Archives

How to add DKIM and SPF records for your domain from cPanel

DKIM and SPF are two mechanism that allow you to prevent SPAM email messages. Also, they will improve your email delivery rates. You can easily enable them in cPanel.

DKIM is a means of verifying incoming email. It ensures that incoming messages are unmodified and are from the sender from whom they claim to be. This feature works to prevent incoming spam messages.

 

The SPF system allows you to specify servers and IP addresses that are authorized to send mail from your domain(s). This feature works to prevent outgoing spam messages.

 

cPanel DKIM SPF cPanel DKIM SPF

To enable DKIM and/or SPF in cPanel:

  1. Go to yourdomain.com/cpanel and log in
  2. Navigate to EMAIL section, look for Authentication option
  3. On the DKIM section click the Enable button. You will see a confirmation: DKIM has been enabled.
    The DKIM record will look like:

    default._domainkey IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtNG7H+7jKR5uZT/RD7nGbVQk9Pv7PrP279MQ7rEAhq0CRUiXTBh7LSfkeLoEHwjSiFrs0hVXR4sDD7iiDn08BTNfSvH2GaS0Vnz83qeJAAf3nkB1KjrIwqYOD1+Wl+GtDdzCx6/1OFcckRQsN8I3N+hH41sbf5ouVf3O9IANvSpzq6IWWvDqpmncIwebJkt8r" agdAyTNRjpcNHJjlIc9pAMnNz1lMoaaf61kRt3quxkdbnYwVxtvprkWdbyjMJ+zJ7lpwOCBYBAW9HVoM3S5/vUWUA0RB6o3V96qs4edRh7spuMi/aLvygKs7Agsbz5LPajybl5gqqhUYumUnyMOcwIDAQAB\;
  4. Click the Go Back button
  5. On the SPF section click the Enable button. You will see a confirmation like: SPF has been enabled. Your raw SPF record is: v=spf1 +a +mx +ip4:192.255.1.1 ~all
  6. Click the Go Back button
  7.  You can also change other advanced settings. Modify them only as you know what are you doing. Otherwise, don’t modify these settings or ask your host about them.
  8. This is all. You have configured DKIM and SPF for your domain.

You can check the DNS entries which has been added in cPanel->DOMAINS section->Zone Editor.

The video tutorial for this knowledge base post:

Related KB post:
Add a DMARC record to your domain in cPanel

How to enable gzip compression (Apache mod_deflate) in cPanel

To speed up loading times for your site and to save bandwidth, you can enable gzip compression. This means that content of your site will be served by the Apache Web Server in a compressed form.

Please notice that the Apache mod_deflate module must be installed on the server. Contact your host if you are unsure.

cPanel Optimize Website cPanel Optimize Website

To enable the gzip compression for your site, follow the steps:

  1. Go to yourdomain.com/cpanel and log in
  2. Look for Optimize Website entry (SOFTWARE cPanel section)
  3. Here you have 3 options:
    Disabled – which will disable the compression
    Compress All Content – with this option all content will be compressed
    Compress the specified MIME types – here, you will be able to input only certain MIME file types.
  4. So, choose the second option and click the Update Settings button. A confirmation message will appear: Website optimization preferences updated. Content compression is now enabled. Content compression is now enabled for all content.
  5. Your site is using now the gzip compression.
You can test if the gzip compression is working on your site at http://www.gziptest.com/ .

And the video tutorial:

 

Resources:
Apache Module mod_deflate

Add an email account in Windows Mail

Windows Mail/Mail is the default email client that comes with Windows 7/8/10. Here we will show you how to add an email account to it.

Windows Mail Windows Mail

How to add an email account to Mail :

1. Start the Mail program.
2. Click the Accounts button from the left menu, then click the +Add account button
windows mail 2

3. In the next window, chose the account type you want to add – in our case we will select Other account (POP3, IMAP)
windows mail 3

4. The Add an account window will open. Here, enter your email address, your name(as you want your receivers to see) and the password. Click Sign in button. You will get a message: All done! Your account was set up successfully! Click the Done button to close the window.
windows mail 4

5. Now, everything is set up. You can use the Mail software to send and receive email messages.
windows mail 5

If you prefer, check the video tutorial here:

Add a DMARC record to your domain in cPanel

What is DMARC?

According to dmarc.org :

DMARC, which stands for “Domain-based Message Authentication, Reporting & Conformance”, is an email authentication, policy, and reporting protocol. It builds on the widely deployed SPF and DKIM protocols, adding linkage to the author (“From:”) domain name, published policies for recipient handling of authentication failures, and reporting from receivers to senders, to improve and monitor protection of the domain from fraudulent email.

DMARC is a policy with which the sender indicates the message is protected by DKIM and /or SPF. It also tells the receiver what to do with the message if DKIM/SPF authentication fails.

Please check the DMARC resources (from the end of this article) before creating a DMARC record. You can use an online tool to create a DMARC record. Check the DMARC Tools page.

