In <41931EE8(_dot_)2060103(_at_)ols(_dot_)es> David <david(_at_)ols(_dot_)es>
writes:
Hi !!
You are right, i desagrre. [...]
One of the problems with SES is key distribution, and that is an
ongoing cost.
you could use ses to sign the mailfrom without any need to
distribute keys, in fact, i cannot see anywhere on ses specs that
keys have to be available to others than the one who has signed
the mailfrom.
Uh, that's the point. Keys have to be available to the one who has signed
the mailfrom, but not others. You have to make sure that everyone who
needs to use SES has a key, including the examples I gave.
Similarly, if exmaple.com allows certain people to work from home,
those people either are forced to go through example.com's MTAs, or
somehow there needs to be a key (and SES software) given to the
employee. With SPF+SRS, they can simply list that home user in their
record.
this is also possible with ses, there are no keys and policy is
published at spf records or inside the ses signature, so you have
the same flexibility.
No you don't. You have to distribute keys to IP address authorized by
your SPF record, where as with SPF you just have to authorize IP
addresses.
So, I happen to agree with Meng. I think the total work needed to do
SPF+SRS is less than SPF+SES.
that's mainly because you don't really know how ses works. I really
see a big difference about the work need between both systems.
Ok, I've read the SES specs. I though I knew how it worked. Nothing
you have said indicates that I don't.
In
<Pine(_dot_)LNX(_dot_)4(_dot_)60(_dot_)0411111304490(_dot_)5740(_at_)hermes-1(_dot_)csi(_dot_)cam(_dot_)ac(_dot_)uk>
Tony Finch <dot(_at_)dotat(_dot_)at> writes:
On Wed, 10 Nov 2004, wayne wrote:
So, if exmaple.com outsources some of its email to
online-billing-outsourcer.com, they have to get a valid an SES key to
them.
No. It would be better for the ESP to use their own key with either their
own domain or a special subdomain of example.com.
I didn't say that there could only be one SES key, just that the ESP
had to have *a* valid key. There still has to be communication between
the ESP and the MTA that deals with the bounces/callbacks/DNS
validation.
Yes, the things you suggest can make the key distribution problem
easier, but they also require changes.
Similarly, if exmaple.com allows certain people to work from home,
those people either are forced to go through example.com's MTAs, or
somehow there needs to be a key (and SES software) given to the
employee. With SPF+SRS, they can simply list that home user in their
record.
SMTP AUTH is easy to set up and generally preferable to relying on a
Yes, SMTP AUTH has advantages for both SPF and SES and I encourage the
use. That doesn't mean that everyone will use it though. If they
don't, then SES becomes much harder because of the key distribution problem.
-wayne