How to setup an e-mail for website within cPanel. How to setup DKIM, SPF and DMARC DNS records, important for e-mail deliverability.

E-mail setup in cPanel and DNS

Updated: 19/02/2020.

In this post I’ll explain e-mail setup on a hosting server (using cPanel, though principle is similar for other control panels), as well as the needed setup in DNS fields. Separate posts explain SMTP mail sending with WordPress and Gmail account setup for website SMTP mail. Understanding the contents of this post is required in order to understand the noted two posts. Apart from hosting providers mail server, one can also use a separate (paid for) solution, such as MXroute – instructions for setup.

Contents:

  1. Introduction
  2. Creating an e-mail account within cPanel
  3. DNS setup for e-mail
  4. Testing
  5. Setting up external email services (if used)


1. Introduction

Protocol for e-mail exchange is far from a reliable one. In my experience: whoever says they can “guarantee” (always ask: “with what – money, reputation, or something third?”) – is either consciously lying, or just not experienced enough.

Still, I think it is good and worth doing what is up to us to create the highest possible probability for the e-mails to:

  • Arrive to the intended recipient, without getting blocked by spam filters.
  • Once they arrive, to end up in the “inbox”, not the “spam” folder.

This all starts with setting up SMTP server and relevant DNS fields, as will be explained.


2. Creating an e-mail account within cPanel

I will assume that SSL/TLS certificates have been set up properly and will not be explaining their setup here. I don’t recommend sending e-mails without SSL/TLS connection, because then the e-mail contents can be more easily seen by third parties and they are more likely to be marked as potentially “insecure/spam/phishing”. Now, let’s get to the point:

Log in to cPanel. Go to e-mail options.

Open cPanel's e-mail options Picture 1
Open cPanel’s e-mail options
Picture 1


If the email has already been created, click “Connect Devices” to see the important setup information (it is understood that you know the password). If not, click “+ Create” in order to create it.

Create a new e-mail account (a) Or see the setup of an existing one (b) Picture 2
Create a new e-mail account (a)
Or see the setup of an existing one (b)
Picture 2


When creating a new e-mail account, enter the desired name, password, limits and click “+ CREATE”.

Kreiranje novog mejl naloga: Izaberite ime (1) - "test@elektrobicikli.com" u ovom primeru Unesite (jaku) lozinku (2) Podesite limit za skladišni prostor (3) Izaberite automatsko kreiranje direktorijuma za plus-adresiranje, osim ako imate dobar razlog da to ne uradite (4) Slanje mejla sa podešavanjima nije potrebno, to ćemo uraditi iz cPanel-a (5) Kliknite "+ CREATE" (6) Slika 3
Kreiranje novog mejl naloga:
Izaberite ime (1) – “[email protected]” u ovom primeru
Unesite (jaku) lozinku (2)
Podesite limit za skladišni prostor (3)
Izaberite automatsko kreiranje direktorijuma za plus-adresiranje, osim ako imate dobar razlog da to ne uradite (4)
Slanje mejla sa podešavanjima nije potrebno, to ćemo uraditi iz cPanel-a (5)
Kliknite “+ CREATE” (6)
Slika 3


Now, [email protected] will be shown in the e-mail account list shown in picture 2. Click “Connect Devices” for that account.

You’ll get a list of SMTP client settings. Use the blue SSL/TLS options (shown in picture 4).

In addition to the username and password, you should also write down: Incoming server name and ports (1) Outgoing server name and ports (2) Picture 4
In addition to the username and password, you should also write down:
Incoming server name and ports (1)
Outgoing server name and ports (2)
Picture 4

If everything is set up properly (SSL/TLS certificates set up for mail.yourdomain.com), the mail server name is usually “mail.yourdomain.com” – in this case “mail.elektrobicikli.com”.

Information shown in picture 4 will be needed to setup mail clients, write it down.


3. DNS setup for e-mail

DNS records important for reliable e-mail delivery (and sender verification) are the following:

  • SPF (Sender Policy Framework)
  • DKIM (Domain Keys Identified Mail)
  • DMARC (Domain-based Message Authentication, Reporting & Conformance)

SPF and DKIM should have been automatically created. I’ll explain how to check this with cPanel. If you are using Cloudflare (or a custom DNS), you should set them up there as well, within DNS options. In a separate post I gave an explanation of all the mail related DNS records (as well as most other DNS records).

Go to cPanel’s Zone Editor.

Go to cPanel's Zone Editor Click "Manage" for your domain Picture 5
Go to cPanel’s Zone Editor
Click “Manage” for your domain
Picture 5


There you’ll see the SPF and DKIM records – both are “TXT” type. If a custom DNS is used, they should be created there, copy-pasting the values from the right hand column shown in picture 6. Though my recommendation for the SPF record would be the following, if using external email services:

v=spf1 include:mxlogin.com include:sendgrid.net -all

In this example, I’ve allowed mail sending from MXroute and SendGrid, but disallowed from all the others – that I’m not using, so aren’t legit (which would mean that someone is trying to send emails pretending to be bikegremlin.com).

