Email Authentication - Potential Issues?

[llama_thumper]

hi all,

 

i recently noticed, in the control panel, the option for email authentication (the two options are below).

 

i've read the description but was wondering whether, in practice, there are any particular issues to take into account. e.g. do i need to configure my outlook settings differently (SSL?), will users now need to have some sort of certificate, etc - i don't anticipate that to be the case but was simply wondering what practical steps anyone needs to take and issues to keep in mind when activating these options, given they are not enabled by default (for a reason?).

 

grateful for any guidance!

 

DomainKeys

 

DomainKeys is an e-mail authentication system that allows for incoming mail to be checked against the server it was sent from to verify that the mail has not been modified. This ensures that messages are actually coming from the listed sender and allows abusive messages to be tracked with more ease.

 

SPF

 

SPF will specify which machines are authorized to send email from your domain(s). This means that only mail sent through this server will appear as valid mail from your domain(s) when the SPF records are checked.

[TCH-Dick]

At the time this option was added and I am not aware it changing, SPF can have a negative affect on external forwarding if the recipient does not check the headers properly. Other than that, you should have no issues nor do you need to make any changes to your email client.

[llama_thumper]

ok, thanks for the reply - so, potentially, with SPF my messages might be getting flagged as spam, if the recipient doesn't check against SPF records/doesn't do this properly - correct?

 

what about domainkeys? as i understand this concerns only incoming messages - again, what's the practical effect, are any of them just marked as spam or rejected?

[TCH-Alex]

Each email received must be checked against the sender's public key, the DNS servers that is providing the public keys are vulnerable to DDoS attacks. If an email message is sent to a large mailing list, then the DNS server may be hit with millions of requests in a small time period. The SMTP server then must either proceed without verification, or delay email delivery until it can be verified. Many such email messages queued for verification could also overflow the spool or cache, resulting in lost data. Also, the mail server will require more RAM.