Portal Home > Knowledge Base > cPanel > DKIM email authentication

DKIM email authentication

DKIM (DomainKeys Identified Mail) is an email validation system designed to detect email spoofing by providing a mechanism to allow receiving mail exchangers to check that incoming mail from a domain is authorized by that domain's administrator. A digital signature included with the message can be validated by the recipient using the signer's public key published in the DNS.

As a domain owner, you may want to add a DKIM record to your domain's DNS records to ensure that when mail servers receive your mail they can authenticate its validity and therefore won't flag it as suspicious.

The DNS record for DKIM is added as a TXT record. You do need to generate it first in order to know what your DKIM individual key is. To do this, you need to log in to cPanel and go to "Mail" > "Email Authentication". Under the DKIM section, there would be a button that either says "Enable" or Disable".

The explanation cPanel provides there about this feature is a bit inaccurate. Enabling or disabling DKIM in cPanel doesn't enable or disable the ability of your server to verify incoming email sent by someone to you (that feature as a whole is controlled at the server level, not in cPanel). If you enable DKIM in cPanel, all it does is generating a DKIM key for your domain and creates a DNS TXT record with that, so that when others receive mail sent from your domain, they can verify that mail was indeed sent from your domain and wasn't spoofed.

If you see under the DKIM section in cPanel the "Enable" button, you can click it to generate the key and the record. If you see there the "Disable" button instead, there will also be a record of the key there and you'll know the key has already been generated.

Either way, once cPanel has generated the key, there should be a TXT record for it in the DNS for your domain.

If you manage the DNS for that domain on a nameserver that exists on the cPanel server, you can go in cPanel to "Domains" > "Advanced DNS Zone Editor" and verify that the TXT record for the DKIM has been created with the key. Sometimes, DKIM TXT records don't display there and you might be able to see that TXT record if you look at the same DNS zone in WHM > "DNS Functions" > "Edit DNS Zone".

If you don't see the TXT record in the DNS for your domain, or if your DNS records are managed on another nameserver - one that cPanel doesn't manage, you can create that TXT record yourself. Just copy the generated key from cPanel > "Email Authentication" and paste it into a newly created TXT record in that domain DNS zone.

If you click "Disable" under the DKIM option in cPanel, it will remove the key and delete the TXT record in the nameserver that cPanel manages.

Also Read

Powered by WHMCompleteSolution