Knowledgebase

Email Authentication (SPF, DKIM & DMARC) – Firstserv Guide

This guide explains how to configure SPF, DKIM, and DMARC for your domain to improve email security and deliverability.

These methods help verify that your emails are legitimate and protect your domain from spoofing and spam.

What Are SPF, DKIM & DMARC?

SPF (Sender Policy Framework)

SPF is a DNS record that:

• Lists which servers are allowed to send email on behalf of your domain
• Helps receiving mail servers detect forged or spoofed emails

✅ If the sending server is authorised → email is accepted
❌ If not → email may be rejected or marked as spam

DKIM (DomainKeys Identified Mail)

DKIM uses encryption to:

• Attach a digital signature to outgoing emails
• Allow receiving servers to verify the message hasn’t been altered

✅ Works like a digital certificate to prove authenticity

DMARC (Domain-based Message Authentication, Reporting & Conformance)

DMARC builds on SPF and DKIM:

• Defines how receiving servers should handle failed authentication
• Provides reporting on email authentication activity

✅ Adds an extra layer of protection against spoofing and phishing

Before You Start

This guide applies if your domain is using Firstserv email services.

If you use an external provider (e.g. Google Workspace or Microsoft 365), you’ll need to follow their specific DNS requirements instead.

Setting Up SPF & DKIM in cPanel

Step 1: Open Email Deliverability

1. Log in to cPanel
2. Go to Email → Email Deliverability

Step 2: Manage Your Domain

• Click Manage next to your domain

Step 3: Apply Recommended Records

• You’ll see suggested SPF and DKIM records
• Click:

  Install the suggested record
  

  for both

✅ This will automatically configure the correct records

Optional: Repair Records

• If anything is misconfigured, click Repair to restore defaults

Editing SPF & DKIM Records (Optional)

If you need custom settings:

• Go to cPanel → Domains → Zone Editor
• Modify or remove existing records as needed

Setting Up DMARC

Step 1: Open Zone Editor

1. In cPanel, go to Domains → Zone Editor
2. Click Manage next to your domain

Step 2: Add a DMARC Record

1. Click + Add Record → Add DMARC Record
2. Expand Optional Parameters to customise settings

Key DMARC Settings

• Policy (p)

  • none → Monitor only
  • quarantine → Send failed emails to spam
  • reject → Block failed emails

• Subdomain Policy (sp)

  • Applies rules to subdomains

• Alignment (adkim / aspf)

  • Relaxed or strict matching for DKIM/SPF

• Percentage (pct)

  • Percentage of emails affected

• Reports (rua / ruf)

  • Where to send DMARC reports

View Raw Record

• Use the Raw tab to see the DNS entry before saving

Best Practice: Rolling Out DMARC Gradually

To avoid blocking legitimate emails, implement DMARC in stages:

Step 1: Monitor Mode

Policy: none

• Collect reports
• Identify all valid email sources

Step 2: Quarantine Mode

Policy: quarantine

• Start with a low percentage (e.g. 20%)
• Gradually increase as confidence improves

Step 3: Reject Mode

Policy: reject

• Fully enforce protection
• Block unauthorised emails completely

Important Notes

• ✅ Ensure all legitimate sending sources are included in SPF
• ✅ DKIM must be correctly configured for signing emails
• ✅ DMARC relies on SPF and DKIM being accurate
• ⚠️ Incorrect configuration may block valid emails

Summary

• SPF → Authorises sending servers
• DKIM → Verifies message integrity
• DMARC → Defines how failures are handled

Together, they:

• Improve email deliverability
• Protect your domain from spoofing
• Provide visibility into email activity

Need Help?

If you’re unsure about your DNS records or need help implementing SPF, DKIM, or DMARC correctly, the Firstserv support team is always happy to assist.