If you, like me, suffer(ed) from a lot of soft-bounced emails because your server was misconfigured, then this guide is perfect for you! If you run a dedicated server with WHM/Cpanel and cannot get mass mails to deliver, try this guide.

In part one you will learn how to install SPF to all of your domains, and in part two you will learn how to install DK (DomainKeys) to all of your domains.

What is SPF?
Sender Policy Framework (SPF) is an attempt to control forged e-mail. SPF is not directly about stopping spam – junk email. It is about giving domain owners a way to say which mail sources are legitimate for their domain and which ones aren’t. While not all spam is forged, virtually all forgeries are spam. SPF was created in 2003 to help close loopholes in email delivery systems that allow spammers to “spoof” or steal your email address to send hundreds, thousands or even millions of emails illicitly.
More information about SPF can be found at http://www.openspf.org/Project_Overview

Why do I want to have SPF records for my domains?
Many mail servers are now testing for the presence of SPF records so if you don’t have one your email will probably not be delivered to that server. A good example is Hotmail — testing for SPF records since 2004.

What syntax should I use?
Now that you have learned what it is and why you should use it, it’s time to see what syntax you should use.
For SPF to work you have to add to each DNS zone a record similar to this:

domain.com. 14400 IN TXT “v=spf1 a mx -all”

Let’s try to explain the syntax:
We are telling the world that:

• v=spf1 - we are using spf version 1 (the only version really)
• for domain “domain.com” the fallowing IP’s are allowed to send email: the A record IP and the MX record IP’s.
• “-all” - no other IP’s are allowed to send emails

You can read all the options that you have by visiting: http://www.openspf.org/SPF_Record_Syntax

How to install SPF records?

Now that we know what they are and how to write them it’s time to install them.
I’ll divide my presentation in two sections.
In the first one I will teach you how to add a SPF record automatically to newly created accounts and in the second section how to add them to domains that are already setup and don’t have them.

If this is a new cPanel server or you want all the domains that you add on the server from now on to have a SPF record you have to do the following:

1. Login to WHM using root
2. Click on Edit Zone Templates and then on “standard”
3. Add at the end of file:

%domain%. IN TXT “v=spf1 a mx -all”

You can replace “v=spf1 a mx -all” with the syntax that you decide it’s the best for you.

For example, if you have one IP address, try this: v=spf1 a mx ip4:xxx.xxx.xxx.xx ~all
where XXX.XXX.XXX.XXX is your IP address.

1. Repeat step 2 and 3 for the “simple” zone template

That’s it ! From now on all the accounts that you will create on the server will have a SPF record.

Now what do we do with all the accounts that are already created and don’t have a SPF record?
One option would be to edit manually all the zone files on the server and to add the TXT record. This is an easy solution if you have 10 accounts but what do you do if you have 1000 or 10.000 (on multiple servers) ?
I have the solution for you !
cPanel has built a script to install a SPF record for a given cPanel user. The script is located at: /usr/local/cpanel/bin/spf_installer

For single user only:

Run the following

/usr/local/cpanel/bin/spf_installer USERNAME

Where USERNAME is the cPanel username.

Now check to see if the zone file has a SPF record.

If everything looks good and the zone has the right format, we can now add a SPF to all the domains on the server.
Want to do this for all of your current users?

Run as root the fallowing:

for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done

Wait for it to finish. (it might take a few minutes!).

That’s about it. Hope it helps a lot a people!

UPDATE: It seems that within the last month, Cpanel has added a GUI to activate SPF and DK on a per-user basis. In Cpanel, go to the email authentication page, and that should accomplish the same as this guide.