Address Authentication management can be done either at the Recipient SMTP Server or the Recipient Mail Client.

If the Recipient SMTP Server does not have the capabilities or it is not set to manage the Address Authentication, the Recipient Mail Client can do all the Address Authentication management.

If the *X-Auth-Key* in the message header is set with a Key Value, the Recipient Mail Client will manage the Address Authentication.

The Mail Client checks the sender email address domain DNS for the TXT field for the AS (Authentication Server) value which provides the Authentication Server and the Port Number.

It sends a VERIFY Command and waits for reply. It includes a sequence number in the VERIFY Command that is generated by the SMTP Server. The Authentication Server reply VERIFY_REPLY with the same sequence number and the email address. The reply is either VALIDKEY or INVALIDKEY.

Much like the Recipient SMTP Server processing, the Recipient Mail Client handles the Authentication Key. It caches the Valid Key in the mail client, it verifies the message and it handles messages with an INVALIDKEY according to end user preference settings.

If the Key is valid, the mail should be delivered.

The possible scenarios for an Invalid Key are as follows:

1. Accept the messages and do no mark it as Spam.
2. Accept the message and mark it as Spam or deliver to Spam Folder.
3. Reject the message without notification to recipient or sender.
4. Reject the message without notification to recipient but with notification to sender.
5. Reject the message with notification to recipient and no notification to sender.
6. Reject the message with notification to recipient and sender.