cPanel Mail Authentication Options
Email Authentication is the effort to equip messages of the email transport system with enough verifiable information, so that recipients can recognize the nature of each incoming message automatically. Enabling email authentication will help fight the spread of spam. Both of the methods below work to prevent forged mail from going in and out of your server. The great benefit of enabling these methods is to prevent mail from looking like it is coming from your domain(s). When enabled, these methods should reduce the amount of bounce messages or unwanted emails received when spammers "spoof" one or more of your email addresses. 1. DomainKeys - is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This ensures that messages are actually coming from the listed sender and allows abusive messages to be tracked with more ease. To turn it on, just click on the Enable button 2. SPF - will specify which machines are authorized to send email from your domain(s). This means that only mail sent through this server will appear as valid mail from your domain(s) when the SPF records are checked. If you click "enable" on the SPF button this sets up a basic SPF record that will work for mail sent from your web hosting server or your email hosting server that is set in the MX record for your domain. Using "Advanced Settings" allows you to specify further hosts that your SPF record authorises to send mail from, this adds these hosts to the DNS zone file. a) Additional Hosts that send mail for your domains (A): - All the hosts you specify here will be approved for sending mail. You do not need to specify your primary mail exchanger or any server that an MX has been created for as they are already included automatically. b) Additional MX servers for your domains (MX): - All the mx entries for every domain you specify here will be approved for sending mail. c) Additional Ip blocks for your domains (IP4): - All the ip blocks you specify here will be approved for sending mail. Blocks should be specified in CIDR format (ie 127.0.0.1/32). - The main server interface ip cannot be removed from this list if it is present. d) Include List (INCLUDE): - The SPF settings for all hosts your specify in this list will be included with your SPF settings. This is useful if you will be sending mail though another service (ex. mac.com, comcast.com, etc). e) All Entry (ALL): - If you are sure you have entered all hosts (your primary mail exchanger and any other mx entries are automatically included) that will send mail for your domain, check this box to exclude all other domains. f) Overwrite Existing Entries: - If you select this option all existing SPF records will be overwritten for all your domains with these selections.