Installing DomainKeys and SPF Records

4.3/5 - (6 votes)

DomainKeys (DKIM) and SPF records are becoming a common, and annoying, demand among email providers, mainly Yahoo and Hotmail. In short, both are methods of email authentication designed to verify email integrity, by linking a sender to a specific server or hostname. In other words, DomainKeys and SPF records specify what servers can send email on behalf of a domain name.

You'll want DomainKeys and SPF records if your users have trouble sending email to certain providers, or they are having issues with spoofed (forged) email. CPanel currently allows two easy ways for you or your users to set up email verification. This is supported at least from cPanel 11.18 onward.


You can enable the “Email Authentication” feature in WHM ~> Feature Manager, which will enable the Email Authentication icon in the users' cPanels where they can create DomainKeys and SPF records for their domain(s).


There are scripts in /usr/local/cpanel/bin that can install these on a per-user basis:

/usr/local/cpanel/bin/domain_keys_installer $user

/usr/local/cpanel/bin/spf_installer $user

(and corresponding scripts to remove, like spf_uninstaller and domain_keys_uninstaller)

Update: On cPanel 11.32 and higher, these scripts are replaced with:



If you want to hit up everyone on the server, you can run my for loop one-liner:

for user in `ls -A /var/cpanel/users` ; do /usr/local/cpanel/bin/dkim_keys_installer $user && /usr/local/cpanel/bin/spf_installer $user ; done

Now what about new users? cPanel already though of that, and has options to create hooks for when after an account is created. To set up the server to automatically create an SPF record and DomainKey for new accounts, edit /scripts/postwwwacct and paste in the following code:


my %OPTS = @ARGV;
$ENV{USER} = β€œ$OPTS{β€˜user’}”;
system q(/usr/local/cpanel/bin/dkim_keys_installer $USER);
system q(/usr/local/cpanel/bin/spf_installer $USER);

To verify an SPF record and/or DomainKey, you can run a DNS check:

dig default._domainkey.$domain TXT

dig $domain TXT

A technical note about DKIM:

You might know that DKIM is actually a generated key pair, similar to an SSH or SSL Certificate's RSA key. CPanel stores these files in /var/cpanel/domain_keys, where the public folder contains the key reflected in the DNS zone, and the private folder contains the private key. You may have users that actually authenticate via DKIM in their mail clients, in which case you may need to provide them with the private key in order for them to sent email.



  1. 1

    Hi. No postwwwacct file in our scripts folder, just createacct and wwwacct (same file, actually). We’d like to add the auto creation of domain keys and spf records. Which file (or both or a different one completely) should we add the mod to?

  2. Alex B

    Hi, thanks for the tips – I’ve done all this but still don’t notice exim adding any extra headers (domainkey-signature) that would let emails validate against the DNS. My DNS has been set up correctly by the scripts above but nothing else seems to be going on… I’ve had a look in exim.conf and can’t figure out what’s wrong. Any ideas?



  3. Eric Caldwell

    Is there any way to modify your script for installing SPF and DK to not touch DNS entries with Google MX records?

    This would be a great help since I’m terrible at shell scripting.


    1. Vanessa

      The domainkeys installer script is a cPanel script – not one that I wrote. It currently goes on a per-user basis, so the only way I can think of to skip domains not hosting mail locally is to run a loop on the domains and skip users with domains pointed elsewhere:

      for user in `ls -A /var/cpanel/users`
      for domain in $(cat /var/cpanel/users/$user |grep DNS |cut -d= -f2)
      if grep $domain /etc/remotedomains >/dev/null ; then
      if [ "$LOCALMX" == "1" ];then
      echo "Adding domainkeys for user $user"
      /usr/local/cpanel/bin/domain_keys_installer $user

  4. Alex

    When being added to Windows Live Sender ID They say to use -all or ~all and not ?all terminator..which is what cPanel does, How can this be fixed for all accounts.

  5. Pingback: 10 Tips for Improving Email Delivery :: The cPanel Admin

  6. Mohannad Otaibi

    Hi Vanessa,
    Thanks for the tips.

    I tried to install your code in postwwwacct but unfortunatly, I already have code in that file that is in ruby.
    if it was perl, it wouldn’t be a problem to combine them.

    Any hind on how I can go over this ?

  7. Pingback: Using DKIM with Exim and cPanel :: The cPanel Admin

  8. Pingback: Using DKIM with Exim and cPanel |

  9. Pingback: Web Host Polis | Using DKIM with cPanel and Exim

  10. albatroz

    In this article you mention that making a backup for each account “will double the amount of disk space that the account is using for a short amount of time”
    So I was wondering if there is a way to avoid this problem.
    Mounting another drive will solve this problem?

  11. Tapan Bhanot


    I tried your code to enable it for all users in cPanel but to it says there’s no script named: /usr/local/cpanel/bin/domain_keys_installer

    Am i missing something ?


  12. Ricahrd F

    Cpanel has renamed /usr/local/cpanel/bin/dkim_keys_installer to /usr/local/cpanel/bin/dkim_keys_install , content should be updated to reflect this.

  13. Rodrigo

    Cpanel 11.34.1 have in Tweak Settings two new options:

    Enable DKIM on domains for newly created accounts
    Enable SPF on domains for newly created accounts

Log in