Exposed Sender ID Patents Up Debate

Now that Microsoft’s two patent efforts
regarding e-mail authentication are publicly available, anti-spam advocates are raising even more questions about how the patents might impact an industry-wide anti-spam protocol effort called Sender ID.

John Levine, chairman of the Anti-Spam Research Group (ASRG), a parallel group of the Internet Engineering Task Force, said one of the patent applications is so broad in scope that it would cover most of the anti-spam technology in use today.

“It basically says [if] you get a message, if you look up the sending
domain’s policy and you do something with it [then it’s covered in the
patent] and that’s really broad,” he said.

The latest development comes months since an industry-wide effort to devise an anti-spam e-mail protocol that combines two technologies.

Sender ID, a combination of Microsoft’s Caller ID for E-Mail and Meng Weng Wong’s Sender Policy Framework (SPF), is currently under review by the Internet Engineering Task Force (IETF) as a proposed Internet standard for e-mail authentication.

But pending patents on Microsoft’s technology have exposed divisions in the e-mail industry, mainly between business
and open source community concerns, given the licensing provisions that would apply with Sender ID related patents, should they come to pass.

Since then, Microsoft has had to downplay concerns about the extent of its Sender ID related patents.

For the most part, the company said the patents apply to the combined used of Sender ID with its own Caller ID for E-Mail technology, Purported Responsible Address (PRA).

The two patents in the application stage are numbered 20040181571and 20040181585. They were posted on the U.S. Patent & Trademark Office Web site database on Sept. 16th.

One patent is titled, “Reducing unwanted and unsolicited electronic
messages by preventing connection hijacking and domain spoofing.” It makes 45 claims on e-mail technology, many of them about combating IP spoofing technology and Caller ID for E-Mail technology, said Levine.

The second patent, called “Reducing unwanted and unsolicited electronic messages by exchanging electronic message transmission policies and solving and verifying solutions to computational puzzles,” is the more concerning to Levine. In his view, the 49 claims in the application cover the gamut of technology around e-mail authentication as well as many permutations. For example, the abstract encapsulates Microsoft’s technology invention claims:

“The present invention provides for generating inputs that can be
provided to a message classification module to facilitate more reliable
classification of electronic messages, such as, for example, as unwanted and/or unsolicited. In one embodiment, a sending messaging server provides an appropriate response to address verification data thereby indicating a reduced likelihood of the sending messaging server using a forged network address.

In another embodiment, it is determined if a messaging server is authorized to send electronic messages for a domain. In yet another embodiment, electronic message transmission policies adhered to by a domain are identified. In yet a further embodiment, a sending computer system expends computational resources to solve a computational puzzle and includes an answer document in an electronic message. A receiving computer system receives the electronic message and verifies the answer document.”

A former co-chair of the ASRG, Yakov Shafranovich, questioned whether the patents actually reflected Microsoft inventions. In an e-mail to Shafranovich claimed that Microsoft had been tracking the progress of e-mail authentication schemes as far back as March 2003 on the Internet Research Task Force (IRTF) e-mail discussion lists, five months before filing for the two patents on Oct. 10, 2003.

“It was very clear to me as a former co-chair of ASRG that Microsoft simply took a developing standard in the IRTF, added a patent to it and brought it back to the IETF,” he said in the e-mail.

He contended that Microsoft’s patents are based on ideas brought forward by the IRTF and that they applications could be invalidated on the grounds that prior art on the invention exists prior to the patent application.

But determining whether Microsoft has claim to an original and
non-obvious idea can be pretty tricky, said Anne Mitchell, president and CEO of the Institute for Spam and Internet Public Policy.

“The thing is, when you’re actually involved in the patent process — be it in the application or whether you are going to litigate it — what is important in terms of prior art to the patent may not be at all what lay people see as prior art,” she said. “You could think, ‘Microsoft might have this in their patent application but they could never actually get the patent because it will never be approved because of prior art,’ and that’s just not right.

“Just because the prior art may be out there, number one – the patent
examiner is not going to know about that prior art if Microsoft hasn’t
disclosed it and if no one brings it to their attention,” she continued.

“And two, even if it’s the kind of prior art that would preclude that patent being approved the only way to get to that is to bring a lawsuit, which is incredibly expensive and I don’t think anyone out there who ought to think they can take Microsoft on post-approval and win a patent battle.”

Microsoft would not comment on specifics of the patent application but a spokesperson sent an e-mail stating:

“The SPF technical alternative is just now becoming a real focus for the IETF. It is premature for the standards participants to disclose any IP they may own related to SPF. If SPF continues to work its way through the process, there will likely be a point where Microsoft and others will [be] asked to identify any essential IP claims and Microsoft will follow the IETF guidelines for disclosure at that time.”

News Around the Web