Before relaying messages through the MailChannels Outbound filter, SMTP Authentication but be configured to allow a MailChannels owned IP to deliver messages on behalf of your domains(s).
Accurate Sender Policy Framework(SPF) records must be configured in your DNS zone settings to ensure that Internet receivers will properly identify and receive your email messages.
Using WHM/cPanel? Skip the manual setup and let our plugin do this automatically. Try our MailChannels cPanel plugin!
SMTP Authentication
DNS TXT Record(s)
The following records are needed for SPF to work correctly. Replace example.com with your own domain name:
Location |
Type |
Value |
example.com |
TXT |
v=spf1 a mx include:relay.mailchannels.net ~all |
_mailchannels.example.com |
TXT | v=mc1 auth=<account-id> |
If you already have an SPF record, simply add include:relay.mailchannels.net to this entry. Make sure to add it BEFORE the “all” mechanism as “all” always matches and typically goes at the end of the SPF record.
WARNING |
Including MailChannels SPF records without the `_mailchannels` subdomain record could make it easier for other users of the MailChannels platform to impersonate mail from your domain. See Domain Lockdown for more details. If domain lockdown can't be configured, the MailChannels SPF records can be included with a '?', for example 'v=spf1 a mx ?include:relay.mailchannels.net ~all'. In this case, messages from MailChannels will receive a 'neutral' SPF result, which may be accepted by hosts that reject on SPF failure, but it will not affect DMARC results (they will depend on DKIM only). |
Note: DKIM keys can be correctly added for Cpanel using our Cpanel - DKIM Configuration Guide.
Non-plugin cPanel Users
Reference:
cd /var/cpanel/users
for i in `ls /var/cpanel/users` ;do /usr/local/cpanel/bin/spf_installer $i ;done
Note: Please test this thoroughly before implementing this on production servers
Next Step: Configure your mail server
Do you know how to "mass add" these records to existing domains? I'm running cPanel, but that shouldn't make much difference. All the domains already have their own SPF records.
I am having the same question as "WebHostingZone"
Messages that are signed via DKIM, and that get passed through your relay servers are getting munged. Making the digitally signed messages (and headers) appear as tampered with or spoofed.
Why not use the stricter -all rather than ?all. I like to use -all so that mail servers paying attention to spf will not accept spam from compromised machines forging my addresses.
And is there a WHM or cPanel plugin that automates this task every time a cPanel account is created or a new domain is added?