I wonder who's going to be the first to announce a SMTP proxy for this?
More seriously:
While I can kind of understand that Amazon has their API and probably wants this to work similarly, but there is already a wide-spread protocol for sending out email (SMTP) and I just can't understand why they can't provide an endpoint for that.
Many applications which I really see making use of this already have built-in SMTP support (and are using that today), so why force developers to work with another, completely different API to send email over Amazon?
Their solution involves hooking a perl script into mail delivery for sendmail and postfix.
Now, I have nothing against that method in general, but if you need to send so many emails that it's useful to use the Amazon service, then forking, starting up perl and then running that script for every email you are sending might not be a viable option performance-wise.
On the other hand: If you are using amazon's service for sending mail, then with some likelyhood you are also running EC2 where wasting a couple of CPU cycles is beneficial for Amazon :-)
If they use SMTP, they run the risk of a compromised server sending spam through them. With the API, it makes it a bit more difficult for a compromised machine to start spamming, unless it already has API keys for this service.
Nothing prevents them from requiring SMTP-Auth for authentication to make sure that the sending is coupled to a specific account.
If we are talking compromised machines, then the key would be compromised as well at which point a spammer can use that key to send spam regardless of protocol.
I'm not saying to use smtp auth with your amazon username and password, but with some token derived from the API key, but just SMTP.
Except they already have auth setup for all their other webservices. Why not make email yet another service and the auth infrastructure is already there.
Unless the compromised server already has sendmail or postfix configured to use Amazon's perl script as a transport (according to the directions in Amazon's own help files). In that case, the attacker doesn't have to even bother looking around for the API keys --- everything's already set up.
More seriously:
While I can kind of understand that Amazon has their API and probably wants this to work similarly, but there is already a wide-spread protocol for sending out email (SMTP) and I just can't understand why they can't provide an endpoint for that.
Many applications which I really see making use of this already have built-in SMTP support (and are using that today), so why force developers to work with another, completely different API to send email over Amazon?