RealTime IT News

Microsoft Tweaks Sender ID License For Open Source

Microsoft is giving administrators a peek at its new Sender ID license agreement, which is an update to the company's Caller ID for E-Mail technology proposed in February.

Whether the terms are open enough for the open source community to climb on board in support remains unclear.

The license is an update to an e-mail authentication specification designed to reduce the number of spoofed e-mails used by many spammers today.

Currently, the technology is under discussion at the MTA Authorization Records in DNS (MARID) working group of the Internet Engineering Task Force (IETF) as a possible Internet standard. According to the group's charter, the specification is scheduled to be submitted as a proposed standard by the end of the month.

In June, parts of the Caller ID for E-Mail technology were merged with parts of the Sender Policy Framework (SPF) technology created by Meng Weng Wong, creating Sender ID.

But the combination created some new problems along the way. SPF is popular with open source MTA's like Sendmail, Postfix, Qmail and Exim, which license the software under various open source licenses. Caller ID for E-Mail, however, comes with a license that's royalty-free but contains clauses that have raised questions since the the two technologies merged.

Harry Katz, program manager for Microsoft Exchange, recently posted the new license agreement to the MARID's ietf-mxcomp discussion list. "Over the last few weeks we have had discussions with a number of parties about our published Royalty Free Caller ID Patent License," the post stated. "As a result of those discussions and the merging of elements of SPF and Caller ID to form Sender ID, we have made a number of updates to the patent license."

Also included was a FAQ sheet to elaborate on the terms of the new license agreement, which includes some small, though important, revisions meant to appease the open source community.

For example, section 2.5 of the original Caller ID for E-Mail agreement stated that if a software developer downloaded and signed the license, developed an application using the technology and then bundled or distributed it with yet another application by a third vendor, that vendor would have to get the licensee's authorization and sign the Caller ID for E-Mail license agreement before moving forward.

Such wording didn't go over well with open source groups, who view open sourced code as freely exchangeable and able to be modified. The Sender ID agreement removed the clause and elaborated further in another part of the license agreement regarding end users:

"For clarification, this Agreement does not impose any obligation on You to require the recipients of Your source code implementations of such Licensed Implementations to accept this or any other Agreement with Microsoft. Your End Users may use the Licensed Implementations licensed in this section 2.2 [source code distribution] or in section 2.1 [patent license] that they receive directly or indirectly from You without executing this Agreement. This Agreement will be available to all parties without prejudice."

However, sticking points still remain. One is the new license's retention of the "nontransferable" and "non-sublicenseable" terms in the source code distribution section; another is that Microsoft requires the license to be sent by physical mail or fax.

This could prevent Sender ID's usage for anyone under the General Public License (GPL), the most common open source license. A FAQ sheet that accompanied the new license agreement addresses some of the open source concerns, stating Microsoft officials "believe" there is nothing preventing open source users from adopting Sender ID. The FAQ states there is no "specific incompatibilities" in the licenses used by Sendmail, Postfix or QMail. Not mentioned in the statement was Exim, which is licensed under the GPL.

It's important for MARID to get widespread adoption of the Sender ID proposal, as the technology's success will depend in large part on the majority of e-mail servers running the technology. The more vocal members of the discussion list said that as it stands, the license's terms might prevent them from adopting the technology and force them to follow a different authentication specification.

Microsoft officials were not available for comment at press time about the new licensing terms. The company said it won't publicly post the new agreement on its Web site until mid-September.

In addition, Microsoft is said to have patent claims on the Sender ID technology. According to the IETF, the company has patents pending at the U.S. Patent & Trademark Office (USPTO). At this month's Internet Engineering Task Force (IETF) MARID meeting, the group set a deadline of Aug. 23rd for Microsoft to elaborate on its pending patent claims.

Katz has filed an updated Intellectual Property Rights (IPR) notice to the discussion list, stating it was filed earlier in the day. Microsoft said the Sender ID and Purported Responsible Address (PRA) in E-Mail Messages specifications used in combination were pending a patent.

Many open source advocates wonder why Microsoft is being so reticent about making its patent claims more clear, and why a patent is necessary for a technology that's tabbed to be a possible IETF RFC .

For now, Microsoft is referring to its FAQ sheet:

"Like most enterprises, small and large, who make significant investment in research and development, Microsoft routinely patents inventions arising from its R&D efforts. The original Caller ID for E-Mail patent applications was filed long before Microsoft made a decision to contribute its Caller ID specification to the IETF." Patent applications have a very long processing time and it still may be several years before we know whether any claims will be granted or the coverage of any such claims."

Katz, in his e-mail posts, asked that all queries be sent to the company's legal department.

Mark Langston, a senior Unix systems administrator for the SETI Institute, said in a post to the ietf-mxcomp discussion list that the fundamental issue here is adoption.

[The] "people who are likely to adopt or dismiss this particular implementation are trying to say that they're leaning towards dismissing it due to the IPR claims and licensing requirements," he wrote.

"I write software. I'm sufficiently confused and concerned about the licensing terms and encumbrance of the Microsoft claims that I cannot be comfortable implementing Sender-ID. And I should not need to consult a lawyer just to understand my liabilities should I do so."