|
Email Comments, Questions and Miscellaneous Share your opinion of the email service you're using. Post general email questions and discussions that don't fit elsewhere. |
|
Thread Tools |
24 Dec 2016, 10:45 PM | #1 |
Junior Member
Join Date: Dec 2016
Posts: 10
|
Which approach for implementing own domain?
I'm about to move my e-mail to a new provider using a custom domain I own. I'm choosing between two excellent providers, but I would have to implement the custom domain in a different way at each. I have tested both methods and they seem to work perfectly. I would like to ask those more experienced than me if there is any practical impact, advantage or disadvantage, in doing it by one method or the other.
Provider A supports custom domains, so the procedure is typical: Set the MX records at my dns provider pointing to Provider A's mail servers, set an SPF txt record, and register the email address myname@mydomain.com as an alias to my primary account with Provider A. Works like a charm. Provider B does not support custom domains. However, at my dns provider I can enable email forwarding, forward a number of email addresses (all using my custom domain) to the email address at Provider B (it uses their domain). I can also add an spf txt record to authenticate Provider B as a valid sender for my domain. Then I can create an additional identities at Provider B and choose from them as sender of any email I compose. I have tested this and it appears to work equally well. Is one approach more/less reliable, secure or preferable in any way? Thanks in advance- |
25 Dec 2016, 06:28 AM | #2 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
Don't Forward
Welcome to the EMD Forums!
Are you familiar with DKIM signing? This provides a signed encrypted signature on outgoing messages so the receiver can verify that certain portions of the message such as specified headers (From, To, Date, Subject, etc.) and all or a portion of the message body have not been altered. DKIM is probably more important than SPF these days, since SPF is broken by automatic message forwarding unless SRS (Sender Rewriting Scheme) is used. For DMARC purposes, SFP is always broken by forwarding. DMARC is becoming a popular method for domains to specify how the receiver should treat a message which fails both SPF and DKIM authentication. You should consider your choice of email provider based both on how you send email which will be trusted by the receiver and spam/phishing detection when you receive email from others.
https://blog.fastmail.com/2016/12/24/spf-dkim-dmarc In general, I think that option A is better, since forwarding is not needed. Forwarding makes it hard for the receiving email system to verify the reputation of the sender in various ways (including the SPF/DKIM/DMARC issues I mention above). Bill Last edited by n5bb : 25 Dec 2016 at 06:30 AM. Reason: Don't forward |
25 Dec 2016, 11:49 PM | #3 |
Junior Member
Join Date: Dec 2016
Posts: 10
|
Wow, thanks for the detailed response.
I am familiar with all of the terms you posted about, as I have been researching this stuff recently. Including Fastmail, since I just set up my wife's e-mail with them using her personal domain. I particularly liked their support for and easy implementation of spf and dkim. Also their slick web interface and fast performance seem top notch. For her and my domain I use the domain registrar's dns servers. I have her fastmail set up with the MX only setup, not using their dns servers. After configuring spf and dkim, emails sent from her email address score a perfect 10/10 in the mail-tester.com spam-checking test. Interesting to note that when I send an e-mail from Provider B to a mail-tester.com address, using their domain (not mine), it scores 9/10. The only point subtracted is for no dkim record or dmarc record. However, it still reports that it is "lovely" and has an ultra-low spam score. Sending form Provider A, using their domain, scores 9/10 as well, for the same reasons. So using their domains I am scoring well, but there is no dkim, even with their default domain. Now, when I use my own domain with both providers and send an email to mail-tester.com, they both score the exact same 9/10. So these results would indicate that both providers score highly on the anti-spam meter, even without dkim, with or without a custom domain. Should I be concerned about using them if they do not have dkim? |
26 Dec 2016, 12:18 AM | #4 |
Junior Member
Join Date: Dec 2016
Posts: 10
|
Incidentally, I have set a dmarc record for my domain at my dns provider to "v=DMARC1; p=none", and it shows up when searched at demarcian.com. Will this help?
When I search on a well established domain (mailfence.com), it returns the same dmarc record (v=DMARC1; p=none). When I search on both Provider A and B, they return no dmarc record. |
26 Dec 2016, 11:49 AM | #5 |
Essential Contributor
Join Date: May 2012
Posts: 459
|
I'd go with Provider A setup.
|
27 Dec 2016, 09:55 AM | #6 |
Intergalactic Postmaster
Join Date: May 2004
Location: Irving, Texas
Posts: 8,930
|
I discussed DMARC mainly for future use at your domain. Fastmail currently doesn't publish a DMARC policy because they have users who have been using email clients with non-Fastmail SMTP servers at their ISP's for over a decade. So they are going slow with implementation of DMARC for their domain, which affects outgoing mail.
I would recommend only using an email provider who provides DKIM signing on outgoing messages from your domain, since DKIM testing has become a very popular method of determining the authenticity of a message. Personally, I would recommend that you use Fastmail for your domain. I'm biased, since I have been a Fastmail customer for a dozen years with my personal domain. But I have never contemplated leaving Fastmail for several reasons:
|