DKIM and SPF
Emails not getting delivered to inbox of yahoo, hotmail and gmail is a common problem that many users face due to different reasons, many times its IP reputation or the email activity on the shared environment. spf and domainkeys can help with this situation to get the emails delivered directly to inbox.
DomainKeys: An email authentication method that attempts to verify that a message actually came from the domain it appears to have come from.
SPF (Sender Policy Framework): A feature that allows a recipient server to verify that an email message has really been sent from the domain specified in the From: field. Enabling SPF can prevent your server from receiving replies to spam that has forged your domain name as part of the sender’s address. SPF only works if both the sending and receiving mail servers have SPF enabled.
Installation:
The following script will allow to enable spf and DKIM for a single cpanel account.
# /usr/local/cpanel/bin/dkim_keys_install <CPANELUSER>
# /usr/local/cpanel/bin/spf_installer <CPANELUSER>
If you want to enable spf and DKIM to all the accounts in the server, you have to run the following script.
===========================================================
for user in `ls -A /var/cpanel/users` ; do
/usr/local/cpanel/bin/dkim_keys_install $user &&
/usr/local/cpanel/bin/spf_installer $user ; done
===========================================================
To set up the server to automatically create an SPF record and DomainKey for new accounts, edit/create /scripts/postwwwacct and paste in the following code:
postwwwacct is a file which execute after wwwacct (used to create account).
===========================================================
#!/usr/bin/perl
my %OPTS = @ARGV;
$ENV{USER} = “$OPTS{‘user’}”;
system q(/usr/local/cpanel/bin/dkim_keys_installer $USER);
system q(/usr/local/cpanel/bin/spf_installer $USER);
============================================================
After that give executable permission to the script.
# chmod 755 /scripts/postwwwacct
Verification:
Give your domain name in the field $domain and issue the following commands.
# dig +short default._domainkey.$domain TXT
The above commmand will show the DKIM result.
# dig +short $domain TXT
The above command will give the spf result.
You can also verify DKIM and SPF by sending mails.
Send an email from the domain to check-auth@verifier.port25.com. You will get an autoresponse back letting you now that everything is working.
You will get summary as like following if everything is working.
===============================
Summary of Results
===============================
SPF check: pass
DomainKeys check: neutral
DKIM check: pass
Sender-ID check: pass
SpamAssassin check: ham
Reference:
http://www.openspf.org/SPF_Record_Syntax
