How to setup SPF record on entire server for all domains?

[businezz]

Hi,

This will be a long post. Anyway, I am planning on moving my cPanel accounts from my old provider to Linode. It looks like Linode keeps port 25 closed, so per request they opened it, and my domains can send emails.

I talked to their support on how to setup cPanel shared hosting environment and all domains to be able to send emails. I have to setup rDNS with valid domain, which is fine. But, they require each domain name to have this SPF: example.com TXT "v=spf1 a ~all"

I have 100+ cPanel accounts, people are signing up and cancelling, I have to login daily and look up at the domains and see which one doesn't have that SPF and i have to add it manually. This doesn't make sense to me....

Is there any way for me to setup this SPF on the server by default for all existing and new domains without me adding it manually every time?

Thanks

 

[cPanelAnthony]

Hello! As long as you choose the SPF option during the initial account creation, it should be assigned. The following thread explains how you can modify the default SPF record.

SOLVED - Default settings for SPF on new domains

Hi - I have been trying to figure out where I can change the default SPF settings for new domains. I made a typo, which I have to manually fix after a new account is added. That's not such a big problem, but if anyone clicks Email deliverability, they can apply the incorrect info, and that's...

forums.cpanel.net

Regardless; could you let me know if this article helps?

https://support.cpanel.net/hc/en-us/articles/4403818107927-How-to-add-an-SPF-entry-to-all-domains-on-the-server

 

[businezz]

Hello! As long as you choose the SPF option during the initial account creation, it should be assigned. The following thread explains how you can modify the default SPF record.

SOLVED - Default settings for SPF on new domains

Hi - I have been trying to figure out where I can change the default SPF settings for new domains. I made a typo, which I have to manually fix after a new account is added. That's not such a big problem, but if anyone clicks Email deliverability, they can apply the incorrect info, and that's...

forums.cpanel.net

Regardless; could you let me know if this article helps?

https://support.cpanel.net/hc/en-us/articles/4403818107927-How-to-add-an-SPF-entry-to-all-domains-on-the-server

^ Seems like this link is dead.

I use WHMCS for accounts, I don't add them manually, that bothers me here, how all new account will get this SPF in their DNS.

 

[quietFinn]

This might work:

1st go to WHM -> Server Configuration -> Tweak Settings -> Domains -> Enable SPF on domains for newly created accounts => OFF (and SAVE)

Then go to WHM -> DNS Functions -> Edit Zone Templates -> standardvirtualftp
and add line:
%domain%. %nsttl% IN TXT "v=spf1 a ~all"
(and SAVE)

 

[businezz]

This might work:

1st go to WHM -> Server Configuration -> Tweak Settings -> Domains -> Enable SPF on domains for newly created accounts => OFF (and SAVE)

Then go to WHM -> DNS Functions -> Edit Zone Templates -> standardvirtualftp
and add line:
%domain%. %nsttl% IN TXT "v=spf1 a ~all"
(and SAVE)

Will not mess up with any existing DKIM or SPF?

 

[quietFinn]

Will not mess up with any existing DKIM or SPF?

No, that only affects new accounts.

 

[businezz]

No, that only affects new accounts.

Thanks. I'll setup test server and see if it works.

 

[businezz]

Hello! As long as you choose the SPF option during the initial account creation, it should be assigned. The following thread explains how you can modify the default SPF record.

SOLVED - Default settings for SPF on new domains

Hi - I have been trying to figure out where I can change the default SPF settings for new domains. I made a typo, which I have to manually fix after a new account is added. That's not such a big problem, but if anyone clicks Email deliverability, they can apply the incorrect info, and that's...

forums.cpanel.net

Regardless; could you let me know if this article helps?

https://support.cpanel.net/hc/en-us/articles/4403818107927-How-to-add-an-SPF-entry-to-all-domains-on-the-server

Here's some updates on this. I created a test server with cpanel/WHM and I set hostname with valid domain name. I added 2 or 3 different domains as a new accounts and it looks like the emails are working. Some of them are going in spam, some of them straight in inbox. But, I did not add the SPF record mentioned above.

Strange... ? Requested per Linode to add that record but the emails are working..

 

[businezz]

Will not mess up with any existing DKIM or SPF?

