A common error we are now seeing from Gmail is the following:
550-5.7.26 This mail is unauthenticated, which poses a security risk to the 550-5.7.26 sender and Gmail users, and has been blocked.
The sender Must 550-5.7.26 authenticate with at least one of SPF or DKIM. For this Message, 550-5.7.26 DKIM checks did not pass and SPF check for (DOMAIN.COM)
There are 3 records that assist with Email Deliverability, SPF, DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance).
What is a SPF record?
SPF (Sender Policy Framework) is a way for ISPs (like Gmail, Yahoo, etc) to verify that a mail server is authorized to send email for a domain. It is a whitelist for the services who are allowed to send email on your behalf. Like DKIM, SPF also works via DNS. For instance, if you use a 3rd party service to send marketing email and Gmail to send regular email, you can insert a DNS record that includes both mail servers as trusted sources to send email for your domain.
SPF has become extremely important to verify who can send email on behalf of your domain and directly impacts email delivery. Not only is it needed for email marketing, but it is also needed for things like 3rd party providers who send email on your behalf.
How do you add an SPF record?
Log into cPanel
Navigate to Email Deliverability
Within Email Deliverability, you will see your domain(s) listed, select Manage next to the domain you would like to work with.
It will show you if you have a Valid DKIM and SPR record installed. You can also copy the record to add to the DNS if it is listed as Invalid or if you need to make changes you can copy, then modify and navigate to the Zone Editor to replace the record with the new record you created.
What is DKIM?
DKIM (DomainKeys Identified Mail) is an email security standard that helps detect whether messages are altered in transit between sending and receiving mail servers.
DKIM authentication uses public-key cryptography to sign email with a responsible party’s private key as it leaves a sending server; recipient servers then use a public key published to the DKIM’s domain to verify the source of the message, and that the parts of the message included in the DKIM signature haven’t changed since the message was signed.
Once the signature is verified with the public key by the recipient server, the message passes DKIM and is considered authentic.
What is a DKIM record?
- A DKIM record is a specially formatted DNS TXT record; it stores the public key the receiving mail server will use to verify a message’s signature.
- A DKIM record is formed by a name, version, key type, and the public key itself, and can be added within your cPanel control Panel.
Why is DKIM Important?
1. It confirms your legitimacy as a sender. While DKIM isn’t required everywhere yet,there are some providers requiring a DKIM record. Also having emails that are signed with DKIM appear more legitimate to your recipients and are less likely to end up in the junk or spam folders.
DKIM is compatible with existing email infrastructure and works with SPF and DMARC to create multiple layers of security for domains sending emails. Mail servers that don’t support DKIM signatures are still able to receive signed messages without any problems. It’s an optional security protocol that is growing in popularity to be required by major providers like Yahoo, Gmail, AOL etc…
2. It helps build your long-term reputation. An additional benefit of DKIM is that it is used to build a domain reputation over time. As you send email and improve your delivery practices (low spam and bounces, high engagement), you help your domain build a good sending reputation with Internet Service Providers, which improves email deliverability.
While it’s important to understand what DKIM does, it’s also important to be clear about what it doesn’t solve. Using DKIM will make sure your message hasn’t been altered, but it doesn’t encrypt the contents of your message.
What is DMARC?
DMARC (Domain-based Message Authentication, Reporting & Conformance) is a standard that prevents spammers from using your domain to send email without your permission — also known as spoofing. Spammers can forge the “From” address on messages so the spam appears to come from a user in your domain.
How do I set up a DMARC Record in cPanel?
Log in to cPanel.
Click on the Zone Editor option.
Click Manage next to the domain name you want to add the record for.
Click the drop-down arrow next to the blue Add Record button, and select Add “DMARC” Record.
Select a policy type to generate a record for.
You may click Optional Parameters to further specify how your policy works. If you’re unsure how to use these, you can simply leave them at their default values.
Input the DMARC record into the Record/Text field.
Click Add Record.
Allow for 2-8 hours to pass, while the change propagates.
Put simply, SPF, DKIM and DMARC are ways to authenticate your mail server and to prove to Internet Service Providers, mail services and other receiving mail servers that senders are truly authorized to send email. These records help to ensure your mail is continuously delivered without interruption and are strongly recommended. If you are not already using a cPanel account, please let us know and we can migrate your account for FREE to an updated cPanel server at no cost.