llama_thumper Posted March 16, 2012 Share Posted March 16, 2012 hi all, i recently noticed, in the control panel, the option for email authentication (the two options are below). i've read the description but was wondering whether, in practice, there are any particular issues to take into account. e.g. do i need to configure my outlook settings differently (SSL?), will users now need to have some sort of certificate, etc - i don't anticipate that to be the case but was simply wondering what practical steps anyone needs to take and issues to keep in mind when activating these options, given they are not enabled by default (for a reason?). grateful for any guidance! DomainKeys DomainKeys is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This ensures that messages are actually coming from the listed sender and allows abusive messages to be tracked with more ease. SPF SPF will specify which machines are authorized to send email from your domain(s). This means that only mail sent through this server will appear as valid mail from your domain(s) when the SPF records are checked. Quote Link to comment Share on other sites More sharing options...
TCH-Dick Posted March 16, 2012 Share Posted March 16, 2012 At the time this option was added and I am not aware it changing, SPF can have a negative affect on external forwarding if the recipient does not check the headers properly. Other than that, you should have no issues nor do you need to make any changes to your email client. Quote Link to comment Share on other sites More sharing options...
llama_thumper Posted March 17, 2012 Author Share Posted March 17, 2012 ok, thanks for the reply - so, potentially, with SPF my messages might be getting flagged as spam, if the recipient doesn't check against SPF records/doesn't do this properly - correct? what about domainkeys? as i understand this concerns only incoming messages - again, what's the practical effect, are any of them just marked as spam or rejected? Quote Link to comment Share on other sites More sharing options...
TCH-Alex Posted March 18, 2012 Share Posted March 18, 2012 Each email received must be checked against the sender's public key, the DNS servers that is providing the public keys are vulnerable to DDoS attacks. If an email message is sent to a large mailing list, then the DNS server may be hit with millions of requests in a small time period. The SMTP server then must either proceed without verification, or delay email delivery until it can be verified. Many such email messages queued for verification could also overflow the spool or cache, resulting in lost data. Also, the mail server will require more RAM. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.