On Mon, 4 Oct 2004 terry(_at_)ashtonwoodshomes(_dot_)com wrote:
Has anyone done a grid or concise analysis of SES vs SRS? I have seen god
arguments pro and con of both, and I wonder if someone has put anything
together?
They do different things.
The only overlap is that both can be used to reject forged bounces.
SRS is designed for forwarding such that the forwarder will pass SPF
for receivers who can't whitelist the forwarder for some reason.
SES is designed for end-to-end authentication via a callback (via
DNS [SPF exists], SMTP CBV [slow], or special UDP protocol).
Many servers will do both. SES for outgoing mail and SRS for forwarded
mail to domains that don't know how to whitelist their forwarders.
When forwarding SES signed mail, I am checking whether the sender
has an SPF record that involves exists with the %{l} macro (or
an ses= modifier in the future). If so, I assume that it will pass SPF
regardless of IP and don't apply SRS. Otherwise, it will have to be wrapped
with SRS for destinations that need it.
--
Stuart D. Gathman <stuart(_at_)bmsi(_dot_)com>
Business Management Systems Inc. Phone: 703 591-0911 Fax: 703 591-6154
"Confutatis maledictis, flamis acribus addictis" - background song for
a Microsoft sponsored "Where do you want to go from here?" commercial.