cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Configuring cPanel e-mail on Linux Web Hosting. DKIM, SPF, DMARC oh my! E-mail Fail Thread

The basic GoDaddy e-mail capabilities via cPanel via basic Linux web hosting are severely lacking. In my opinion they should get it to work properly out-of-the-box.

 

In this thread I want to highlight a couple headaches I am having. First, we'll turn to the preferred tool to diagnose and configure e-mail issues. mxtoolbox.com

 

After much configuration research and application I was able to get it down to only a very few errors when I run my domain through "Domain Health". The errors are as follows:

 

CategoryHostResult
dmarcexample.netDMARC Quarantine/Reject policy not enabled
mxexample.netDMARC Quarantine/Reject policy not enabled
dnsexample.netSOA Expire Value out of recommended range
smtpmail.example.netReverse DNS does not match SMTP Banner
smtpmail.example.netWarning - Does not support TLS
smtpmail.example.net15.438 seconds - Not good! on Transaction Time

 

Now, on the DMARC records I am aware that I didn't set a reject policy, and that is fine with me. What concerns me is that the SOA value is out of range and cannot be changed in the GoDaddy DNS (it is greyed out). The reverse DNS does not match the banner, which I have no idea how to solve; seems like an issue I don't have configuration settings for. Does not support TLS, I have a security certificate installed on mail.example.net that supports TLS; yet it's possibly not being utilized. Last, the fact that the timeout is 15 seconds and I regularly get this error saying that smtp is going over this threshold is a concern and also something I cannot fix.

If any of you folks out there can provide me with some working solutions or things to try to remedy these problems it is much appreciated by me; and the GoDaddy community at large

I don't think I have to go to great length explaining how important it is for our websites to have basic e-mail security and deliveribility available as part of our hosting packages.

 

Which brings me to the main issue here. Deliverability. We're going back into the mxtoolbox to use the e-mail deliverability tool  So we send them and e-mail with the tool and they analyze the header and tell us the potential problems. The results were quite surprising to me. First, I was on 5 blacklists. This is probably kinda normal since we share IP's with other users. Upon research the violations occured before I owned the domain; so it is only 5 and hopefully they don't cause too many issues. It did approve my carefully crafted DMARC and SPF records here (remove the default 'ptr' entry from your spf record to accomplish thtis).

The report is telling me that the DKIM is not configured. On researching this issue GoDaddy doesn't provide any type of DKIM services or the keys necessary to implement this feature. Is this feature important for e-mail??

Let's see what other people have to say:

 

 

 

 

A DomainKeys Identified Mail, also known as DKIM, gives an organization the opportunity to take responsibility for a message while it is in transit. The message is signed with the organization's certificate and a signature is added to the email headers.

Many email clients (such as Yahoo!, Gmail, Outlook and others) will check for a valid DKIM signature on incoming email as a means of recognizing the originator. When a mail server receives an email it assesses the DKIM header and then performs the following tasks:

    *Retrieve the public key from the DNS of the sending domain (re: example.com if the sender is name@example.com)
     
    *Use the key to decrypt the signature and verify the content

In that sense DKIM is a means of increasing the deliverability of your email campaigns and your sender reputation, as it allows you to let the receiving mail server verify your reliability.

 

 

 

 

I would like to have me e-mail properly configured not to end up in people's spam boxes because I have a good reputation in my community and my website provides a valuable service. I would like GoDaddy to provide support articles and features for DKIM. If it is already available to me and I don't know where it is, please let me know.

 

Last little issue. When setting up the e-mail account on my Android. My client throws a certificate error at me. It is from the same writer as the self-signed certificate that came with the account. I would like to use a certificate on the e-mail server so that my e-mail client can trust the server. Can this functionality be provided? I am able to send and receive e-mails from my Android, but that certificate issue is bugging me. I hope I'm not sending and receiving in plain text over here. Recieved e-mail's from the device claim the TLS was enabled. As we can see at the beginning of the this post mxtoolbox says TLS isn't enabled. Pair that with my error during configuration on Android and it makes me wonder.

 

I can't thank the GoDaddy forum community enough for asking questions and providing answers that have help me greatly! Once again if you have any suggestions or solutions to the issues I have submitted here, please holler at me.

 

Thank you.

1 REPLY 1
Super User IV

@SporadicThought 

 

First off major KUDOS to you on a well written / detailed article. 

That all being said, my response / advise would be that you may need to look at a VPS / Dedicated Server.

 

Things like the reverse DNS on a shared server are not possible. Also some settings like TLS and other services are configured for the largest audience vs locking it down for specific setups.

 

Also keep in mind by hosting your email on the GoDaddy servers (cPanel or VPS/Dedicated) you are sending out via the GoDaddy relay server. I recently posted an article on the VPS board about setting up a VPS to use Amazon Simple Email Service as a relay instead.

I am a GoDaddy End User - Just Like You
Check out my site! | I currently manage over 300 WordPress Websites
* Please note that I offer free advice on this forum. Thank You Info If you would like personalized help, please contact me. Otherwise, please ask your question in the proper forum so the answer can assist EVERYONE in the community and not just you. Thanks! *

Once your issue is resolved,
please be sure to come back and click accept for the solution

Get Better Support on the Community Boards!
Etiquette When Asking for Help from the Community