SES

Meng wrote:

if people want to avoid the mandatory callback, they can use
a public-key scheme rather than a single signing secret.


If we define "callback" as "upon receiving an email, contact the sender and
retrieve some information from it", then even with public keys a "callback"
is mandatory, namely to get the public key.

Of course you could cache the public keys. But then you would have to add a
cache management (with TTL and so on) to your MTA. And this would require
several megabytes of memory.

then a receiver could download the SES pubkey and verify
localparts without the callback.


Doesn't this use quite some CPU resources which the receiver has to pay?
Better would be if the sender (spammer) had to do the heavy calculations.

Roger

<Prev in Thread]	Current Thread	[Next in Thread>
SES (was moving on from MARID), Seth Goodman RE: SES (was moving on from MARID), John Glube RE: SES (was moving on from MARID), Stuart D. Gathman RE: SES (was moving on from MARID), Tony Finch Re: SES (was moving on from MARID), Meng Weng Wong Re: SES, wayne Re: SES, James Couzens Re: SES, william(at)elan.net Re: SES, James Couzens Re: SES, Meng Weng Wong SES, Roger Moser <= Re: SES, James Couzens Re: SES, Theo Schlossnagle RE: SES, Seth Goodman Re: SES, George Schlossnagle Re: SES, David Brodbeck RE: SES, Seth Goodman Re: SES, Joe Rhett Re: SES, Hector Santos Re: SES, Tony Finch SES (was moving on from MARID), Roger Moser