SPF, DKIM, DMARC: why your hosting customers' email goes to spam
The Reflex Team8 min24 May 2026
When a hosting customer says "my contact form emails land in spam," the answer is almost always DNS authentication — not the PHP mailer.
The three records that matter
- SPF — which servers may send mail for the domain
- DKIM — cryptographic signature proving the message was not tampered with
- DMARC — policy telling receivers what to do when SPF/DKIM fail
Missing or conflicting records are silent until deliverability collapses.
Why resellers feel this pain
You may host mail on cPanel while the customer points NS to Cloudflare. The zone file on WHM is not the zone the world sees. Repairs must target the authoritative DNS provider, not whichever panel happens to hold a copy.
Check any domain in seconds
Use the free Email health checker to paste a domain and get copy-paste fix suggestions.
Monitor and repair at fleet scale
Reflex connects to WHM root or reseller API tokens, checks every account daily, and can apply SPF/DMARC/MX fixes automatically when DNS is authoritative on the server — or via linked Cloudflare/Route53 credentials when it is not.