spf-discuss
[Top] [All Lists]

Re: making the policy decision: leveraging HTTPS

2004-06-20 11:39:13
--On Sonntag, Juni 20, 2004 19:58:16 +0200 list+spf-discuss(_at_)doeblitz(_dot_)net wrote:
[...]
Unfortunately certificates are still quite expensive (at least here in
Germany) and thus make hardly sense for individuals who want/need to get
some kind of accreditation for their personal domain. Even for a business
getting a certificate for every domain used in email *and* running a
webserver with that certificate (implying an ip address used for only
this purpose as certificate validation would fail otherwise) will
increase the operational cost of a domain by an order of magnitude.

Addendum2:

If we are considering the use of SSL certifcates, why bother with SPF at all? If I have a certificate for domain example.com, I can use TLS to verify this in the MTA-MTA communication and limit accepted MAIL FROM accordingly.

Ralf Döblitz