> -----Original Message-----
> From: Dean Brooks [mailto:dean@iglou.com]
> In my opinion, all this time invested in SPF is foolish, as eventually
> some sort of public key system (with authorizing cert registrars) is
> going to be necessary. Any fool can buy a domain and add an
> SPF record,
> but it's another thing altogether to require them to purchase an SSL
> cert for the purpose of handling server-to-server email
> communications.
Sorry, I don't see requiring someone to pay $350 per year for an SSL
certificate just so they can send email as being a viable model. Especially
since we've seen that having a valid cert isn't exactly proof that you're
legitimate.
(For example:
http://www.verisign.com/developer/notice/authenticode/)