-1

Suppose that I have e-mail service on my domain, say example.com, with a Sender Policy Framework (SPF) Domain Name System (DNS) record ("TXT" type) for authenticating sending Mail Transfer Agents (MTAs). Also, suppose that I have either DomainKeys or DomainKeys Identified Mail (DKIM) enabled with the corresponding TXT record in DNS.

What happens if, at some later time, the SPF record needs to change to indicate other IP addresses that are authorized to send mail? Also, what happens if the DomainKeys or DKIM public key (certificate) needs to change? Will the old e-mails prior to the change, that recipients already have, be invalidated (get flagged as spam or forgeries) after the changes are made?

user553702
  • 121
  • 1
  • 5

1 Answers1

5

Emails are checked when they're received.

A change to SPF/DKIM records will have no effect on already-processed emails.

ceejayoz
  • 32,910
  • 7
  • 82
  • 106
  • Can you provide more details? Are the results always stored in message headers, and Is there a guarantee that an e-mail client won't run or re-run these tests on messages at a later time -- including if you change e-mail clients or delete all local information about the messages? – user553702 Oct 20 '16 at 22:22
  • @user553702 Results don't *have* to be stored at all (the RFC says `Received-SPF` is *recommended*). There's no guarantee a particular client didn't do something stupid, but the RFC [recommends against re-running tests](http://www.openspf.org/svn/project/specs/rfc4408.html#op-result) - "Performing the authorization after the SMTP transaction has finished may cause problems, such as the following: (1) It may be difficult to accurately extract the required information from potentially deceptive headers; (2) legitimate E-Mail may fail because the sender's policy may have since changed." – ceejayoz Oct 21 '16 at 00:43
  • 1
    Side note: this is the third hypothetical question you've asked in the last few days. Are you solving actual issues, or just randomly trying to poke holes in RFCs? – ceejayoz Oct 21 '16 at 00:45