As you may know, if mail service is unauthenticated you can face the following issues:
In the first case, recipient mail server looks up SPF record for your domain, and if it is not added / does not match actual outgoing server IP address, such a mail delivery will fail. Such checking mechanism is implemented in order to make sure email comes from a legitimate sender and verified sender.
Second situation takes place when there is no SPF/DKIM configured for your domain or they are configured incorrectly, which lets unauthorized party to forge emails using @yourdomain.com mailbox. Such cases are called mail spoofing.
NOTE 2: SPF record has its own specific syntax. It is strongly recommended to get familiar with SPF record syntax documentation if you are going to customize the record manually.
NOTE 3: SPF record is added to your domain DNS zone as TXT record. There are cases when you need to add another TXT record to verify your domain name ownership for some service. It is not recommended to modify existing SPF record, it is better to add a new one instead.
DKIM (DomainKeys Identified Mail) is another way of e-mail authentication. This method uses information about domain which is published by the domain owner. That information allows receiving server to verify if the e-mail message was sent by legal owner of that domain name.
Once TXT record which contains DKIM has been added to DNS zone a special code is added to the headers of outgoing e-mails. Receiving servers compare these headers with the information in DNS zone and if it matches then the e-mail is delivered.
NOTE: DomainKeys(DK) and DomainKeys Identified Mail (DKIM) are separate things.
DomainKeys(DK) are not available on our shared servers as DK implementation was converted to DKIM and extended in a number of ways as of cPanel 11.32 and later releases.
Some of the differences between DomainKeys and DKIM include:
*taken from https://www.namecheap.com/support/knowledgebase/article.aspx/9214/31/cpanel-email-authentication-tool--spf-and-dkim-records