Email authentication is the cornerstone of reliable email delivery. Without proper SPF, DKIM, and DMARC records, your emails risk being flagged as spam or rejected entirely by recipient mail servers. This guide walks you through setting up all three authentication methods for your SakuraHost domain.
Understanding Email Authentication
Email authentication works through DNS records that verify your emails are genuinely sent from your domain. Think of these records as digital signatures that prove your identity to receiving mail servers worldwide.
- SPF (Sender Policy Framework): Specifies which mail servers are authorized to send email on behalf of your domain
- DKIM (DomainKeys Identified Mail): Adds a cryptographic signature to each email, proving it has not been altered in transit
- DMARC (Domain-based Message Authentication, Reporting, and Conformance): Tells receiving servers what to do when SPF or DKIM checks fail, and provides reporting
Setting Up SPF Records
What is SPF?
SPF is a TXT record in your DNS that lists the IP addresses and servers permitted to send email for your domain. When a mail server receives an email claiming to be from your domain, it checks the SPF record to verify the sender is authorized. For complete documentation, visit the SPF Record Syntax reference.
Creating Your SPF Record
Step 2: Navigate to Domains > Zone Editor.
Step 3: Click Manage next to your domain.
Step 4: Click + Add Record and select TXT.
Step 5: Set the Name to your domain (e.g., yourdomain.co.tz) and enter the following value:
For standard SakuraHost hosting with no external email services, use:
Setting Up DKIM Records
What is DKIM?
DKIM uses public-key cryptography to sign outgoing emails. The private key stays on your mail server, while the public key is published in your DNS. Receiving servers use the public key to verify the signature and confirm the email's integrity.
Enabling DKIM in cPanel
Step 2: Click on Email Deliverability.
Step 3: You will see your domain listed with its current DKIM status. If DKIM shows issues, click Manage.
Step 4: cPanel will display the suggested DKIM record. Click Install the Suggested Record to automatically add the DNS entry.
Step 5: If automatic installation is not available, copy the DKIM record value and add it manually via Zone Editor as a TXT record with the name
default._domainkey.yourdomain.co.tz.
A typical DKIM record looks like this:
Setting Up DMARC Records
What is DMARC?
DMARC builds on SPF and DKIM by defining a policy for how receiving servers should handle emails that fail authentication checks. It also enables reporting so you can monitor authentication results. Full specifications are available at DMARC.org.
Creating Your DMARC Record
Step 2: Add a new TXT record.
Step 3: Set the Name to
_dmarc.yourdomain.co.tz.Step 4: For a starting policy, use the following value:
Start with p=none to monitor results without affecting delivery. After reviewing reports for 2-4 weeks, gradually tighten the policy:
p=none- Monitor only, no action taken on failuresp=quarantine- Failed emails are sent to the spam folderp=reject- Failed emails are completely rejected (strongest protection)
Verifying Your Configuration
After setting up all three records, verify them using these free tools:
- MXToolbox SuperTool - Comprehensive DNS and email diagnostics
- MXToolbox DMARC Checker - Validate your DMARC record
- cPanel's built-in Email Deliverability tool - Shows the status of all three records