SPF fields are nicely explained here: How to create an SPF record.

SPF and DKIM DNS records Picture 6
SPF and DKIM DNS records
Picture 6

Separate post explains how to get your domain’s DKIM record, even if using an external email service.

DMARC record needs to be added. DMARC connects SPF and DKIM records for domain validation (and preventing anyone from impersonating your domain when sending emails – phishing). How this is done in cPanel’s Zone Editor is shown in picture 7. Principle is the same for all the other DNS-s.

Click "+ Add Record" (1) Choose "Add TXT Record" (2) Picture 7
Click “+ Add Record” (1)
Choose “Add TXT Record” (2)
Picture 7
Adding a DMARC DNS record: Add _dmarc.yourdomain.com (1) Value: "v=DMARC1; p=none" (2) Click "Add Record" (3) Picture 8
Adding a DMARC DNS record:
Add “_dmarc.yourdomain.com” (1)
Value: “v=DMARC1; p=none” (2)
Click “Add Record” (3)
Picture 8


After this all has been set, one should wait for the DNS propagation to finish. It takes up to 48 hours, though usually finishes within one hour. If using Cloudflare, it’s often done within 15 minutes.

An excellent article that thoroughly explains SPF, DKIM, DMARC and how it all combines for email verification and preventing email spoofing:

How to Implement DMARC/DKIM/SPF to Stop Email Spoofing/Phishing: The Definitive Guide

On that link you can find instruction on how to setup DKIM field to be a bit more complex, offer better spoofing protection and define an email address where reports of emails that fail SPF and DKIM verification will be sent. In short, an example of better DMARC setting for a start:

v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=none; adkim=s; aspf=s; fo=1;

Then, if no problems are reported on your report email ([email protected] in this example) and you confirm there are no problems with email delivery, you can set stricter options (on the report email you will get reports in case someone tries your domain mail address spoofing):

v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=reject; adkim=s; aspf=s; fo=1;

For more details, see the above noted article. Also, you can register an account with a service that provides analysis of DMARC reports, so you don’t have to analyze report emails “manually” (either by deciphering contents, or by copy/pasting each to a DMARC analyzer). The free tool I like an use is Easydmarc. It offers basic reports for free. When using such tools, they will provide an email for the DMARC reports, so you will replace [email protected] with that email, in the DMARC field setting as shown above.

DMARC report example
DMARC report example
Picture 9


4. Testing

For testing I use mail-tester.com. Open the mail-tester website and follow instructions. Basically, you are to send an e-mail to a designated address, using the account you wish to test.

A separate article explains how to setup SMTP e-mail sending for a WordPress website.

Picture 9 shows the test results and I’ll explain below it what it means.

mail-tester.com test results Picture 9
mail-tester.com test results
Picture 10

First yellow checker explains there is no “Unsubscribe” option for unsubscribing from e-mail lists. If you are sending mailing lists, this should be implemented. For “ordinary” e-mails, it is not necessary.

The red “-1” field says that the IP address of the SMTP server I’m sending the e-mail from is listed in at least one blacklist. Which means that someone has been sending spam from that address. If you are on a shared hosting server, then it’s the hosting provider’s job to prevent the sending of spam and to get the server’s IP address off the black lists. If you have your own, dedicated IP address, then it’s your fault and your job to fix it.

Various e-mail sending services, such as SendGrid, charge extra for a dedicated IP address. If using the free IP option, it will most likely be on at least a few blacklists, since many spamers use such services.

Likewise, some services, like MXroute, strictly “cut” spamers of their servers, so there aren’t any problems even with shared IPs.


5. Setting up external email services (if used)

After I’ve set it up all nicely, I noticed one problem: emails sent from websites hosted on the same hosting server were ending up on the local server’s email, not on MXroute. If the email account gets deleted from the hosting server, it’s even worse – emails don’t get delivered at all (bounce).

Email(s) ended up on the local website hosting server
Email(s) ended up on the local website hosting server
Picture 11

This example is given for MXroute, but the principle is the same for any other external email service (MS Exchange, Gsuite…). Within cPanel, it is done the following way:

First select "Email Routing" from the "EMAIL" section within cPanel
First select “Email Routing” from the “EMAIL” section within cPanel
Picture 12
Select "Remote Mail Exchanger" (1) and click on "Change" (2)
Select “Remote Mail Exchanger” (1) and click on “Change” (2)
Picture 13

Only after this is a website properly set to use MXroute (or any other external email service – principle is the same).

DirectAdmin setup is a bit different than cPanel:

Choose MX records from the E-mail manager
Choose MX Records from the E-mail manager
Picture 14

Then you need to change options, edit the MX record (if one exists) and add the second MXroute MX record:

Uncheck (1) and click on edit (2)
Uncheck (1) and click on edit (2)
Picture 15
See chapter 5 for primary and secondary MX setup option details
See chapter 5 for primary and secondary MX setup option details
Picture 16

After this, click on “ADD RECORD” (shown in picture 15) and enter the values for secondary MX (it’s Value is 20 for MXroute).

Share...

Leave a Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.