Configure SPF, rDNS, DKIM, and DMARC for email

by | Jul 5, 2025

Introduction

Sending and receiving email should be straightforward, but a lot of background checks happen before your organization’s email is delivered reliably and securely. Use this article to activate SPF, rDNS, DKIM, and DMARC to make sure your email reaches recipients, and protects your email server from crippling outcomes like dropped email and public blacklisting.

undeliverable email header

“Undeliverable”: What cost a lost email that you never know a recipient has not seen?

Click open the headers below to learn about email deiverability and “trust”. Please read through this entire article before starting to engage individual modifications to your email server. Changes you make are done so at your risk so be sure to contact us for general advice if you are in doubt. Support options are available for professional assistance. Click on images to view at full-sized resolution.

Why do these protocols matter?

If you do not put a stamp on a letter, it probably will not reach its destination, and without a return address you will certainly never know what happened to the letter.

Similarly, without SPF, rDNS, DKIM, and DMARC, email that you send will be erratic and unpredictable. This is because industry tools to assess “trust” are not operational. You may think “it has never been a problem before”. Partly this is because when email does not reach a recipient, you know you sent it but the recipient does not know it was supposed to be received.

Everyone has sent an email that has never reached its target. These protocols are why most failures happen, and in business communications…. it matters. The protocols we cover in this article enable your suppliers’ and customers’ email servers to “trust” your email and its “brand”.

“Postage stamps” for email

The one question we are posed by clients in 25 years of IT support more than anything else is the plaintive “why aren’t my emails getting through?”. Hopefully, it is only because of a badly spelled email address. Often, though, the answer is that outgoing email is not sending adequately “stamped” emails with “return addresses”.

Protecting your identity – “trust”

Protocols like SPF, rDNS, DKIM, and DMARC are email’s a little bit like postage stamps. When the bar code on a postage stamp is recognized as authentic, the envelope is sent to its destination. Similarly, protocols enable receiving email servers to measure and “trust” the authenticity of your communication. Put another way, these protocols protect your email from being measured as spam or malicious email.

Self serve guides for implementing email protocols

Your web server is optimised for delivering your web pages. If email is included in your package, we have made sure that an email server is enabled with necessary email tools. However, like flat-pack furniture, your email server is minimally configured and the protocols described here need to be aligned with your domain name.

These domain name modifications can only be manually configured by you or your agent. If we look after your domain name, we would configure these modifications within your ongoing support. If we do not have admin privileges for your domain name’s “zone record”, and you have elected against support, then you need to configure your domain name’s zone record.

If you do not have expert in-house IT skills, consider our DNS configuration service and ongoing support plans.

DNS Configuration – Professional support

DNS is awkward technology, even for IT pros. If you purchased your domain before you began using our servers and you want us to manage your domain name records for you, we can still administer your domain name records (DNS) annually for £75, including periodic updates as they are required. Use the PayPal QR code at the bottom of our home page for to send us payment, or contact us to arrange invoicing for our DNS service. This is included in optional support arrangements that you may already subscribe to.

DNS Configuration – self-service option

Use our “self-serve” guides linked below to implement SPF, rDNS, DKIM, and DMARC. There are a few ways to deal with these modifications, and it really depends on how your domain name, and your authoritative nameservers are configured. Read more about deciding where to manage your authoritative nameserver here. So these articles might not be exactly on point for your situations. Again, ask us for advice. Implement the protocols in the order listed:

  1. How to configure SPF
  2. How to configure rDNS
  3. How to configure DKIM
  4. How to configure DMARC

Tips and tricks

  • some protocols may take up to 24-72 hours to resolve
  • read through each guide before starting
  • monitor email for a week or so before enabling the next protocol
  • do not make DNS modifications during heavy traffic/important projects
  • document what you do (e.g. screen shots) so that you have a note of “last known” working state

Bear in mind that changes made to domain names happen in real time, and errors can cause web site and email outages that could take up to 72 hours to restore. If in doubt, contact us first.

 

Summary

Email is vulnerable to malicious attacks that pose risks to your online identity, reputation, and hijack. Implementing SPF, rDNS, DKIM, and DMARC helps to ensure that your outgoing email reaches recipients.

Implementing these kinds of services is challenging without experience. If you do not have expert in-house IT skills, consider our email configuration service and ongoing support plans. We are glad to quote on request.

How to back up your web server with cPanel

by | Jun 17, 2025

Backup vs Backup Wizard

Use our cPanel utilities to backup and restore web site data content, databases, and other data on your web server.

cPanel backup wizard

cPanel backup utility provides workflows for backing up and restoring web site and email content

Using cPanel’s Backup utility, you can select from data sets we have already backed up and download the files to your local drives for safekeeping.

Using cPanel’s Backup Wizard utility, you can design your own backups. You can backup some or all or your content. Also, you can backup incremental backups which are useful when you only need to backup minor changes since your last full backup. You can store your files locally, restore them to your server, and you can use the content when migrating to a new server.

Click on the headers below to find out how to use cPanel Backup and Backup Wizard. Click on images to view full size.

Download Backups using cPanel Backup

og into your web server’s control panel – we call it cPanel. You can find how to log into your services from the web server data sheet we have provided you with.

At your cPanel dashboard, either search for Backup or scroll to the section called Files and click on the optin called Backup.

cPanel backup option

About cPanel Backup

cPanel BAckup lists backups that are already made and stored on your web server. These are available in a pulldown list, including full and partial backups, that you can download. The list includes backups that we have executed as we deal with daily mantenance. You can download these backups,

Export backup from server

We recommend that you download backups to your local drives, and you can find help for copying backups at datacneter speeds to Google Drive, OneDrive, Dropbox, etc. Also, to conserve space and improve web page delivery speeds, not that we rotate backups so that (at time of writing we only maintain the two latest backups.

