RealTime IT News

Sender ID Still Making Tracks

UPDATE: Though it may not be as obvious as some would hope, Sender ID is still moving forward, and a revamped version should be finalized in the coming months, according to Andrew Newton, co-chair of the MARID working group.

The confusion over Sender ID's fate began when Newton sent a missive to the group's e-mail discussion list last weekend. He said the e-mail was a status report of the general consensus within the MARID group -- which stands for MTA Authentication in DNS . The goal was to identify the steps that should be taken to get Sender ID adopted. Another point he raised concerned the continued division within the working group over Microsoft's unspecified patent claims on Sender ID.

Using Sender ID requires signing a licensing agreement. Though royalty-free, the license includes clauses on sub-licensing and transferability, which critics say violates the open source community's GPL . The Debian Project and the Apache Software Foundation (ASF) have already publicly stated they will not support an Internet standard that imposes such a licensing agreement.

Newton said the Sender ID draft authors went to work on retooling four specification proposals to allow a second authentication scheme last week. And on Thursday, MARID members submitted updated Protocol and Mailfrom drafts -- sub-components of the overall Sender ID specification -- to the IETF for comment and consensus by the entire working group.

When it comes time to approve the overall specification, it has to go through a multi-step process. After the MARID group blesses Sender ID, it moves up the chain of approval to the IETF and the IESG for another round of review. The IESG will issue a last call for comments to the IETF; after this last call, the IESG will make a final determination over whether to make Sender ID an Internet Proposed Standard, the first level of standards maturity for an RFC .

As it stands now, Sender ID only verifies the validity of an e-mail using an RFC 2822 check, which checks an e-mail's header information. The alternative check, commonly called a "mailfrom" check that is based on RFC 2821, has the strongest support within the MARID working group as a shoe-in for Microsoft's technology.

Newton and another co-chair, Marshall Rose, have a balancing act to maintain in order to get an e-mail authentication standard out the IETF doors.

They have to satisfy e-mail users around the world increasingly fed up with the amount of spam in their inboxes, companies that want an effective anti-spam solution for their networks, and the software vendors that want to push a solution out the door. And they also have to shepherd the work done within the MARID group to devise a standard that will meet the technical requirements for universal adoption.

The only thing different now is that it's just going to take a little longer than expected to complete.

(Update corrects the approval process at the IETF.)