** an [authoritative nameserver](https://docs.cpanel.net/knowledge-base/cpanel-product/cpanel-glossary/#authoritative-nameserver) for your domain, contact your hosting provider to add the record on an authoritative nameserver. * If your server **is** an authoritative nameserver for your domain, click *Install the Suggested Record* to install the DMARC record on your domain. ## Reverse DNS (PTR) This section allows you to view and verify a domain’s current pointer record (PTR). A PTR record is a DNS record that resolves an IP address to a domain or host name. The system uses this record to perform a reverse DNS (rDNS) lookup to retrieve the associated domain or host name. A PTR record requires an associated A record. This interface provides information when a problem exists with this record. It also provides instructions for how to fix your PTR record. !! Note !! You **must** have the authority to update a domain’s PTR record. If you do not, contact the owner of the IP address. For example, the IP address’s data center or your service provider. !! If your server is a [smart host](https://en.wikipedia.org/wiki/Smart_host) , it will **not** display this section.