Sentinel

I just noticed the email authentication section in cpanel and I was wondering a few things...

1. Should we use this stuff? Is it good? Does it work well? Or will using this stuff mess up more than it proposes to fix?

Assuming that enabling some or all of the stuff in there is good and works well and we probably should use it ...

2. What is "Domain Keys"? Is there a tutorial somewhere?
3. What is SPF and how do I enable it and set it up properly? Is there a tutorial somewhere?

Roxy

1. Not 100% if it works well since I've never personally used it, but from reading the information on it, it sounds like it can help against spam and what not.

2. from wikipedia - "DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity."

3. SPF means Sender Policy Framework and from wikipedia is "allows software to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path), a typical nuisance in e-mail spam."

You can enable both DomainKeys and SPF under the Email Authentication page.



At the moment there are no tutorials here on Surmunity, but if you give me an hour or two I can whip some up for this? =)

Sentinel

Thanks, but I need a little more
I read the definition of Domain Keys in te cpanel thing and elsewhere ... but I don't know what it means. "DomainKeys is an e-mail authentication system designed to verify the DNS domain of an e-mail sender and the message integrity." I would like a bit more complete explanation of what that means and what it does. I am a little tech savvy so I would like a bit more meat

Same thing with SPF. I understand that it "allows software to identify and reject forged addresses in the SMTP MAIL FROM (Return-Path)," but again, what does that mean exactly?

What actually occurs when these things are enabled?

Sentinel

I just read that wiki page describing it and I think I got domainkeys at least.
It basically creates something similar to an MD5 hash of your email so that receiving mail servers can check it against the sending server. No match and the email is probably fraudulent.

So, if I have it right, this does not decrease the amount of spam you get but does help other servers to not get bogus email from you. Of course if everyone turns this on then this will help everyone not get spam from others.

If I am correct then 1 big question comes to mind right away. What if you use your ISPs outgoing server to send email but use your domains address? Will your email appear fraudulent to the receiving server? Will it look like your email did not originate on the server that the email address is from?

Roxy

On the Authentication page, you are able to authorize all hosts and IPs that can send emails with your domain.

Sentinel

With regards to DomainKeys, I see no place to define my ISPs server.

If you are referring to the SPF thing then, yeah, I saw that. But what if you enable it and don't put anything in there? Will it then make any email you send using your ISPs SMTP server appear to be "bad" to any receiving server that attempts to validate? In other words, if you enable this SPF feature *must* you enter your ISPs SMTP server in there to avoid having your email bounced as spam?

Roxy

More then likely, yes. That is if you enable the SPF. If anything you should try testing it out and see how everything works out. I'm about to do the same and I will get back to you on it.

Sentinel

I am testing it out ... but then I realized that the only way to know what it is doing is to email someone that has this kind of checking active. If I email myself or one of my other domains then it seems to still work. But I don't know what kind of checking my servers have and if they would fail an email with this setting set
So it is hard to test.