Confusion about DKIM, SPF, DMARC for addon domains and relationship with associated subdomain

carrots

Registered
May 21, 2021
3
0
1
Germany
cPanel Access Level
Website Owner
Hello, I'm using cPanel on a shared hosting server as a website owner.

I want to setup Google MX for mail, in addition to the built in hosting server mail service for an addon domain.
I'm confused about how DKIM, SPF, and DMARC should be setup in the DNS records between the
  • main domain main.com
  • addon domain addon.com
  • associated subdomain addon.com.main.com

What I currently see by default are 3 pairs of identical DKIM TXT and SPF TXT records for the 3
(edit: upon closer look, it seems the DKIM are different for all 3 types of domain)
  • main.com
  • addon.com
  • addon.com.main.com (in the DNS records for main.com)

What I understand is that I will need to add a second separate DKIM TXT record for Google MX in DNS Editor, in addition to the first DKIM record for the hosting server mail service. And the single SPF TXT record could probably be identical for all types of domains.

1a) What I don't understand is, do I need to create 3 identical Google DKIM TXT records for all 3 types of domains?
(edit: probably they don't need to be the same, as I see now that the default DKIM are not the same)

1b) Similarly, does the 2nd DKIM record for the hosting server mail service need to be identical for all 3 types of domains?

1c) Why is there a DKIM and SPF record for the associated subdomain if there is no MX record for it?


2) If 1a/b is false, if I delete all DKIM and SPF records for the associated subdomain, will this break the addon domain?


3a) I've read somewhere that it's safe to delete the A records for
  • addon.com.main.com
  • www . addon.com.main.com
in order to stop the associated subdomain from directing browsers to the root of the addon domain, and stop crawlers from looking. Will deleting these A records break anything?

3b) Similarly, if 3a is false, then which of the other A, SRV, TXT records of the associated subdomain can I safely delete, for example
webmail.addon.com.main.com
whm.addon.com.main.com
cpanel.addon.com.main.com
autodiscover.addon.com.main.com
_caldavs._tcp.addon.com.main.com
etc...
Or will deleting some of these break anything?

Several years ago I was using a hosting service that had cPanel and I encountered the same questions, but then they switched to an inhouse software that didn't create associated subdomains for addon domains. Now I'm migrating to a new hosting service that uses cPanel and I don't remember how I resolved these things....
(edit: I looked at the old hoster and they had a hidden panel where they kept the subdomains, which also had its own DKIM and SPF, but doesn't have all the other subdomain records like whm, cpanel, autodiscover, etc.)

Thanks
 
Last edited:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
6,070
775
313
cPanel Access Level
Root Administrator
Hey there! I think the answer to 1a will answer most of this, but I'll go through things in order to avoid confusion:

Q1a) What I don't understand is, do I need to create 3 identical Google DKIM TXT records for all 3 types of domains?
A: No. DKIM is for the sender, and you're routing your mail delivery to Gmail through the MX records. You don't have to worry about the records on your side since all email will get routed to Gmail. You may still want to leave the default records in place as they are in case you do send any messages from the server-side.

Q 1c) Why is there a DKIM and SPF record for the associated subdomain if there is no MX record for it?
A: Just in case - some people do end up using these.

Q 2) If 1a/b is false, if I delete all DKIM and SPF records for the associated subdomain, will this break the addon domain?
A: Nope - since there is a totally separate DNS zone for the addon domain, these aren't related.

Q3a) I've read somewhere that it's safe to delete the A records for....
A: Feel free to remove those if you aren't using them.