DMARC and server migration...

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
Hey all,

I'm moving my clients from a shared server to a new cloud server. Mainly to avoid all the email issues (blacklisting) associated with a shared server!

I have DMARC records installed for all of my clients...

Do these records need to be modified before or after the move? I am unsure if these records are server sensitive, or not.

I suppose the same question will apply to the DKIM and SPF records as well as any other email records involved.

Thanks in advance!

@cPRex
 

andrew.n

Well-Known Member
Jun 9, 2020
461
120
43
EU
cPanel Access Level
Root Administrator
The question is do you host those domain names on the server? i.e are they using the nameservers of the server?
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
545
161
343
cPanel Access Level
DataCenter Provider
The short answer is DMARC records no, SPF yes.

DMARC records are just a feeedback loop. It tells MTA's (that have implemented DMARC) where to send reports to. There is nothing in that record that is server specific. Here is a spec of what a DMARC record looks like: What is a DMARC Record? - What does it look like? - MxToolbox

SPF records, on the other hand (the way cPanel sets them up) have IP addresses in them. They tell other MTA's where you mail 'should' come from. If you can use the WHM transfer facility (which I doubt you can) it would adjust the SPF records. If not (and as @andrew.n said) you'll have to adjust SPF record (if you manage DNS) post migration.

Depending on how you can migrate, you'll want to review each DNS zone post migration. There are search/replace browser plugins that we use to make quick work of those kind of changes. You just plug in the old/new IP and then let it search/replace on the Zone Edit page. It's a bit more tedious on the "new and improved" (not IMHO) DNS editor as you have to do it record by record.
 

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
The short answer is DMARC records no, SPF yes.

DMARC records are just a feeedback loop. It tells MTA's (that have implemented DMARC) where to send reports to. There is nothing in that record that is server specific. Here is a spec of what a DMARC record looks like: What is a DMARC Record? - What does it look like? - MxToolbox

SPF records, on the other hand (the way cPanel sets them up) have IP addresses in them. They tell other MTA's where you mail 'should' come from. If you can use the WHM transfer facility (which I doubt you can) it would adjust the SPF records. If not (and as @andrew.n said) you'll have to adjust SPF record (if you manage DNS) post migration.

Depending on how you can migrate, you'll want to review each DNS zone post migration. There are search/replace browser plugins that we use to make quick work of those kind of changes. You just plug in the old/new IP and then let it search/replace on the Zone Edit page. It's a bit more tedious on the "new and improved" (not IMHO) DNS editor as you have to do it record by record.
Thanks for typing all that out for me. I appreciate it!

The same hosting company that is hosting my shared server account, is also hosting my new cloud account. They will be doing the migration for me this weekend.

I asked them the same question, and the answer was...

When performing a migration of the data cPanel should attempt to update the SPF and DKIM records with the IP address of the new server.

So I guess we are good then?

Would there be anything else I need to be aware of, as far as email goes, due to the migration? Thanks for all of your help!
 

ffeingol

Well-Known Member
PartnerNOC
Nov 9, 2001
545
161
343
cPanel Access Level
DataCenter Provider
You "should" be fine. The WHM transfer system is very good and moving things, updating the DNS etc.

The only suggestion I'd have is preparation. Depending on what you have your TTL set to (the time that DNS is cached) I'd lower it. The default on cPanel is 14400 (seconds) which is 4 hours. That means the sites will appear to be down for 4 hours while DNS is cached. I'd suggest lowering it to something like 1200 (20 minutes) to speed that up.
 
  • Like
Reactions: rivermobster

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
You "should" be fine. The WHM transfer system is very good and moving things, updating the DNS etc.

The only suggestion I'd have is preparation. Depending on what you have your TTL set to (the time that DNS is cached) I'd lower it. The default on cPanel is 14400 (seconds) which is 4 hours. That means the sites will appear to be down for 4 hours while DNS is cached. I'd suggest lowering it to something like 1200 (20 minutes) to speed that up.
Thank you. I'm pretty sure I have access to that in my WHM reseller account. I'll check into that in a bit and report back. :thumbsup:
 
  • Like
Reactions: cPRex

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
@ffeingol

After thinking about it, I wasn't sure if you meant the source or destination server, so I changed the TTL on both servers to 1200. It was set to 3600 on both of them before I changed it.

Thanks for the tip! :thumbsup"
 

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
Update:

So now I'm on a blocked list with Hotmail. I don't seem to be on an blacklists as far as i can tell, so I have a support ticket opened with them.

What I found was....

The SFP records did NOT update correctly! They had not only the IP address from the old shared server still there, some accounts had a third IP address from a shared sever WAY back in the day! I had to update them all myself. Not exactly thrilled about that.

There are also other records in the zone manager that still point to the old shared sever address. I'm not really thrilled about that either.

Meanwhile...

I noticed the reverse PTR record, in every account point to my main server, not the individual cPanel account. Is this normal, or not?

Thanks for the help!
 

andrew.n

Well-Known Member
Jun 9, 2020
461
120
43
EU
cPanel Access Level
Root Administrator
erm...the PTR record i.e the rDNS record is being set on the IP itself so all accounts using the same IP is using the same PTR which is usually being set to the server hostname.

How have you done the migration? Did you disable express transfer?
 

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
erm...the PTR record i.e the rDNS record is being set on the IP itself so all accounts using the same IP is using the same PTR which is usually being set to the server hostname.

How have you done the migration? Did you disable express transfer?
I had my hosting company do the migration for me. You know, to avoid any issues? :rolleyes:
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
3,236
402
243
cPanel Access Level
Root Administrator
I transferred an account with a valid SPF record to a new machine and found that it set up the record like this:

Code:
v=spf1 ip4:NEW.SERVER.IP ip4:OLD.SERVER.IP +a +mx ~all
I believe we do this on purpose just in case email is still routed to the old machine, and that wouldn't cause any mail delivery issues as both IPs are included.
 
  • Like
Reactions: rivermobster

rivermobster

Well-Known Member
Dec 16, 2020
94
19
8
SoCal
cPanel Access Level
Root Administrator
I transferred an account with a valid SPF record to a new machine and found that it set up the record like this:

Code:
v=spf1 ip4:NEW.SERVER.IP ip4:OLD.SERVER.IP +a +mx ~all
I believe we do this on purpose just in case email is still routed to the old machine, and that wouldn't cause any mail delivery issues as both IPs are included.
Yeah, that's very similar to how the SPF records looked before I had cPanel set them to the current default. Except, some accounts had three different IP addresses! All are cleaned up at this point.
 
  • Like
Reactions: cPRex