Blog

DKIM and SPF – Email Authentication in cPanel

DKIM (DomainKeys Identified Mail) is a means of verifying incoming email. It ensures that incoming messages are unmodified and from the sender from whom they claim to be. Technically DKIM provides a method for validating a domain name identity that is associated with a message through cryptographic authentication. For more information please visit http://www.dkim.org

SPF (Sender Policy Framework) system allows you to specify servers and IP addresses that are authorized to send mail from your domain(s). This feature works to prevent outgoing spam messages using your domain from other computers and servers. If someone tries to send emails spoofing your domain in their email address, the receiving servers will check if you authorized them to send email – failing which such spam will be rejected.

We assume you are already logged into cPanel of your web hosting account. Click on Email Authentication link under Mail to proceed.

By default Email Authentication is disabled. To enable each one, click the Enable button.

DKIM is enabled with just a click of a button.

No further configuration is required for DKIM. The Email Authentication screen will show you if it is active.

To enable SPF, click Enable button.

When SPF is enabled, a new TXT DNS Record is added to your domain’s DNS zone. It uses your domain’s Mail Exchanger (MX) record, A record and the IPv4 address. In most cases this default setting is good enough to authorize these servers to send email.

In addition to default configuration of SPF, the Email Authentication screen allows you to add additional hosts and make changes to the SPF record.

Email authentication helps prevent spam. The options provided in cPanel attempt to equip email messages with verifiable information so that the nature of incoming and outgoing messages can be detected automatically.

Enabling DKIM and SPF should reduce the number of failed delivery notifications you receive when spammers forge messages from your domain(s). These features also work to prevent spammers from forging messages that claim to be from your domain(s).

Email Trace to Check Email Delivery

In cPanel web hosting, there is a feature called Email Trace in section Mail. As an account admin you can login to cPanel or as an email user you can login to webmail interface to use this Email Trace feature to search through mail server logs to see what is happening with your email.

You can see details of each delivery attempt, including whether a message was delivered successfully. You can also see the delivery route for a message from your account’s mail server to a remote address.

To see the delivery status of a particular email:

1. Enter a recipient email address in the search box.
2. Click Run Report to show the Delivery Report table and the Email Server Trace diagram.

Email Rejected by RBL

These logs are very descriptive and you may not understand them all but if you study them carefully you can see what is happening with each email that is sent to your domain or is being sent from your domain to others.

Email Delivery Report

Email Trace can be very helpful in diagnosing problem with email deliveries. While spammers are trying to take over your mailboxes, we are trying to fight them back and block them from reaching you. In this fight there are times when a restriction on the server to block spammer also catches a legitimate email. This can be a problem with either the sender or recipient email server. We provide this feature to empower you, our valued client, with as much details as possible to resolve such issues.

We hope you have a great emailing experience with us. If you face any problem, please contact us and we are here to help.

Fighting Spam with SpamAssassin

SpamAssassin is an automated email filtering system that attempts to identify spam messages based on the content of the email’s headers and body. In your cPanel webhosting account you can enable SpamAssassin and configure it for your needs.

We assume that you have already logged into cPanel. Click on SpamAssassin icon under Mail.

When you login first time, you may find that SpamAssassin is not enabled and says so: SpamAssassin is currently Disabled.

All you have to do is click on the button that says Enable SpamAssassin. In the next screen it will show you if SpamAssassin has been enabled.

Once it is enabled, all your incoming emails in your account will pass through SpamAssassin.

Filters (Automatic Spam Deletion)

You can automatically delete messages marked as spam. First set the number of hits required before mail is considered spam. 5 is the default setting but it can vary from person to person. SpamAssassin when processes the incoming email, it adds scores to the likelihood of it being spam. The higher the score, more chances that is Spam.

We recommend that you first test the accuracy of SpamAssassin and fine tune it before activating automatic deletion. Or you can use Spam Box as explained below.

Spam Box

SpamBox will deliver any emails identified as spam by SpamAssassin into a separate IMAP folder named “spam”. This “spam” folder will fill up and should be emptied regularly. You can subscribe to this IMAP folder using Webmail interface or through your desktop/mobile email client software. Keep in mind this mailbox will not clear automatically. You will have to clear it yourself. You can do it right on this interface by clicking on Clear Spam Box button.

SpamAssassin™ Configuration

Click on Configure SpamAssassin to fine tune the default working of SpamAssassin. There are couple of things you can configure here and they are explained on that page but we add some more insight below.

blacklist_from: This is pretty obvious. You can enter emails or domains that you find are sending you spam regularly. They will be marked as Spam in future when you add them there. Once you have used the space provided for 5 entries and save it, more spaces will be provided when you come back to this page.

whitelist_from: This is similar to blacklist_from but here you can whitelist the domains and emails you do not want to be marked as spam.

required_score: This is explained well on the page.

score: 

You can precisely tailor SpamAssassin for your server by assigning scores to individual tests. SpamAssassin uses hundreds of tests; please see the SpamAssassin documentation at http://spamassassin.apache.org/tests.html for more information. SpamAssassin version 3.3.2 (or latest) is in use.

You can enter individual test scores in the following format:

“score” “TEST_NAME” “1 to 4 positive or negative numbers”

For example, you could enter:

score INVALID_DATE 3.2

This example sets the scores that SpamAssassin assigns to a message with an invalid date in its header.

If only one number is listed, that score is always used for the test. Setting a score to 0 will disable the test.

Once emails are processed by SpamAssassin, the scores are added up. With 3.2 assigned to INVALID_DATE, a few more hits on other tests will make the total score more than 5 and if that is the default setting then the email will be considered Spam.

You can add as many tests you want from the SpamAssassin built-in tests (link here). Even if that test is already used by default, you can override the score by adding it here.

