Hi
> Maybe, if the ISP lets them use their own domain name. But it's not clear
to me that that route will work with SSL authentication -- won't mail from
foo@??? have to match a bar.com SSL certificate? (And if not, what
exactly are you authenticating?)
No, you could use the hostname of the MX for the ssl cert. So the MX for
company.tld would be mx.mailprovider.tld. A provider would need ONE
certificate for all domains hosted on his site.
> That's what I object to. You're giving a small number of big companies
the power to control who can and cannot send email.
No.
Right today, you could say that only ONE company can decide who gets a
domain name.
In Germany this would be DeNIC (
www.denic.de), the german root registrar.
However they could have a cert and sign their members, which in term sign
their members....
If it's working for domains, why shouldn't it work for certificates.
Regards,
Steffen