Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

Learning better SPF protection schemes

Discussion in 'E-mail Discussion' started by easyprosys, May 12, 2019.

  1. Server Pros

    Server Pros Active Member

    Nov 27, 2015
    Likes Received:
    Trophy Points:
    Los Angeles, CA
    cPanel Access Level:
    Root Administrator
    I have been experimenting with SPF records to improve SPAM protection. I'm having a specific problem with emails that I have sent to a large system when a couple of months later after sending to them I get a message back through cPanel with a Norton removal notice, using the recipients REPLY-TO address as the sender (an easy hack, I know after 20 years), mumbo jumbo as part of the message and clearly a template containing {FRIEND:FORM} FRIEND:EMAIL} etc. The larger company swears that their system is correct but when I run a mail test and general DNS test I get a 100%. I pass an EICAR Anti-Virus test.

    My SPF records are the default for my server are clear:

    v=spf1 +a +mx +ip4:{my server IP} ~all

    I have a default DKIM record.

    But the other side is way more than I know. 21599 IN TXT "v=spf1 ~all"

    I'm like, what????

    So the question is, 1) Do I need to improve since I'm clearly getting mail harvested on one end or the other and sent back to me, and 2) what should my SPF/DKIM records be changed to. I use the defaults.

    Thanks in advance. I'm coming from PLesk v8.x through 17.5.x and stuff has changed
    #1 Server Pros, May 12, 2019
    Last edited by a moderator: May 12, 2019
  2. cPanelMichael

    cPanelMichael Technical Support Community Manager Staff Member

    Apr 11, 2011
    Likes Received:
    Trophy Points:
    cPanel Access Level:
    Root Administrator
    Hello @easyprosys,

    Setting up a SPF records for your domains ensures that remote mail servers can use SPF verification as a means of ensuring emails from your domains are coming from a trusted sender.

    SPF verification for incoming email (e.g. emails sent from remote servers to your cPanel & WHM server) is handled through the SpamAssassin. If SpamAssassin is enabled for your cPanel accounts and is not aggressive enough to detect a spoofed email, consider enabling features such as DKIM checking and Greylisting for additional protection. For DKIM verification, the following options are available under the ACL Options tab in WHM >> Exim Configuration Manager >> Basic Editor:

    Allow DKIM verification for incoming messages
    Reject DKIM failures

    Greylisting is enabled through WHM >> Mail >> Greylisting.

    Let me know if you have any questions.

    Thank you.
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice