If BATV uses a public scheme, presumably there is at least a DNS
query per message, to get the key.
Although this query would not go directly back to the 'caller'
and, therefore, is not strictly a call-back scheme, it does
impose a per-message, receive-time, cross-net exchange.
The public schemes I've seen proposed use per-domain keys, not per
mailbox keys. If a random Russion site gets a 10,000 spams with
forged abuse.net addresses, which they do all the time, I'd much
rather they do one lookup for a per-domain key and cache it than
10,000 lookups for 10,000 fake return addresses.
In terms of transaction costs, how would this differ from what
SES is proposing?
Per domain rather than per mailbox or per-message. I think that's
significant. It's also DNS which is known to perform adequately for
per-domain data, rather than some yet-to-be invented per-mailbox
protocol which, according to recent messages, is simultaneously UDP to
be very lightweight, and TCP to be more reliable.
R's,
John
PS: If bad guys put fake DK signatures on their spam with random
fake selectors, we're back to a per-message DDOS. Hmmn.