RealTime IT News

IETF Shutters E-Mail Working Group

UPDATE: With Sender ID going nowhere fast, Internet Engineering Task Force (IETF) officials Wednesday shut down the working group charged with finding a standard for e-mail authentication.

The group's mailing list will remain active, officials said, even though the working group's Web site has been shuttered.

The engineers, software vendors and computer scientists that comprised the MTA Authentication in DNS (MARID) were gridlocked on the issue of Sender ID, a technology sponsored by Microsoft and the subject of considerable debate.

"Rather than spin in place, the working group chairs and area advisor believe that the best way forward is experimentation with multiple proposals and a subsequent review of deployment experience," Ted Hardie, an area advisor of the IETF's Internet Engineering Steering Group (IESG) stated in his e-mail post to the working group.

Microsoft officials were unavailable for comment on the decision.

The open source community didn't like the license agreement requirements surrounding the use of Sender ID, while some had objections to the technology for purely technical reasons, mainly concerning Microsoft's use of RFC 2822 verification for e-mail authentication.

Still others were concerned about Microsoft's patents on the technology, which were disclosed only last week and which potentially cover substantial technology related to e-mail authentication.

Then AOL, once Microsoft's biggest Sender ID supporter, last week announced it was withdrawing its support in order to continue work on its own Sender Policy Framework (SPF) version 1 deployment.

"The group has had no lack of energy," Hardie stated. "From the outset, however, the working group participants have had fundamental disagreements on the nature of the record to be provided and the mechanism by which it would be checked."

Dave Crocker, a principal at consulting outfit Brandenburg InternetWorking and principal author of the e-mail authentication specification Client SMTP Authentication (CSV), said with the working group closed down, no one knows which technology will come out on top but that it's no surprise there were so many fundamental differences in agreeing to an authentication standard. Spam is not a technology problem, a break in the e-mail system that allows these e-mails to come through, Crocker said, but a social problem where the Internet community can't come up with one universal view of what constitutes spam.

"It's tough to get coherent institutional change when you don't have a coherent institutional definition [on spam]," he said. "We have this bizarre situation in which 90 percent of our mail is spam but we can't define it and yet we expect technology to solve it."

John Levine, chairman of the Anti-Spam Research Group (ASRG), said the IETF made a good choice by closing the doors on MARID until working implementations in the wild could be debated. People need look no further than the debate between TCP and OSI , he said. TCP won because it was actually being used, whereas OSI was a "paper proposal."

"Despite occasional comments to the contrary, no one has actually tried out SPF or Sender ID or anything else," Levine continued. "And since the e-mail system is so large, you've really got to try it out to see where it breaks and how hard it is to fix the breaks and how much damage it causes."

Hardie's e-mail draws the same conclusion. He said that while shutting down a working group that hasn't met its goals is never pleasant, and that a little more energy would bring consensus, the working group and area advisors "concluded that such energy would be better spent on gathering deployment experience."

There are several e-mail authentication schemes available for deployment tests. Besides Sender ID, which had garnered the most significant big-name support initially, the MARID working group was considering other options. The most notable included CSV and Domain Name Accreditation (DNA).