In <41939C4A(_dot_)7090104(_at_)ols(_dot_)es> David <david(_at_)ols(_dot_)es>
writes:
you could use ses to sign the mailfrom without any need to
distribute keys, in fact, i cannot see anywhere on ses specs that
keys have to be available to others than the one who has signed
the mailfrom.
Uh, that's the point. Keys have to be available to the one who has
signed
the mailfrom, but not others. You have to make sure that everyone who
needs to use SES has a key, including the examples I gave.
well, mailfrom is signed at the mta, not at the mua.
Then SES has roaming user problems that SPF doesn't have.
Ok, I've read the SES specs. I though I knew how it worked. Nothing
you have said indicates that I don't.
I hope now you can see that is possible to run ses without having to
distribute keys.
Sure. It is also *possible* to run an email system without using any
network at all by requiring everyone to use the same computer.
This, however, means that there are costs associated with SPF+SES that are
not associated with SPF+SRS. I still believe that the total cost for
all domains on the Internet of SPF+SRS is less than SPF+SES. I
believe that the cost of SPF+SRS+SES is less than either by using each
tool where appropriate.
-wayne