EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > Email Comments, Questions and Miscellaneous
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere.

Reply
 
Thread Tools
Old 24 Dec 2016, 11:45 PM   #1
correo
Junior Member
 
Join Date: Dec 2016
Posts: 10
Which approach for implementing own domain?

I'm about to move my e-mail to a new provider using a custom domain I own. I'm choosing between two excellent providers, but I would have to implement the custom domain in a different way at each. I have tested both methods and they seem to work perfectly. I would like to ask those more experienced than me if there is any practical impact, advantage or disadvantage, in doing it by one method or the other.

Provider A supports custom domains, so the procedure is typical: Set the MX records at my dns provider pointing to Provider A's mail servers, set an SPF txt record, and register the email address myname@mydomain.com as an alias to my primary account with Provider A. Works like a charm.

Provider B does not support custom domains. However, at my dns provider I can enable email forwarding, forward a number of email addresses (all using my custom domain) to the email address at Provider B (it uses their domain). I can also add an spf txt record to authenticate Provider B as a valid sender for my domain. Then I can create an additional identities at Provider B and choose from them as sender of any email I compose. I have tested this and it appears to work equally well.

Is one approach more/less reliable, secure or preferable in any way?
Thanks in advance-
correo is offline   Reply With Quote

Old 25 Dec 2016, 07:28 AM   #2
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 7,946
Arrow Don't Forward

Welcome to the EMD Forums!

Are you familiar with DKIM signing? This provides a signed encrypted signature on outgoing messages so the receiver can verify that certain portions of the message such as specified headers (From, To, Date, Subject, etc.) and all or a portion of the message body have not been altered. DKIM is probably more important than SPF these days, since SPF is broken by automatic message forwarding unless SRS (Sender Rewriting Scheme) is used. For DMARC purposes, SFP is always broken by forwarding.

DMARC is becoming a popular method for domains to specify how the receiver should treat a message which fails both SPF and DKIM authentication. You should consider your choice of email provider based both on how you send email which will be trusted by the receiver and spam/phishing detection when you receive email from others.
  • When receiving mail, forwarding to provider B might pass basic SPF if the forwarding service offers sender rewriting (SRS), but forwarding will always break SPF as applied by DMARC (due to alignment failure). So I would not use forwarding if you ever want to use DMARC to reduce spam and domain spoofing.
  • Does provider A provide DKIM signing when sending messages?
  • Does provider A provide SPF, DKIM, and DMARC authentication tests when receiving?
The use of DMARC reject policies is rapidly increasing at major domains. A p=reject policy for a domain means that email systems which follow DMARC recommendations will reject email which is received if it fails both properly aligned DKIM and SPF tests. Here is what major email domains currently publish in their DNS records as their DMARC policy (checked today at https://www.dmarcian.com/dmarc-inspector ):
  • aol.com: p=reject
  • gmail.com: p=none (changing to p=reject in early 2017)
  • hotmail.com: p=none (changing to p=reject in early 2017)
  • outlook.com: p=none (changing to p=reject in early 2017)
  • yahoo.com: p=reject
I use Fastmail.com (which has a subforum here at EMD Forums), and they provide optional full support (including DNS hosting) for user domains. You can see what they provide (and learn more about DKIM, SPF, and DMARC) here:
https://blog.fastmail.com/2016/12/24/spf-dkim-dmarc

In general, I think that option A is better, since forwarding is not needed. Forwarding makes it hard for the receiving email system to verify the reputation of the sender in various ways (including the SPF/DKIM/DMARC issues I mention above).

Bill

Last edited by n5bb : 25 Dec 2016 at 07:30 AM. Reason: Don't forward
n5bb is offline   Reply With Quote
Old 26 Dec 2016, 12:49 AM   #3
correo
Junior Member
 
Join Date: Dec 2016
Posts: 10
Wow, thanks for the detailed response.

I am familiar with all of the terms you posted about, as I have been researching this stuff recently.

Including Fastmail, since I just set up my wife's e-mail with them using her personal domain. I particularly liked their support for and easy implementation of spf and dkim. Also their slick web interface and fast performance seem top notch.

