Author: Dean Brooks Date: To: David Brodbeck CC: Subject: Re: [exim] support for domainkeys
On Thu, Sep 23, 2004 at 10:59:22AM -0400, David Brodbeck wrote:
> > In my opinion, all this time invested in SPF is foolish, as eventually
> > some sort of public key system (with authorizing cert registrars) is
> > going to be necessary. Any fool can buy a domain and add an
> > SPF record,
> > but it's another thing altogether to require them to purchase an SSL
> > cert for the purpose of handling server-to-server email
> > communications.
>
> Sorry, I don't see requiring someone to pay $350 per year for an SSL
> certificate just so they can send email as being a viable model. Especially
> since we've seen that having a valid cert isn't exactly proof that you're
> legitimate.
Nobody has to buy a SSL cert if they dont want to. They simply use their
ISP's mail server, which is almost assuredly a better choice anyway
for most smaller organizations. If an organization, for whatever reason,
wants to run their own mail server, then they simply make a cost/benefit
decision to see whether it's worth the price to take on the responsibility
of connecting to the public mail infrastructure.
It's natural for people to object to fee-based certification or having
registration authorities, but this problem has to be solved and people
need to realize that in the "real world", it will be the ONLY effective
way to eventually solve this problem.
Nobody would be forced to buy a cert for their mail server, but if they
want to communicate with the participating ISPs, they would have to
pay to play.