Ensuring reliable email delivery is fundamental for any online business or personal website. When emails land in spam folders or fail to arrive altogether, it can disrupt communication and damage credibility. Often, the root cause lies in improperly configured DNS (Domain Name System) records for your domain.

If you manage your server or reseller hosting account through WHM (Web Host Manager), you have powerful tools at your disposal to configure these critical settings. This guide will walk you through the essential steps to set up MX, SPF, and DKIM records within WHM, significantly improving your email deliverability and protecting your domain's reputation.

At ENGINYRING, we provide robust hosting platforms like Virtual Private Servers (VPS) where effective server management, including DNS configuration, is key. Understanding these settings empowers you to maintain healthy email communication.

Prerequisites

Before you begin, please ensure you have the following:

  • WHM Access: You need root or reseller-level access to your WHM panel.
  • Domain Setup: The domain you want to configure email for should already be added as an account within WHM/cPanel.
  • Email Hosting Plan: You need to know where the email for this domain will be handled – on the local server itself or through an external provider (like Google Workspace, Microsoft 365, etc.).

Understanding the Key Email DNS Records

DNS acts like the internet's phonebook, directing traffic. For email, three record types are particularly crucial:

  • MX (Mail Exchanger): Tells sending email servers where to deliver email destined for your domain (e.g., `yourname@yourdomain.com`). It points to your mail server(s).
  • SPF (Sender Policy Framework): A TXT record that specifies which mail servers are authorized to send emails *on behalf of* your domain. This helps prevent others from spoofing your email address and protects your domain's reputation.
  • DKIM (DomainKeys Identified Mail): Another TXT record that adds a digital signature to outgoing emails. Receiving servers can verify this signature using a public key published in your DNS, confirming the email hasn't been tampered with and genuinely originated from your authorized servers.

Correctly setting up all three is vital for proving legitimacy and avoiding the spam filter.

Step 1: Accessing the DNS Zone Editor in WHM

All these records are managed within the DNS zone for your specific domain.

  1. Log in to your WHM panel.
  2. In the search bar on the left (or by navigating the menu), find the "DNS Functions" section.
  3. Click on "Edit DNS Zone".
  4. You will see a list of domains hosted on your server. Select the domain you wish to configure and click the "Edit" button next to it.

You are now in the DNS zone editor for that domain, where you can view, add, edit, and delete records.

Step 2: Configuring MX Records

The MX record directs incoming mail. Your configuration depends on where your email is hosted.

Scenario A: Email Hosted on the Local Server (Managed via WHM/cPanel)

If you plan to use the server where WHM is installed to handle emails for this domain (e.g., using webmail provided by cPanel), the configuration is usually straightforward:

  1. In the "Edit DNS Zone" screen, look for existing MX records. WHM typically creates a default one when an account is set up.
  2. You should see an MX record with:
    • Name: yourdomain.com. (Note the trailing dot)
    • TTL: Usually 14400 or similar (Time To Live in seconds)
    • Type: MX
    • Priority: 0 (Zero - highest priority)
    • Destination/Value: yourdomain.com. (Pointing back to the domain itself, indicating local delivery)
    Use yourdomain.com. format for the domain name.
  3. If this record exists and Priority is 0, you are likely set for local delivery.
  4. If it's missing: Scroll down to the "Add New Entries Below this Line" section. Enter the details exactly as above (using your actual domain name with a trailing dot). Select "MX" from the type dropdown and click "Save".

Scenario B: Email Hosted by an External Provider (Google Workspace, Microsoft 365, etc.)

If you use a third-party service for email, you must use the MX records they provide.

  1. Delete Existing Local MX Records: First, locate any existing MX records in the zone editor (like the Priority 0 record mentioned above) and delete them. There should be a "Delete" option next to each record. Do not skip this step! Having conflicting MX records will cause delivery problems.
  2. Add External MX Records: Refer to the documentation provided by your email host (Google, Microsoft, Zoho, etc.). They will give you a list of MX records, each with a specific Destination (server name) and Priority number.
    • Go to the "Add New Entries Below this Line" section in the WHM DNS editor.
    • For each record provided by your host:
      • Leave the first field blank (or enter yourdomain.com. - WHM usually handles this correctly if blank).
      • Enter the TTL (usually 3600 for external services, but follow your provider's recommendation).
      • Select "MX" as the Type.
      • Enter the numerical Priority provided (e.g., 1, 5, 10).
      • Enter the exact Destination server name provided (e.g., aspmx.l.google.com. - **ensure you include the trailing dot!**).
    • Add all the MX records specified by your provider. There will likely be multiple records with different priorities.
    • Click "Save" at the bottom of the page.

Crucially: Always use the exact MX record values provided by your external email host.

Step 3: Configuring the SPF Record

The SPF record authorizes sending servers, preventing others from forging emails from your domain.

