First, log in to your client's cPanel account with their username and your root password (if you've enabled this option in WHM). Then access 'email authentication' from the "Mail" category. See if DomainKeys and SPF have been enabled for their account. If not, you can try to enable them from there.
A lot of free email providers (namely Yahoo) check for DKIM signatures (DomainKeys Identified Message, a different auth method than DomainKeys) before the email is delivered. Even with SPF and DomainKeys enabled, the messages can still, sometimes, wind up in the "SPAM" folder.
The problem here, is that DKIM signature support has not been built into cPanel, yet.
I did, however, manage to get DKIM working on my cPanel servers (http://www.webhostingtalk.com/showthread.php?t=1008627) and, once I confirmed it was working, all emails that were originally being as junk, started going to the "INBOX" -- but, if you were to do that, you'd lose your DomainKey signature, so all you're really doing is substituting one method of email authentication for another.
If you send an email to [email protected] from an email address on your server, you will receive an authentication report indicating which authentication methods are properly configured. Here's an example: