Quote:
Originally Posted by deepsand
Yes.
Legitimate mail sent from senders who do not implement SPF will not be received by you, but will be returned marked that it was refused.
|
Hi Deepsand,
Can you please elaborate on this? My understanding is quite a bit different from this.
For one thing, SPF is a text record maintained in your own domain's DNS Zone file and as such, it is simply a static record which is there to be referenced only by other servers. It doesn't actually perform any functions such as checking or filtering incoming mail. So, as I understand it, having an SPF record will have absolutely zero effect on your ability to receive mail. It is, in that sense, a one-way method. Your server doesn't have to utilize SPF lookups for incoming mail just because you have created an SPF record and conversely, just because your server may be using SPF lookups for incoming mail, doesn't mean you have to create one (although I don't know why you wouldn't).
DomainKeys, however, is more of a two-way method. Once enabled on the server it will affix the DomainKey signature to your outgoing email so that receiving servers can verify the signature against your server. At the same time, if your server receives mail that has a DomainKeys signature affixed, your server can check that signature against the sending server.
What your server does with incoming mail that does NOT contain a DomainKeys signature is a matter of configuration, but I don't believe that many (if any) servers are yet rejecting email simply because it doesn't contain a DomainKeys signature (which is what Deepsand appears to be suggesting might happen.)
Perhaps at some point in the future when the technology has reached a higher adoption rate it will become more common to reject mail that does not utilize DomainKeys, but I don't think we're there yet and I certainly don't think that Blitzen's server is automatically rejecting it. To be sure though, he should check with his server administrator.
So, to answer Blitzen's question myself, in my opinion,
I don't believe there are any disadvantages to using either of these methods.
Additionally, some major providers (most notably AOL and Hotmail) have publicly stated their intentions to move towards rejecting mail that does not originate from servers with SPF records. So, with that in mind, there is actually a disadvantage to NOT having an SPF record (in addition to the disadvantage of being vulnerable to spoofing, which was the OP's original problem).
So, in summation, at some point in the future there might be a downside to DomainKeys if your server is configured to reject email that doesn't contain a DomainKeys signature, but that's probably not the case now for 99.9% of servers. While on the other hand, SPF records have absolutely no potential to affect your ability to receive email, either now or in the future.