To set a DMARC record for your domain:

  1. Log into cPanel
  2. Navigate to Zone Editor (DOMAINS section)
  3. On the row with the desired domain, click the Manage link
  4. Click the down arrow   from the right of the Add Record button.
  5. Select Add DMARC Record from the drop-down list
  6. Modify any DMARC settings (see below) and click the Add Record button
cPanel DMARC
cPanel DMARC

 

DMARC Settings

Policy Action
None No action is taken; you can use this setting to monitor DMARC
Quarantine Messages will be marked as spam
Reject Messages will be rejected

 

Parameter Settings
Subdomain Policy Action for subdomain policy. Same options as for the main domain policy.
DKIM Mode Relaxed – the system allows some messages from domains that it doesn’t recognize.
Strict – the system will reject all messages from domains that it doesn’t recognize.
SPF Mode Relaxed – the system allows some messages from senders that it doesn’t recognize.
Strict – the system will reject all messages from senders that it doesn’t recognize.
Percentage Default value is 100. It represents the percentage of the email messages you want the system to filter.
Generate Failure Reports When All Checks Fail – report will be send if all checks fail
Any Checks Fail – report will be send if any checks fail
Report Format AFRF – Authentication Failure Reporting Format
IODEF – Incident Object Description Exchange Format
Report Interval The time in seconds between each aggregate email message report. The default value is 86400 (24 hours).

The video tutorial for setting a DMARC record:

 

If you’ve added a valid email for the Send Aggregate Mail Reports To, you will receive a message from receivers that support DMARC, like in the example bellow:

From: noreply@dmarc.yahoo.com
To: admin@plothost.com
Subject: Report Domain: plothost.com Submitter: yahoo.com Report-ID: <1496110592.916792>
In the attachment you will see an XML file with the same name as the zip archive.

<?xml version="1.0"?>	
<feedback>	
  <report_metadata>	
    <org_name>Yahoo! Inc.</org_name>	
    <email>postmaster@dmarc.yahoo.com</email>	
    <report_id>1496110592.916792</report_id>	
    <date_range>	
      <begin>1496016000</begin>	
      <end>1496102399 </end>	
    </date_range>	
  </report_metadata>	
  <policy_published>	
    <domain>plothost.com</domain>	
    <adkim>r</adkim>	
    <aspf>r</aspf>	
    <p>none</p>	
    <pct>100</pct>	
  </policy_published>	
  <record>	
    <row>	
      <source_ip>d02.plothost.com</source_ip>	
      <count>1</count>	
      <policy_evaluated>	
        <disposition>none</disposition>	
        <dkim>fail</dkim>	
        <spf>fail</spf>	
      </policy_evaluated>	
    </row>	
    <identifiers>	
      <header_from>plothost.com</header_from>	
    </identifiers>	
    <auth_results>	
      <dkim>	
        <domain>web.plothost.com</domain>	
        <result>neutral</result>	
      </dkim>	
      <spf>	
        <domain>web.plothost.com</domain>	
        <result>none</result>	
      </spf>	
    </auth_results>	
  </record>	
</feedback>		

Resources:
DMARC Website at https://dmarc.org/overview/
DMARC Tools – record creation, lookup, check etc
Google recommendations for DMARC here
cPanel Zone Editor Documentation

Generate private and public key in cPanel for SSH access

The common way to connect to the server via SSH is to use a username and a password. But to increase security, you can use a pair of keys(a private one and a public one) to connect to the server.

The public key will be on the server. The private key will be on your computer. When you are trying to connect, the server compares the two keys. If they are the right ones, you will be able to access it.

We will show in this post how to generate the pair of keys and connect to your server with PuTTY.

To generate and use public and private keys in cPanel:

1.Log in to cPanel
2.Scroll down to the SECURITY section -> SSH Access

3.Click the Manage SSH Keys button

4.Click the +Generate a New Key button

5.You are now on a page with a title Generating a Public Key. Here, choose:
-Key Name – you can leave the default value
-Key Password – enter the password for the key and confirm it
-Key Type (RSA or DSA) – let the default value
-Key Size (2048 or 4096) – let the default value

cPanel mentions:

RSA vs DSA: RSA and DSA are encryption algorithms used to encrypt your key. DSA is faster for Key Generation and Signing and RSA is faster for Verification.

6.Click the Generate Key button. You will see a confirmation message: Key Generation Complete! with some details:

Generating public/private rsa key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
The key fingerprint is:
b7:9a:55:59:c1:a7:6a:31:5c:9a:40:50:e9:73:24:a0

7.Click the Go Back link
8.Now you need to authorize the public key. (the Authorization Status is not authorized). Click the Manage link.

9.You will see a message The key with the name “id_rsa” is currently “not authorized” for use when connecting to this account.  Click the Authorize button. The success message is: The key “id_rsa.pub” has been authorized.

10.Click the Go Back link
11.Go to the Private Keys sections and click the View/Download link.

12.Here we will Convert the “id_rsa” key to PPK format. Enter the passphrase and click the Convert button.

13.You will see the key to be used in PuTTY. Click the Download key button and save the file to your computer (the filename is id_rsa.ppk) 

14.Now start PuTTY on your computer and go to Connection->SSH->Auth. Here, browse and select the file you saved at 13. (Private key file for authentication)

15. Click the Open button. PuTTY will connect to the server. Enter the Passphrase when asked.

16.You are now connected to the server 🙂

 
One of the most used SSH programs is PuTTY. Download it from chiark.greenend.org.uk/~sgtatham/putty/
Page 3 of 14
1 2 3 4 5 14