cPanel SPF, DKIM, and DMARC Setup Guide

Configure SPF, DKIM, and DMARC records in your cPanel to protect your domain and improve email deliverability. These authentication protocols verify sender identity, prevent phishing and spoofing, and help your emails reach the inbox instead of the spam folder. This guide explains how to set up each record step-by-step.

Before You Start: The One-Click Method

Before proceeding with a manual setup, check for an automated option. This is often available if your DNS is hosted on the same server as your cPanel.

1. Log in to cPanel and navigate to the Email Deliverability tool.

2. Look for your domain in the list.

3. If you see a “Repair” or “Install Suggested Record” button, click it. cPanel will attempt to create the necessary SPF and DKIM records for you automatically.

If you don’t have this option, or if your DNS is managed by a separate provider (like Cloudflare or GoDaddy), you’ll need to follow the manual steps below.

Step 1: Set Up Your cPanel SPF Record

There are two main options for this.

Option A: Using PowerSPF (Managed Solution)

A managed SPF solution like PowerSPF helps avoid the 10-DNS-lookup limit and masks your sending sources. So, if you already have a PowerDMARC account, follow these steps:

1. Copy the unique SPF value provided in your PowerDMARC portal.

2. In cPanel, go to Domains > Zone Editor.

3. Click “Manage” for the relevant domain.

4. Find your existing SPF TXT record, click “Edit”, and replace the content in the “Record” field with the value you copied.

5. If you don’t have an SPF record, click “+ Add Record” and create a new TXT record.

• • Name: Enter your domain name 
  • Type: TXT
  • Record: Paste the value from PowerDMARC.

6. Click “Save Record”

7. Back on the portal, when you refresh the page, you’ll see that PowerSPF is enabled, and the DNS status shows as activated.

Note: If you need to add more sending sources, you can add them directly from the portal’s mechanism. After you save, just give it a few minutes, and these new sources will be included in your SPF record automatically. 

Option B: Manual cPanel SPF Setup

1. In cPanel, go to Domains > Zone Editor and click “Manage” for your domain.

2. Add or edit a TXT record.

• Name: Enter your domain name 
• Type: TXT
• Record: Enter your SPF record.

3. Click “Save Record”. The -all tag instructs servers to reject emails from any sender not listed in the record.

Step 2: Set Up Your cPanel DKIM Record

1. First, obtain the DKIM key from your email sending service (e.g., Google Workspace, Microsoft 365). This includes a selector (the name) and a key (the value).

2. In cPanel’s Zone Editor, click “+ Add Record”

3. The record type may be TXT or CNAME, depending on your provider. For this example, we’ll use TXT.

• • Name: Enter the name provided by your service.
  • Type: TXT
  • Record: Paste the entire long DKIM key 

4. Click “Save Record”.

Step 3: Implement Your cPanel DMARC Record

For this too, you have several options.

Option A: Using PowerDMARC’s Hosted DMARC

A hosted solution simplifies report analysis and policy management.

1. Copy the hosted DMARC CNAME record from your PowerDMARC portal.

2. In cPanel’s Zone Editor, click “+ Add Record”

• Name: _dmarc.yourdomain.com. 
• Type: CNAME
• Record: Paste the value you copied from the portal

3. Click “Save Record”

4. Return to the PowerDMARC portal to validate the record.

5. Set your policy to “reject”

Option B: Manual DMARC Setup

1. In cPanel’s Zone Editor, click “+ Add Record”

2. Create a new TXT record.

• • Name: _dmarc.yourdomain.com. (or just _dmarc).
  • Type: TXT
  • Record: Start with a monitoring-only policy. 

3. Click “Save Record”. This policy will not affect mail flow but will send reports to the specified email address.

Important Note on DMARC Policies: The p=none policy is for monitoring only. It is an important first step in your DMARC journey and allows you to gather data on who is sending email from your domain without impacting mail flow.

However, to actually protect your domain, you must move to a stricter policy. After analyzing your reports to ensure all legitimate mail sources are authenticated, your ultimate goal must be to update the policy to p=reject. This tells the servers to block unauthenticated email. Enabling DMARC reporting with a service like PowerDMARC is very important, as it translates complex XML reports into human-readable charts, so that your transition to p=reject is safe and straightforward.

Step 4: Verify Your cPanel SPF, DKIM, and DMARC Records

After waiting a few minutes for the DNS changes to propagate, you can verify the setup.

1. In cPanel, return to the Email Deliverability tool.
2. The tool will scan your domain’s DNS and display the status of SPF, DKIM, and DMARC.
3. If everything is good, you will see green “Valid” checkmarks next to each protocol.

By properly configuring SPF, DKIM, and DMARC for your domain in cPanel, you can:

• Protect your domain against phishing, spoofing, and other attacks
• Improve email deliverability and have your message get delivered, instead of going unnoticed.
• Gain more visibility into who is sending emails using your domain.

For automated monitoring, easy-to-read reports, and advanced DMARC policy management, sign up on the PowerDMARC platform to take full control of your domain’s security.

• About
• Latest Posts

Yunes Tarada

Domain & Email Security Expert at PowerDMARC

Yunes is an Operations Team Lead at PowerDMARC with expert knowledge in email authentication and security. Yunes is a Microsoft-certified Azure Administrator Associate with certifications in CompTIA A+ and many more.

Latest posts by Yunes Tarada (see all)

• Stop Spam Emails: Protect Your Sender Reputation - November 29, 2025
• ActiveCampaign DKIM, DMARC, and SPF Setup Guide - November 25, 2025
• Constant Contact DKIM and DMARC Setup Guide - November 25, 2025