About Restore

In cPanel Backup, there is an option to restore backups. If you are resroting full and partial backups, be aware that you should restore data sets in date order, starting with the earliest date stamp.

 

Create backups and restore with Backup Wizard

Use cPanel Backup Wizard to create and download backups. Also, you can restore backups using this option.

cPanel backup wizard

 

Backup Wizard – more options

Backup Wizard offiers more granularity, giving you the option to select individual data sets, like your WordPress site, or your MySQL database which attaches to your WordPress site, or your email. Also, you can execute partial backups if changes that you have made to your web site are minimal.

Using Backup Wizard you can create your own backup profile. Downloading files that we have created may limit what you are able to do.

Summary

cPanel’s backup utilities have proven to be reliable, however a lot of things can go wrong with backups. Your server might backup files accurately, but the data could be corrupted as it is saved because of a power brownout. Or, data might be damaged in transit as the data set is transferred elsewhere. So, although we take “snapshots” of your web site, they are not guaranteed, and we only keep update that are current over the last 2-4 weeks.

Therefore, you should only rely on our working backups as part of your risk management. Professionals use an array of tools to provide duplication and/or availability. In some case, professionals mirror two or more geographically remote servers to cover a primary server failure. In some cases, this is economical and we can implement these kinds of services.

You can protect against a single point of failure failure by developing a strategy which covers two or more methods to secure data. For instance, your web designer may keep backups. Usually these conserve work in progress so that there is a “last known working state”. You might need to maintain a longer history of backups.

Your web designer will be glad to discuss backup strategies with you because you might mutually and economically share utilities and avoid extra cost. Also, we are always glad to help if you do not have a professional developer but need advise about strategy and products. 

Configure DKIM in cPanel

by | Apr 3, 2025

Verify outgoing email with DKIM

Use DKIM (DomainKeys Identified Mail) to reduce the chance of your users’ outgoing emails ending up in customer/supplier Spam or Junk folders.

DKIM configuration tool

Click on the headers below to follow our guide to configure DKIM using cPanel WHM and post your DKIM records in your domain name’s zone record at your domain registrar. Click on images to see in full resolution.

How to prepare

DKIM is already enabled on your web server. However, the service needs to be implemented. This is because the verification process requires checking a unique DKIM record which only you can add to your domain name’s “phone book” – we call the phone book a zone record. If we have ongoing access to your domain name, we would take care of this as part of the support we provide.

Before starting, you will need to understand where your domain name is managed. If your domain name is held at a domain name supplier using their nameservers, you will need to create DKIM records in the zone record at your supplier. If you own the domain, but we hold it in our management portfolio, then you might only need to make amendments in cPanel which will make things easier.

Therefore, before you proceed, prepare as follows:

  1. if in doubt, check with us where your records need modifying
  2. find your cPanel login credentials from our server information sheet
  3. (optionally) find the login credentials for your domain name supplier

We are able to manage domain names on behalf of clients. Domain name management is a critical function and unwitting errors can cause email and web site failure. If you are nervous about dealing with this technology, we can provide admin support – ask for help. For instance, if you do not have in-house expertise, we can take administrative custody of your domain to manage these kinds of jobs.

Step-by-Step instructions

1. Log in to WHM:

2. Access the DKIM Settings:

  • In the WHM dashboard, search for <Email>.
  • Click on <Email Deliverability>.

dkim configuration module

3. Select the Domain:

  • Choose the domain you want to configure DKIM for.
  • Click <Manage> next to the domain.

4. Enable DKIM:

  • In the DKIM section, click <Install the Suggested Record>.
  • WHM will automatically generate the DKIM record.

5. Copy the DKIM Record:

  • After generating the DKIM record, you will see a TXT record.
  • Copy the entire TXT record, including the v=DKIM1; part.

6. Log in to Your Domain Registrar:

  • Open your domain registrar’s website.
  • Log in with your credentials.

7. Access DNS Management:

  • Find the DNS management or zone file settings.
  • This section allows you to add or edit DNS records.

8. Add the DKIM Record:

  • Add a new TXT record.
  • In the Name field, enter the selector and domain (e.g., default._domainkey.yourdomain.com).
  • In the Value field, paste the DKIM record you copied from WHM.
  • Save the changes.

9. Verify the DKIM Record:

  • Go back to WHM.
  • In the <Email Deliverability> section, click <Manage> next to your domain.
  • Click <Check> to verify the DKIM record.

10. Test Your DKIM Setup:

  • Send a test email to ensure DKIM is working.
  • Use online tools like DKIMValidator to check if your email passes DKIM checks.

Tips for Non-IT Users

  • Take Your Time: Follow each step carefully.
  • Ask for Help: If you get stuck, don’t hesitate to ask your registrar’s support team.
  • Double-Check Entries: Ensure there are no typos in the DKIM record.
Summary

Business users do not have a lot of patience when it comes to email, and not a lot of people check Spam or Junk occasionally if at all. Email that is lost in this way costs business so DKIM, along with SPF (automatically configured for you already, DMARC, and Reverse DNS are necessary utilities for providing resilient email delivery.

Making adjustments to your domain name’s zone record requires exacting language and syntax. A missing character can cause a web site to cease functioning and disable your organisation’s email. Nor can you test a modification first – changes made have effect in real time.

Expert help available

We have decades of experience managing domain names on behalf of clients. If you are nervous about dealing with this technology, we can provide admin support for domain names and ongoing services – we can turn modifications in minimal time at reasonable cost and while saving you from risk of web site and email disruption – please ask for help if in doubt.