Jump to content

Email Authentication - Potential Issues?

Recommended Posts

hi all,


i recently noticed, in the control panel, the option for email authentication (the two options are below).


i've read the description but was wondering whether, in practice, there are any particular issues to take into account. e.g. do i need to configure my outlook settings differently (SSL?), will users now need to have some sort of certificate, etc - i don't anticipate that to be the case but was simply wondering what practical steps anyone needs to take and issues to keep in mind when activating these options, given they are not enabled by default (for a reason?).


grateful for any guidance!




DomainKeys is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This ensures that messages are actually coming from the listed sender and allows abusive messages to be tracked with more ease.




SPF will specify which machines are authorized to send email from your domain(s). This means that only mail sent through this server will appear as valid mail from your domain(s) when the SPF records are checked.

Link to comment
Share on other sites

At the time this option was added and I am not aware it changing, SPF can have a negative affect on external forwarding if the recipient does not check the headers properly. Other than that, you should have no issues nor do you need to make any changes to your email client.

Link to comment
Share on other sites

ok, thanks for the reply - so, potentially, with SPF my messages might be getting flagged as spam, if the recipient doesn't check against SPF records/doesn't do this properly - correct?


what about domainkeys? as i understand this concerns only incoming messages - again, what's the practical effect, are any of them just marked as spam or rejected?

Link to comment
Share on other sites

Each email received must be checked against the sender's public key, the DNS servers that is providing the public keys are vulnerable to DDoS attacks. If an email message is sent to a large mailing list, then the DNS server may be hit with millions of requests in a small time period. The SMTP server then must either proceed without verification, or delay email delivery until it can be verified. Many such email messages queued for verification could also overflow the spool or cache, resulting in lost data. Also, the mail server will require more RAM.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...