Over the past few months, some clients have reported issues with Gmail not accepting their emails due to a lack of SPF and DKIM records configured on their domain. When this happens you’ll receive a bounce message similar to this:
host gmail-smtp-in.l.google.com [188.8.131.52]
SMTP error from remote mail server after end of data:
550-5.7.26 This mail is unauthenticated, which poses a security risk to the
550-5.7.26 sender and Gmail users, and has been blocked. The sender must
550-5.7.26 authenticate with at least one of SPF or DKIM. For this message,
550-5.7.26 DKIM checks did not pass and SPF check for [example.com] did
550-5.7.26 not pass with ip: [ip-address]. The sender should visit
550-5.7.26 https://support.google.com/mail/answer/81126#authentication for
550 5.7.26 instructions on setting up authentication.
This primarily occurs for a few different reasons:
- The cPanel account is very old and does not have an SPF or DKIM record configured.
- The SPF and DKIM records were incorrectly modified.
- The domain does not utilize our DNS and thus the records have to be manually added at the DNS host.
If you host your domain’s email with us, this can be addressed via the Email Deliverability section of cPanel. Once navigating to that section you’ll see a screen similar to below.
If the “Repair” option is available, simply select it and the necessary records will automatically be created on the domain. This should resolve your issue as soon as these changes propagate within a few hours.
If the “Repair” option is disabled as shown above, this usually indicates that the domain is not using our DNS. As such, you’ll need to either reconfigure the domain to use our DNS or manually setup the records at the domain’s DNS host. Upon selecting “Manage”, you’ll be provided with the needed DKIM and SPF record to setup at your DNS host.
Lastly, if the domain’s email is not hosted by us, you’ll need to obtain the necessary DKIM and SPF records from your email provider. These records will need to be added to the domain’s DNS zone at the DNS host. If we host the domain’s DNS, this can be done via the cPanel or WHM zone editor.
If you find yourself stuck or needing assistance at any point, please do not hesitate to submit a ticket. We’re happy to help in any capacity that we can.
cPanel 104 has introduced a couple of useful changes to the Roundcube webmail client. First, it now has a dark mode that is easily toggled via the icon in the lower left corner. You can see what both of these modes look like below.
You can now also train SpamAssassin directly from within the Roundcube webmail client. When selecting any email outside of the Junk folder, you have the option to select “Junk” which will move the email to your Junk folder and submit it to SpamAssassin for local spam training.
Similarly, if you select an email in your Junk folder, you’ll have the option to select “Not Junk”. This will move the email to your inbox and submit it to SpamAssassin for local ham (not spam) training.
If at any point you make a mistake, you can simply locate the email and select the opposite action.
An often overlooked feature of cPanel is the webmail interface, which offers far more than just a place to view your email. It is a very powerful tool that allows email users to fully manage their own email accounts. The interface was recently updated in cPanel 84 and includes a few new features as well.
From within webmail you can view device configuration information, setup filters or forwarders, change your password, configure spam filtering, manage disk usage and even track delivery of emails.
This can be a tremendous time saving tool for both you and your clients because it empowers email users to manage their own account. Simply send them to /webmail on their domain and they can login with their own email address and password.
While the SpamTitan product has been great to us for the past four and a half years, it has become less effective at filtering out spam and the per email address pricing has always been a concern. Over the past several months, we have been hard at work preparing a better solution for you.
We are very proud to announce that we are now a SpamExperts partner. Not only has our testing shown them to be superior at spam filtering, we’re confident you’ll be pleased with the pricing as well. You no longer have to worry about how many email addresses are on your domain. In place of SpamTitan’s $1.00 per user we’re offering SpamExperts at $2.00 per domain. This has resulted in a significant cost reduction for many of our clients while also offering a better service.
We completed the migration of all SpamTitan users over to SpamExperts early last week and have since opened up the service offering for all clients. A free 30 day trial is available if you would like to give it a try, just submit a ticket to request it. Additional information can be found here.
We have quite a few other ongoing projects currently so stay tuned for more updates!
A couple years ago, we published a post on the proper configuration of SPF records when sending emails through our servers. Although not a default configuration, this is very important when you’re enforcing validation of SPF using “-all”. Due to some internal changes, the required entry has changed a little. Previously, you needed to add an A record for spf.gzo.com (+a:spf.gzo.com) and now you’ll need to simply include spf.gzo.com (+include:spf.gzo.com). A screenshot of this entered correctly in cPanel is shown below.
For those with DNS hosted by us, your SPF record has already been updated with this change. If you’re not hosting your DNS with us, the existing A record will continue to function normally in the short term, but please be sure to make the necessary change. If you have any questions or concerns, please submit a ticket and we’ll be happy to assist.
Office 365 has quickly become a popular option for clients requiring Exchange hosted email. As a result, we frequently see tickets seeking help with setting up the required DNS records. Even if you’re familiar with editing DNS zones, the required SRV records may throw you off.
Microsoft does provide a general guide for all of the necessary DNS records here but it doesn’t specifically address adding them via WHM or cPanel. If you have WHM access, using the “Edit DNS Zone” link under “DNS Functions” on the left menu will be the easiest option. From there you can add the necessary records at the bottom of the page. You will have to do this in batches since there aren’t enough fields to add all of the records in at once. Once you’re done, the added records should look like this:
You’ll notice we’re using “dathornexample.com” as the domain there. Your own records will instead use your own domain. The “msXXXXXXXX” value is provided by Microsoft to verify your domain, yours will have numbers instead of the placeholder X’s. When editing DNS records via WHM, you should always put quotes around TXT values, as can be seen in the SPF record above. You’ll notice the other “MS=” TXT record doesn’t have quotes shown, that’s because they were automatically removed since they were not needed in that case. With WHM, you’re best off putting quotes around the TXT values and letting WHM decide what to do. Continue reading
As many of you know, we offer a paid business class spam filtering option called SpamTitan. You may not know, however, that whether or not you pay for inbound SpamTitan filtering all of your outbound email is still filtered by our SpamTitan cluster. If you aren’t familiar with our SpamTitan filtering you can learn more about it or signup for a free trial here.
We began filtering all outbound email through our SpamTitan cluster back in 2012 because we knew how important email delivery was to our clients. Since then we’ve experienced very few issues with our outbound mail IP addresses getting black listed or having a less than excellent reputation.
The vast majority of our outbound spam comes from forwarders that clients have setup to forward their domain’s email to their Gmail or other third party account. The filtering stops a lot of these spam messages from being forwarded and negatively impacting our IP reputation. Occasionally we do also see an email account’s login information having been compromised and used to send spam via SMTP and SpamTitan is able to stop most of these messages from ever leaving our network. Continue reading