Jump to content


Email Authentication - Potential Issues?

  • Please log in to reply
3 replies to this topic

#1 llama_thumper


    Distant Family

  • Members
  • PipPipPip
  • 152 posts

Posted 16 March 2012 - 07:56 AM

hi all,

i recently noticed, in the control panel, the option for email authentication (the two options are below).

i've read the description but was wondering whether, in practice, there are any particular issues to take into account. e.g. do i need to configure my outlook settings differently (SSL?), will users now need to have some sort of certificate, etc - i don't anticipate that to be the case but was simply wondering what practical steps anyone needs to take and issues to keep in mind when activating these options, given they are not enabled by default (for a reason?).

grateful for any guidance!


DomainKeys is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This ensures that messages are actually coming from the listed sender and allows abusive messages to be tracked with more ease.


SPF will specify which machines are authorized to send email from your domain(s). This means that only mail sent through this server will appear as valid mail from your domain(s) when the SPF records are checked.

#2 TCH-Dick


    General Manager

  • Admins
  • PipPipPipPip
  • 5,826 posts

Posted 16 March 2012 - 02:22 PM

At the time this option was added and I am not aware it changing, SPF can have a negative affect on external forwarding if the recipient does not check the headers properly. Other than that, you should have no issues nor do you need to make any changes to your email client.

Dick DeVance
General Manager
TotalChoice Hosting, Inc

Posted Image

#3 llama_thumper


    Distant Family

  • Members
  • PipPipPip
  • 152 posts

Posted 17 March 2012 - 05:24 PM

ok, thanks for the reply - so, potentially, with SPF my messages might be getting flagged as spam, if the recipient doesn't check against SPF records/doesn't do this properly - correct?

what about domainkeys? as i understand this concerns only incoming messages - again, what's the practical effect, are any of them just marked as spam or rejected?

#4 TCH-Alex


    Technical Support

  • Staff
  • PipPipPipPip
  • 758 posts

Posted 17 March 2012 - 11:58 PM

Each email received must be checked against the sender's public key, the DNS servers that is providing the public keys are vulnerable to DDoS attacks. If an email message is sent to a large mailing list, then the DNS server may be hit with millions of requests in a small time period. The SMTP server then must either proceed without verification, or delay email delivery until it can be verified. Many such email messages queued for verification could also overflow the spool or cache, resulting in lost data. Also, the mail server will require more RAM.

Alex Spaford
Technical Support
TotalChoice Hosting, Inc.
Total Choice Hosting - Helpdesk

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users