If your cPanel emails are landing in spam folders instead of inboxes, you are not alone. Email deliverability issues are one of the most common support tickets on shared cPanel/WHM servers, and the root cause is rarely a single misconfiguration — it is usually a combination of missing authentication records, a poor IP reputation, and incorrect mail server settings. This guide walks through every diagnostic step in order, so you can identify and fix the exact issue causing your emails to be marked as spam.
Why cPanel Emails End Up in Spam (Root Cause Checklist)
Modern spam filters score inbound email against dozens of signals. When your cPanel email lands in spam, at least one of these is usually failing:
- Missing or broken SPF record — receiving servers cannot confirm your cPanel server is authorised to send on behalf of the domain
- DKIM not enabled or misconfigured — the email signature does not match the public key in DNS, so the message appears tampered
- No DMARC policy — Gmail, Yahoo, and Microsoft treat domains without DMARC with heightened suspicion since 2024
- Reverse DNS (rDNS/PTR) mismatch — the sending IP does not resolve back to a valid hostname, a strong spam signal
- Blacklisted server IP — your server's IP appears on one or more email blacklists (Spamhaus, Barracuda, SpamCop)
- WHM mail policies too permissive — high sending rates, no relay restrictions, or spam filters disabled at the server level
- Low sender reputation — new IP addresses or shared IPs with a history of abuse have low trust scores
Work through the steps below in order. Each step eliminates one category of causes. Most deliverability problems are fully resolved after completing Steps 1–3.
💡 None of these worked? Skip the guesswork.
Get Expert Help →Step 1 — Verify and Repair SPF, DKIM, and DMARC via cPanel Email Deliverability Tool
cPanel includes a built-in Email Deliverability tool that checks your SPF, DKIM, and DMARC configuration and offers one-click repair for common issues.
Log into cPanel for the domain. Navigate to Email → Email Deliverability. The tool scans your DNS records and displays the status of SPF, DKIM, and DMARC for each domain on the account. Green checkmarks indicate a passing record. Red warnings or "Invalid" status require action.
SPF tells receiving mail servers which IP addresses are permitted to send email from your domain. If cPanel shows a missing or invalid SPF record, click Repair next to SPF. This automatically adds the correct SPF record to your DNS zone. The standard cPanel SPF record looks like:
v=spf1 +a +mx +ip4:YOUR_SERVER_IP ~allIf your domain uses external email providers (Google Workspace, SendGrid, etc.) alongside cPanel, add their include mechanisms before the ~all qualifier:
v=spf1 include:_spf.google.com +a +mx +ip4:YOUR_SERVER_IP ~allDKIM adds a cryptographic signature to outbound emails. The receiving server checks the signature against a public key in your DNS. If DKIM is disabled or the key is mismatched, click Enable or Repair in the Email Deliverability tool. cPanel generates a 2048-bit DKIM key and adds the corresponding TXT record to your DNS zone automatically.
Verify DKIM is working by sending a test email to [email protected] and checking the reply for dkim=pass.
DMARC instructs receiving servers what to do with emails that fail SPF or DKIM — reject, quarantine, or do nothing. Since Google and Yahoo began enforcing DMARC in 2024, domains without a DMARC record see higher spam placement rates. Add a DMARC TXT record to your DNS:
_dmarc.yourdomain.com TXT "v=DMARC1; p=none; rua=mailto:[email protected]"Start with p=none (monitor mode) and move to p=quarantine or p=reject after reviewing your DMARC reports for 2–4 weeks.
Run this command on your server:
dig -x YOUR_SERVER_IP +shortThe result should return a fully-qualified hostname (e.g., mail.yourdomain.com.). If it returns nothing, or a generic hostname from your hosting provider, your rDNS is not correctly set.
In WHM, go to Server Configuration → Basic cPanel & WHM Setup. Set the Server Hostname to a value like mail.yourdomain.com. This hostname will be used in your server's SMTP EHLO greeting.
PTR records are controlled by the owner of the IP address — usually your VPS or dedicated server provider, not your domain registrar. Open a support ticket with your provider and request that the PTR record for your server's IP be set to match your mail hostname (e.g., mail.yourdomain.com). Most providers allow this via a control panel (SolusVM, WHMCS, etc.) or via support ticket.
After the PTR change propagates (usually within an hour), verify it with dig -x again.