For her and my domain I use the domain registrar's dns servers. I have her fastmail set up with the MX only setup, not using their dns servers. After configuring spf and dkim, emails sent from her email address score a perfect 10/10 in the mail-tester.com spam-checking test.

Interesting to note that when I send an e-mail from Provider B to a mail-tester.com address, using their domain (not mine), it scores 9/10. The only point subtracted is for no dkim record or dmarc record. However, it still reports that it is "lovely" and has an ultra-low spam score.

Sending form Provider A, using their domain, scores 9/10 as well, for the same reasons.

So using their domains I am scoring well, but there is no dkim, even with their default domain.

Now, when I use my own domain with both providers and send an email to mail-tester.com, they both score the exact same 9/10.

So these results would indicate that both providers score highly on the anti-spam meter, even without dkim, with or without a custom domain.

Should I be concerned about using them if they do not have dkim?
correo is offline   Reply With Quote
Old 26 Dec 2016, 01:18 AM   #4
correo
Junior Member
 
Join Date: Dec 2016
Posts: 10
Incidentally, I have set a dmarc record for my domain at my dns provider to "v=DMARC1; p=none", and it shows up when searched at demarcian.com. Will this help?

When I search on a well established domain (mailfence.com), it returns the same dmarc record (v=DMARC1; p=none).

When I search on both Provider A and B, they return no dmarc record.
correo is offline   Reply With Quote
Old 26 Dec 2016, 12:49 PM   #5
Cory
Essential Contributor
 
Join Date: May 2012
Posts: 432
I'd go with Provider A setup.
Cory is offline   Reply With Quote
Old 27 Dec 2016, 10:55 AM   #6
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 7,946
I discussed DMARC mainly for future use at your domain. Fastmail currently doesn't publish a DMARC policy because they have users who have been using email clients with non-Fastmail SMTP servers at their ISP's for over a decade. So they are going slow with implementation of DMARC for their domain, which affects outgoing mail.

I would recommend only using an email provider who provides DKIM signing on outgoing messages from your domain, since DKIM testing has become a very popular method of determining the authenticity of a message.

Personally, I would recommend that you use Fastmail for your domain. I'm biased, since I have been a Fastmail customer for a dozen years with my personal domain. But I have never contemplated leaving Fastmail for several reasons:
  • The company is strongly devoted to providing secure and reliable email service. They have grown large enough that they are the major contributors to the Cyrus open source email server software they use. So they are professionals expanding the state of the art. They have a replicated server infrastructure which allow them to quickly recover from major hardware failures.
  • They have a good team. I have known several of them for years via email, and have met some of them in person when they were visiting the US attending a technical conference.
  • Setup for your own domain is easy and flexible. They can host your DNS records and give me a much better user interface for adding my own non-email DNS records than my domain reseller.
  • They provide DKIM and SPF automatically when sending, and check them when receiving. Fastmail automatically creates both DKIM and SPF DNS records for a personal domain hosted with them. The default SPF policy is v=spf1 include:spf.messagingengine.com ?all, which allow you to send messages from the Fastmail servers or any other SMTP. You can easy change this to v=spf1 include:spf.messagingengine.com -all if you wish, which only allows message sent through Fastmail servers to pass SPF tests.
  • It's very easy to add or remove aliases (at the many Fastmail domains or your domain). You can specify that messages which were sent to a specific alias are delivered to more then one destination - for example, you can specify that messages arriving at an alias at your own domain are delivered both to a Fastmail folder and to an account at Gmail and another at Outlook.com.
  • The message rules system is very powerful.
  • A great search system lets you find messages in any folder.
  • Besides the great web interface and IMAP/POP/SMTP interface for email clients, Fastmail offers both Apple iOS and Android client programs for mobile devices.
  • Fastmail has great address book, calendar, and notes features. These can all be used on the mobile client.
  • And Fastmail has a Files feature. You can save photos or any other type of file at the Fastmail server, then access these photos as a photo gallery webpage, or upload/download any file to a URL at your domain or a Fastmail domain.
Bill
n5bb is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 05:36 PM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy