How to install DomainKeys and SPF Records

Pay for an account and support us

In this tutorial I will show you how to DomainKeys and SPF Records.

DomainKeys (DKIM) and SPF records are becoming a common, and annoying, demand among email providers, mainly Yahoo and Hotmail. In short, both are methods of email authentication designed to verify email integrity, by linking a sender to a specific or hostname. In other words, DomainKeys and SPF records specify what servers can send email on behalf of a name.

You’ll want DomainKeys and SPF records if your users have trouble sending email to certain providers, or they are having issues with spoofed (forged) email. currently allows two easy ways for you or your users to set up email verification. This is supported at least from cPanel 11.18 onward.


You can enable the “Email Authentication” feature in ~> Feature Manager, which will enable the Email Authentication icon in the users’ cPanels where they can create DomainKeys and SPF records for their domain(s).


There are scripts in /usr/local/cpanel/bin that can install these on a per-user basis:

/usr/local/cpanel/bin/domain_keys_installer $user
/usr/local/cpanel/bin/spf_installer $user

(and corresponding scripts to remove, like spf_uninstaller and domain_keys_uninstaller)

If you want to hit up everyone on the server, you can run my for loop one-liner:

for user in `ls -A /var/cpanel/users` 
do /usr/local/cpanel/bin/domain_keys_installer $user 
/usr/local/cpanel/bin/spf_installer $user 

Now what about new users? cPanel already though of that, and has options to create hooks for when after an is created. To set up the server to automatically create an SPF record and DomainKey for new accounts, edit /scripts/postwwwacct and paste in the following code:


my %OPTS = @ARGV;
$ENV{USER} = “$OPTS{‘user’}”;
system q(/usr/local/cpanel/bin/domain_keys_installer $USER);
system q(/usr/local/cpanel/bin/spf_installer $USER);

To verify an SPF record and/or DomainKey, you can run a DNS check:

dig default._domainkey.$domain TXT
dig $domain TXT

A technical note about DKIM:

You might know that DKIM is actually a generated key pair, similar to an or SSL Certificate’s RSA key. CPanel stores these files in /var/cpanel/domain_keys, where the public folder contains the key reflected in the DNS zone, and the private folder contains the private key. You may have users that actually authenticate via DKIM in their mail clients, in which case you may need to provide them with the private key in order for them to sent email.

Pay for an account and support usPay for an account and support us

Leave a Reply

Your email address will not be published. Required fields are marked *