This is the record I have now: v=spf1 +a +mx +ip4:xx.xx.xx.xx ~all instead "v=spf1 a ~all"

 

[businezz]

This might work:

1st go to WHM -> Server Configuration -> Tweak Settings -> Domains -> Enable SPF on domains for newly created accounts => OFF (and SAVE)

Then go to WHM -> DNS Functions -> Edit Zone Templates -> standardvirtualftp
and add line:
%domain%. %nsttl% IN TXT "v=spf1 a ~all"
(and SAVE)

This is the record I have now: v=spf1 +a +mx +ip4:xx.xx.xx.xx ~all instead "v=spf1 a ~all"

 

[cPanelAnthony]

Here's some updates on this. I created a test server with cpanel/WHM and I set hostname with valid domain name. I added 2 or 3 different domains as a new accounts and it looks like the emails are working. Some of them are going in spam, some of them straight in inbox. But, I did not add the SPF record mentioned above.

Strange... ? Requested per Linode to add that record but the emails are working..

Your concern is that you think SPF should be needed for email to work, but you're seeing emails go through on domains without SPF set? That would be fully up to the receiving mail server. Every mail server will decide at which point it will reject an email if it doesn't contain SPF, DKIM, etc.

 

[businezz]

Your concern is that you think SPF should be needed for email to work, but you're seeing emails go through on domains without SPF set? That would be fully up to the receiving mail server. Every mail server will decide at which point it will reject an email if it doesn't contain SPF, DKIM, etc.

I set a test cpanel server and I didn't touched anything on SPF records. Some emails were going through, some not, like you said the email server decides what's received.

But Linode requires additional SPF record for each account: "v=spf1 a ~all" My questions was, how do I add this SPF record for all accounts, existing and new. Adding it in one by one account doesn't make sense, because I have more than 50 cpanel accounts. I guess there's no way to add additional SPF in WHM,I already contacted cPanel support. Seems like there's no solution for this.

 

[cPanelAnthony]

Hello again! For all future domains, you can configure DNS templates that will automatically apply the necessary records.

Edit Zone Templates | cPanel & WHM Documentation

This interface allows you to edit the templates that cPanel & WHM uses to create DNS zone files for new domains.

docs.cpanel.net

The only option I can think of for adding the record to bulk on existing domains would be to use make some kind of loop using the API call for adding TXT records.

Add DNS Record API

 

[businezz]

Hello again! For all future domains, you can configure DNS templates that will automatically apply the necessary records.

Edit Zone Templates | cPanel & WHM Documentation

This interface allows you to edit the templates that cPanel & WHM uses to create DNS zone files for new domains.

docs.cpanel.net

The only option I can think of for adding the record to bulk on existing domains would be to use make some kind of loop using the API call for adding TXT records.

Add DNS Record API

I tried with templates, no luck at all...

 

[quietFinn]

I tested what I wrote earlier (in post #4)
go to WHM -> DNS Functions -> Edit Zone Templates -> standardvirtualftp
and add line:
%domain%. %nsttl% IN TXT "v=spf1 a ~all"
(and SAVE)

Then I created an account, checked in DNS Zone Manager and the SPF record was there (guess I was lucky ).

You may need to edit the standard temlate also.

 

[businezz]

I tested what I wrote earlier (in post #4)
go to WHM -> DNS Functions -> Edit Zone Templates -> standardvirtualftp
and add line:
%domain%. %nsttl% IN TXT "v=spf1 a ~all"
(and SAVE)

Then I created an account, checked in DNS Zone Manager and the SPF record was there (guess I was lucky ).

You may need to edit the standard temlate also.

I'll try again. Maybe I need to reboot also

 

[quietFinn]

I'll try again. Maybe I need to reboot also

No, edit the template, create an account and the record should be there.

 

[pintudason]

Step 1: Collect all IP addresses that are used to send email
Step 2: Create your SPF record
Step 3: Publish your SPF record into your DNS
Step 4: Test your SPF record with the SPF record Checker

 

[quietFinn]

Step 1: Collect all IP addresses that are used to send email
Step 2: Create your SPF record
Step 3: Publish your SPF record into your DNS
Step 4: Test your SPF record with the SPF record Checker

The question was "How to setup SPF record on entire server for all domains?".