Use these free tools to check your server IP:
- MXToolbox Blacklist Check:
mxtoolbox.com/blacklists.aspx— checks 100+ blacklists simultaneously - Spamhaus Lookup:
check.spamhaus.org— the most widely used blacklist; a listing here has the most impact - Barracuda Reputation Lookup:
barracudacentral.org/lookups
Before requesting removal, find and stop the source. In WHM, check the mail queue for unusual sending patterns:
# View mail queue stats
/usr/sbin/exim -bp | head -50
# Find top sending accounts
/usr/sbin/exim -bp | grep "^[0-9]" | awk '{print $4}' | sort | uniq -c | sort -rn | head -20Suspend or reset credentials for any account sending abnormally high volumes. Check for compromised email accounts or contact forms being abused by spambots.
Each blacklist has its own delisting process:
- Spamhaus: submit at
www.spamhaus.org/lookup/after the abuse source is removed - Barracuda: submit at
barracudacentral.org/lookups→ Request Removal - SpamCop: listings expire automatically after 24 hours of no reported spam from the IP
- Microsoft SNDS: register at
sendersupport.olc.protection.outlook.comfor Outlook/Hotmail deliverability issues
Step 4 — Tune WHM Mail Policies (Rate Limiting, Relay Settings, Spam Filters)
Misconfigured WHM mail settings can allow abuse that hurts your IP reputation over time. Review these settings in WHM after resolving any active blacklistings.
Email sending limits: In WHM, go to Server Configuration → Tweak Settings → Mail. Set a reasonable per-hour sending limit per domain (e.g., 200–500 emails/hour for most shared hosting accounts). This prevents a single compromised account from damaging the server's IP reputation.
BoxTrapper and SpamAssassin: Enable SpamAssassin at the server level via Email → Apache SpamAssassin. This filters inbound spam but also helps identify outbound patterns. Avoid enabling BoxTrapper for all accounts as it generates challenge/response emails that can themselves be flagged as spam.
Exim mail relay configuration: Ensure your server is not acting as an open relay. Check via Service Configuration → Exim Configuration Manager → Basic Editor. The Restrict outgoing SMTP to root, exim, and mailman option should be enabled for shared hosting servers to prevent PHP scripts from sending email without authentication.
Step 5 — Test End-to-End Deliverability
After completing the above steps, verify your configuration is working end-to-end before declaring the issue resolved.
Mail-Tester (mail-tester.com): Send a test email to the address provided. The tool scores your email on a scale of 1–10 and identifies any remaining SPF, DKIM, DMARC, or content issues. Aim for a score of 9 or 10.
MXToolbox Email Health (mxtoolbox.com/emailhealth): Enter your sending domain for a comprehensive check of DNS records, blacklists, and mail server configuration in one report.
Google Postmaster Tools: If Gmail is your primary concern, register your sending domain at postmaster.google.com. This dashboard shows your domain reputation, IP reputation, and spam rate as seen by Gmail. A domain reputation of "High" with a spam rate below 0.1% means your emails will not be filtered.
If you are managing email deliverability across dozens of cPanel accounts, the ongoing work — monitoring sending limits, checking blacklists, reviewing DMARC reports, and responding to compromised accounts — adds up to hours every week. CloudHouse's managed server team handles Exim configuration, DKIM/DMARC compliance, and blacklist monitoring as part of day-to-day cPanel/WHM management.
cPanel Email Deliverability Checklist
- ✅ SPF record present and valid (verified via Email Deliverability tool)
- ✅ DKIM enabled with 2048-bit key (test with Port25 verifier)
- ✅ DMARC policy published (start with p=none, then tighten)
- ✅ PTR/rDNS matches SMTP hostname (verified with dig -x)
- ✅ Server IP not listed on Spamhaus, Barracuda, or MXToolbox blacklists
- ✅ WHM per-domain sending limits configured
- ✅ SpamAssassin enabled at server level
- ✅ Mail-Tester score ≥ 9/10
- ✅ Google Postmaster Tools shows High domain reputation
Most cPanel spam deliverability problems come down to the same set of fixable issues: missing authentication records, an unchecked PTR record, a blacklisted IP from one compromised account, and WHM mail policies that are too permissive. Work through the checklist above in order. SPF, DKIM, and DMARC alone resolve the majority of cases. Add the PTR fix and blacklist cleanup and your emails will reach the inbox consistently.