Jump to content
llama_thumper

Email Authentication - Potential Issues?

Recommended Posts

hi all,

 

i recently noticed, in the control panel, the option for email authentication (the two options are below).

 

i've read the description but was wondering whether, in practice, there are any particular issues to take into account. e.g. do i need to configure my outlook settings differently (SSL?), will users now need to have some sort of certificate, etc - i don't anticipate that to be the case but was simply wondering what practical steps anyone needs to take and issues to keep in mind when activating these options, given they are not enabled by default (for a reason?).

 

grateful for any guidance!

 

DomainKeys

 

DomainKeys is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This ensures that messages are actually coming from the listed sender and allows abusive messages to be tracked with more ease.

 

SPF

 

SPF will specify which machines are authorized to send email from your domain(s). This means that only mail sent through this server will appear as valid mail from your domain(s) when the SPF records are checked.

Share this post


Link to post
Share on other sites

At the time this option was added and I am not aware it changing, SPF can have a negative affect on external forwarding if the recipient does not check the headers properly. Other than that, you should have no issues nor do you need to make any changes to your email client.

Share this post


Link to post
Share on other sites

ok, thanks for the reply - so, potentially, with SPF my messages might be getting flagged as spam, if the recipient doesn't check against SPF records/doesn't do this properly - correct?

 

what about domainkeys? as i understand this concerns only incoming messages - again, what's the practical effect, are any of them just marked as spam or rejected?

Share this post


Link to post
Share on other sites

Each email received must be checked against the sender's public key, the DNS servers that is providing the public keys are vulnerable to DDoS attacks. If an email message is sent to a large mailing list, then the DNS server may be hit with millions of requests in a small time period. The SMTP server then must either proceed without verification, or delay email delivery until it can be verified. Many such email messages queued for verification could also overflow the spool or cache, resulting in lost data. Also, the mail server will require more RAM.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×