You can add a negative score as well which will deduct it from overall score. You may like to do that if certain test makes that email legitimate.

Advanced Users with SSH/FTP Access

SpamAssassin keeps its configuration file under your home directory in a folder called “.spamassassin” (please note the name starts with a dot). Some FTP client do not show files and folders with names starting with dot because they are considered hidden files. If you have ssh access to your account, you can directly edit it using a linux editor such as nano or vi. The file is user_prefs under .spamassassin. This is the same file that you are managing via cPanel SpamAssassin interface when you make changes to configuration.

If you read more about SpamAssassin, you can configure it further using this file and create your own rules.

How to check SpamAssassin is Working?

When you receive an email, you can open it in webmail or your email client software. Please check the documentation of the email client on how to view email headers. When you view the email headers, you will see lines like these in them:

X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on SERVER-HOSTNAME

X-Spam-Level: ****

X-Spam-Status: No, score=4.7 required=5.0 tests=FH_FROMEML_NOTLD,MISSING_DATE, MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED, NO_RELAYS shortcircuit=no autolearn=no version=3.3.2

If you read the above lines carefully, SpamAssassin records all tests that added to or subtracted from the score. The line above says this email had a Spam score of 4.7. That is why it was not considered Spam and says Spam-Status: No.

Let us know if you need any further help with using SpamAssassin on your web hosting account.

Webmail Access and More

Webmail allows you to access your email from any computer with an Internet connection and a web browser. It also allows each email user access to manage their email account and password. Please make sure to log out after you have checked your email on public computers so that other people cannot read your email.

This tutorial applies to cPanel Web Hosting because Webmail access comes with built-in. We assume you have already created the email account from cPanel, and you have your email address and its password. If you do not remember the password of an email account, you can login to cPanel to reset it.

To go to the webmail interface, you enter the following address on an Internet browser such as Internet Explorer, Chrome, Firefox or Opera:

http://yourdomain.com/webmail

(replace yourdomain.com with your actual domain name)

This will redirect you to secure webmail interface (over SSL) and ask you to provide your email login details.

Enter your email address and password to login.

First time you login, you’ll be presented with three different webmail interfaces i.e. Horde, RoundCube and SquirrelMail.

Each has its own features. You can try all of them and choose the one you like by clicking on Enable AutoLoad under it. Or you would like to keep the options open, you can choose the one you like each time you login.
You also have the following options when you login to webmail:

Change Password: Change your email address password.

Forwarding Options: To forward a copy of incoming email to another email address or script.

Add Auto Responder: When you are away from computer/emails for extended period of time (e.g. on vacation), you can set your away message here. For more details check this tutorial.

Configure Mail Client: To configure email client software on your computer or mobile device.

Email Filtering: To setup email filters. For more details check this tutorial.

Email Trace: This feature allows you to review email delivery attempts for your account. You can see details of each delivery attempt, including whether a message was delivered successfully. You can also see the delivery route for a message from your account’s mail server to a remote address.

Once you are done checking your email, you can click logout on any webmail interface and it will log you out completely. Let us know if you face any problem with using webmail on cPanel Web Hosting.

Mailing List Hosting with cPanel Web Hosting

Mailing lists can simplify sending messages to a large group of people. You can add a group of email addresses to a mailing list to avoid typing those addresses each time you send a message. This can be very useful when sending newsletters or other updates to large groups of people. You can configure specific settings for your list once it is created. cPanel uses mailman software for hosting mailing lists.

Web assume that you are already logged in to cPanel web hosting account.

Click on Mailing Lists icon in the Mail section of cPanel.

There is a video tutorial available for basic steps of creating a mailing list. You can watch that video or just follow with us. We will be showing you a lot more than that.

Create a Mailing List

To create a mailing list in your web hosting account, enter the following information:

List Name: This should be a single word e.g. announcements, newsletter, staff, vendors, etc. Whatever name you choose becomes the complete email address for your mailing list e.g. newsletter@example.org where subscribers can send email.

Domain: Select the domain if you have more than one in your account.

Password: You can enter a secure password or use the Password Generator.

Access Type: Choose Public if this is a public newsletter and you would like the archives of the list to be publically available and allow anyone to register on the mailing list. If this is private company list, then you can choose Private. Private list is not advertised or listed on the mailing list page and only the admin of the mailing list approves subscriptions to it.

Click Add Mailing List to create the new mailing list.

When you create a public mailing list it will be shown that anyone can subscribe to it. When you create a private list, it will show up as follows:

Mailman Mailing Lists

Now that you have created the mailing list, it will be listed under Current Lists. You can delete the list if you do not need it and any messages posted on it will be removed. You can change the administrator’s password by clicking on Change Password. Or you can manage it by going to the Administration section by clicking Manage.

Manage a Mailing List via Mailman

When you click on Manage link it will take you out of cPanel and land you on the mailman admin page for that particular mailing list. The screen looks something like this:

Now you can enter your mailing list password to the administration section. If you already forgot your password 😉 you can reset it from cPanel. Once you are logged in, you’ll be presented with many options to configure. The default ones work out of the box but you have a very fine control of many of the options that you can choose.

When you logout you’ll be back on the admin page of the mailing list. Here you can also see some links in the footer that take you to the public page of the mailing list. That page has a link to archives and if the list is public you can view them. For private list, it requires each user to login. Keep in mind that every subscriber to the mailing list can have their own unique password to access private archives.

The page also provides an easy option for more subscribers to join. Depending on how you configure it, they can join automatically or wait for your (admin’s) approval.

We hope you have a superb mailing through mailing list hosting. If you face any problem, please feel free to contact our user friendly support team.