  1. Go back to the "Edit DNS Zone" screen for your domain in WHM.
  2. Look for an existing TXT record that starts with v=spf1. WHM/cPanel often creates a default one.
  3. Understanding SPF Syntax: An SPF record is a single string of text with specific mechanisms and qualifiers:
    • v=spf1: Indicates the start of an SPF record.
    • Mechanisms: Define authorized senders (e.g., ip4:SERVER_IP authorizes a specific IPv4 address, a authorizes the domain's A record IP, mx authorizes servers listed in MX records, include:otherdomain.com includes SPF rules from another domain).
    • Qualifiers: Precede mechanisms (default is + for Pass). ~all means "Soft Fail" (mark suspicious but accept), while -all means "Hard Fail" (reject unauthorized mail). -all is generally recommended for stronger anti-spoofing.
  4. Editing/Adding the Record:
    • If a default SPF record exists: Edit it to ensure it accurately reflects *all* services/servers authorized to send email for your domain. A typical record for a server sending its own mail might look like: yourdomain.com. 14400 IN TXT "v=spf1 ip4:YOUR_SERVER_IP a mx ~all" Replace YOUR_SERVER_IP with your server's main outgoing IP address. Change ~all to -all for stricter enforcement if confident. If using external services (like SendGrid, Mailgun), you'll need to add their specific include: mechanisms.
    • If no SPF record exists: Scroll to "Add New Entries". Enter yourdomain.com. in the first field, set TTL (e.g., 14400 or 3600), select "TXT" as Type, and paste your complete SPF string (enclosed in quotes) into the text field. Example: "v=spf1 ip4:YOUR_SERVER_IP a mx -all".
  5. Important: You must have only ONE SPF record per domain. Multiple SPF records are invalid. Combine all required mechanisms into a single record.
  6. Click "Save".

Step 4: Configuring DKIM Records

DKIM adds a digital signature to verify email integrity and authenticity.

Using WHM's Email Deliverability Tool (Recommended)

WHM provides a convenient tool to manage DKIM (and SPF) for domains hosted locally.

  1. In WHM, navigate to the "Email" section.
  2. Click on "Email Deliverability".
  3. Find the domain you are working on in the list. It might take a moment for WHM to check the status.
  4. The status for SPF and DKIM will be displayed. If DKIM is not installed or has issues, you will likely see a warning or an option to manage it.
  5. Click the "Manage" button next to the domain name.
  6. On the management page, WHM will typically show the suggested DKIM record. It usually uses a selector named default. The record will be a TXT type with a name like default._domainkey.yourdomain.com. and a value containing the public key (starting with v=DKIM1; k=rsa; p=...).
  7. WHM usually provides an "Install the Suggested Record" button or similar. Clicking this will automatically:
    • Generate the private/public key pair if needed.
    • Add the correct DKIM TXT record to your domain's DNS zone.
  8. This is the easiest and most reliable way to set up DKIM for emails sent directly from your WHM/cPanel server.

Manual DKIM Setup (For External Providers)

If your email is sent through an external provider that handles DKIM signing (like Google Workspace, Microsoft 365, SendGrid), they will provide you with the specific DKIM record(s) to add to your DNS. This usually involves:

  1. Getting the specific selector name (e.g., google, selector1) and the public key value from your provider.
  2. Going back to the "Edit DNS Zone" screen in WHM for your domain.
  3. Adding a new TXT record:
    • Name: selector._domainkey.yourdomain.com. (Replace `selector` with the one provided, and use your actual domain. Don't forget the trailing dot).
    • TTL: Follow provider's recommendation (often 3600).
    • Type: TXT
    • Value/Text: Paste the entire DKIM record value provided by your host (e.g., "v=DKIM1; k=rsa; p=LONG_PUBLIC_KEY_STRING...").
  4. Click "Save".

Step 5: Verification and Propagation

After saving your changes, remember that DNS updates aren't instantaneous. It can take anywhere from a few minutes to 24-48 hours for changes to fully propagate across the internet, although often it's much faster.

  • Wait: Allow some time (at least 30-60 minutes) for propagation to begin.
  • Verify Externally: Use online DNS checking tools (search for "MX checker", "SPF checker", "DKIM checker") to look up your domain and see if the new records are visible publicly. Tools like MXToolbox are popular for this.
  • Send Test Emails: The best verification is practical testing. Send emails from your domain to external accounts (like Gmail, Outlook) and check the email headers ("Show original" in Gmail). Look for `spf=pass` and `dkim=pass` entries. You can also use dedicated email testing services (like mail-tester.com) which analyze your configuration and provide a score.

Conclusion: Taking Control of Email Delivery

Properly configuring MX, SPF, and DKIM records is no longer optional for reliable email communication. These DNS records are essential for directing your mail correctly, authenticating your sending servers, protecting your domain from spoofing, and significantly increasing the chances of your emails reaching the inbox instead of the spam folder.

WHM provides accessible tools, especially the "Edit DNS Zone" and "Email Deliverability" features, to manage these critical settings effectively. By following the steps outlined in this guide, you can take control of your domain's email configuration and build a foundation for trustworthy communication.

If you encounter persistent issues or are managing complex email setups, don't hesitate to consult official documentation or seek expert assistance. For questions related to your ENGINYRING hosting environment or server management needs, our team is here to help. Please contact us for support.