Microsoft Tweaks Sender ID License For Open Source

Microsoft is giving administrators a peek at its new Sender ID license agreement, which is an update to the company’s Caller ID
for E-Mail
technology proposed in February.

Whether the terms are open enough for the open source community to climb on board in support remains unclear.

The license is an update to an e-mail authentication specification designed to reduce the number of spoofed e-mails used by many spammers today.

Currently, the technology is under discussion at the MTA Authorization Records in DNS (MARID) working group of the Internet Engineering Task Force (IETF) as a possible Internet standard. According to the group’s charter, the specification is scheduled to be submitted as a proposed standard by the end of the month.

In June, parts of the Caller ID for E-Mail technology were merged with parts of the Sender Policy Framework (SPF) technology created by Meng Weng Wong, creating Sender ID.

But the combination created some new problems along the way. SPF is popular with open source MTA’s like Sendmail, Postfix, Qmail and Exim, which license the software under various open source licenses. Caller ID for E-Mail, however, comes with a license that’s royalty-free but contains clauses that have raised questions since the the two technologies merged.

Harry Katz, program manager for Microsoft Exchange, recently posted the new license
agreement to the MARID’s ietf-mxcomp discussion list. “Over the last few weeks we have had discussions with a number of parties about our published Royalty Free Caller ID Patent License,” the post stated. “As
a result of those discussions and the merging of elements of SPF and Caller
ID to form Sender ID, we have made a number of updates to the patent

Also included was a FAQ sheet to elaborate on the terms of the new license
agreement, which includes some small, though important, revisions meant to
appease the open source community.

For example, section 2.5 of the original Caller ID for E-Mail agreement
stated that if a software developer downloaded and signed the license,
developed an application using the technology and then bundled or
distributed it with yet another application by a third vendor, that vendor
would have to get the licensee’s authorization and sign the Caller ID for
E-Mail license agreement before moving forward.

Such wording didn’t go over well with open source groups, who view open
sourced code as freely exchangeable and able to be modified. The Sender ID
agreement removed the clause and elaborated further in another part of the
license agreement regarding end users:

“For clarification, this Agreement does not impose any obligation on You
to require the recipients of Your source code implementations of such
Licensed Implementations to accept this or any other Agreement with
Microsoft. Your End Users may use the Licensed Implementations licensed in
this section 2.2 [source code distribution] or in section 2.1 [patent
license] that they receive directly or indirectly from You without executing
this Agreement. This Agreement will be available to all parties without

However, sticking points still remain. One is the new license’s retention
of the “nontransferable” and “non-sublicenseable” terms in the source code
distribution section; another is that Microsoft requires the license to be sent by physical mail or fax.

This could prevent Sender ID’s usage for anyone under the
General Public License (GPL), the most common open source license. A FAQ
sheet that accompanied the new license agreement addresses some of the open
source concerns, stating Microsoft officials “believe” there is nothing
preventing open source users from adopting Sender ID. The FAQ states there
is no “specific incompatibilities” in the licenses used by Sendmail, Postfix
or QMail. Not mentioned in the statement was Exim, which is licensed under
the GPL.

It’s important for MARID to get widespread adoption of the Sender ID
proposal, as the technology’s success will depend in large part on the
majority of e-mail servers running the technology. The more vocal members
of the discussion list said that as it stands, the license’s terms might
prevent them from adopting the technology and force them to follow a
different authentication specification.

Microsoft officials were not available for comment at press time about the new licensing terms. The company said it won’t publicly post the new agreement on its Web site until mid-September.

In addition, Microsoft is said to have patent claims on the Sender ID
technology. According to the IETF, the company has patents pending at the U.S. Patent & Trademark Office (USPTO). At this month’s Internet
Engineering Task Force (IETF) MARID meeting, the group set a deadline of Aug. 23rd for Microsoft to elaborate on its pending patent claims.

Katz has filed an updated Intellectual Property Rights (IPR) notice to the discussion list, stating it was filed earlier in the day. Microsoft said the Sender ID and Purported Responsible Address (PRA) in E-Mail Messages specifications used in combination were pending a patent.

Many open source advocates wonder why Microsoft is being so reticent about
making its patent claims more clear, and why a patent is necessary for a
technology that’s tabbed to be a possible IETF RFC .

For now, Microsoft is referring to its FAQ sheet:

“Like most enterprises, small and large, who make significant investment
in research and development, Microsoft routinely patents inventions arising
from its R&D efforts. The original Caller ID for E-Mail patent applications
was filed long before Microsoft made a decision to contribute its Caller ID
specification to the IETF.” Patent applications have a very long processing
time and it still may be several years before we know whether any claims
will be granted or the coverage of any such claims.”

Katz, in his e-mail posts, asked that all queries be sent to the company’s
legal department.

Mark Langston, a senior Unix systems administrator for
the SETI Institute, said in a post to the ietf-mxcomp discussion list that the fundamental issue here is adoption.

[The] “people who are likely to adopt or dismiss this particular implementation are trying to say that they’re leaning towards dismissing it due to the IPR claims and licensing requirements,” he wrote.

“I write software. I’m sufficiently confused and concerned about the licensing terms and encumbrance of the Microsoft claims that I cannot be comfortable implementing Sender-ID. And I should not need to consult a lawyer just to understand my liabilities should I do so.”

News Around the Web