How to Prevent Email Address Spoofing
Prevent Email Address Spoofing
These are instructions on how to enable Email Authentication on your cPanel hosting account. Email Authentication is an effort to equip email systems with enough verifiable information to recognise genuine emails, prevent email spoofing and fight off spam. We recommend enabling it on your hosting account.
1) Login to your cPanel control panel
2) Go to the ‘Email Authentication’ page
3) You’ll see a section DomainKeys. DomainKeys is an email authentication system which will verify if incoming email is actually coming from the listed sender. We recommend enabling it by clicking on the Enable button.
4) You’ll see a section SPF. When a mailserver receives an email purporting to be from you, it may check the SPF records on your domain name to see if the server that sent the email is authorized to do so. Where SPF checking is used, it will help prevent email spoofing (where a spammer/fraudster uses an insecure email server to send email purporting to be from you). We recommend enabling it by clicking on the Enable button.
5) You will also want to take a minute to configure the advanced settings on the page. These are:
- Additional Hosts
- Additional MX Servers
- Additional IP Blocks
- Include List – These four lists are important if you use a mailing company (for example MailChimp, ConstantContact) or third party email provider (for example Google Apps for Work, MS Office 365) - These companies will send email from your domain name and they must be included in your SPF record so the emails they send are identified as genuine. You will need to ask the respective company's technical support team exactly what to include in the SPF record. If you do not use any mailing company or third party email provider, you can leave these boxes with the default values only.
- All Entry – We strongly recommend ticking this box, otherwise the settings won't have any meaningful effect!
(Technically speaking: By ticking the box you’ll change the mechanism for your SPF record from “?all” (used for statistics and analysis) to “-all” which effectively means the server will reject all email that doesn’t match the mailservers and IP addresses you’ve listed in your SPF record.)
- Overwrite Existing Entries – You should leave this ticked and click the Update button.
6) All done! Hopefully you’ll see less nuisance emails and less spam.