How to Enable SPF on cPanel for Sender Policy Framework Email Authentication

As you will no doubt know by the amount of spam that arrives in your inbox purporting to be from a large bank or business asking you to confirm your details, email spoofing, pretending that an email came from a different sender, is simple to do and heavily exploited by spammers. By forging these email addresses they attempt to fool people into believing that this email originated from a trusted source, and with no checks carried out on this mail it can be difficult if not impossible to tell the original source.

If your hostĀ supports SPF then this can go a long way towards confirming whether an email is from the domain that it claims to be from. The way that SPF works is by utilising the DNS system to add a list of valid mail servers that are authorised to send mail from your domain. This is achieved by adding an entry as a TXT record containing the SPF information on the web servers that are authorised to send mail for this domain.

To enable SPF for your domain on cPanel hosting you should enter the Email Authentication section. This will give you the option of SPF and simply clicking the enable button will set up a basic SPF record which will pass for any mail sent through your email server specified in your MX record. The advanced settings options are quite self explanatory for this, allowing you to specify additional hosts that you want to be SPF authorised to send mail from, which would add these hosts to the DNS entry.

The biggest flaw of SPF unfortunately like many email authorisation systems is that it relys on servers to be checking for it and for people to set it up. This is fine for servers that you can configure yourself and your own domains, but the system will not be totally effective until it is widely used which at the moment it is unfortunately not.

There are not many ways around SPF protection once enabled, but it is not without minor flaws. If you are on a shared hosting account where you do not have a dedicated IP then other people on the server would be sending mail from the same IP so it would be possible for them to forge your address, though this would be easy to trace as you could contact your web hosting company. Another minor pitfall is if someone sent mail from a previous IP address you had whilst DNS caching was in operation, however this would only be a window of a few hours and they would have to have access to your previous email server IP so this is a minor concern generally.