IETF Shutters E-Mail Working Group

UPDATE: With Sender ID going nowhere fast, Internet Engineering Task Force (IETF)
officials Wednesday shut down the working group charged with finding a
standard for e-mail authentication.

The group’s mailing list will remain active, officials said, even though the
working group’s Web site has been shuttered.

The engineers, software vendors and computer scientists that comprised the
MTA Authentication in DNS (MARID) were gridlocked on the issue of Sender ID, a technology sponsored by Microsoft and the subject of considerable debate.

“Rather than spin in place, the working group chairs and area advisor
believe that the best way forward is experimentation with multiple proposals
and a subsequent review of deployment experience,” Ted Hardie, an area
advisor of the IETF’s Internet Engineering Steering Group (IESG) stated in
his e-mail post to the working group.

Microsoft officials were unavailable for comment on the decision.

The open source community didn’t like the license agreement requirements
surrounding the use of Sender ID, while some had objections to the
technology for purely technical reasons, mainly concerning Microsoft’s use
of RFC 2822 verification for e-mail authentication.

Still others were concerned about Microsoft’s patents on the technology,
which were disclosed only last week and which potentially cover substantial technology related to e-mail authentication.

Then AOL, once Microsoft’s biggest Sender ID supporter, last week announced
it was withdrawing
its support in order to continue work on its own Sender Policy Framework
(SPF) version 1 deployment.

“The group has had no lack of energy,” Hardie stated. “From the outset,
however, the working group participants have had fundamental disagreements
on the nature of the record to be provided and the mechanism by which it
would be checked.”

Dave Crocker, a principal at consulting outfit Brandenburg InternetWorking
and principal author of the e-mail authentication specification Client SMTP
Authentication (CSV), said with the working group closed down,
no one knows which technology will come out on top but that it’s no surprise
there were so many fundamental differences in agreeing to an authentication
standard. Spam is not a technology problem, a break in the e-mail system
that allows these e-mails to come through, Crocker said, but a social
problem where the Internet community can’t come up with one universal view
of what constitutes spam.

“It’s tough to get coherent institutional change when you don’t have a
coherent institutional definition [on spam],” he said. “We have this
bizarre situation in which 90 percent of our mail is spam but we can’t
define it and yet we expect technology to solve it.”

John Levine, chairman of the Anti-Spam Research Group (ASRG), said the IETF
made a good choice by closing the doors on MARID until working
implementations in the wild could be debated. People need look no further
than the debate between TCP and OSI , he said. TCP
won because it was actually being used, whereas OSI was a “paper proposal.”

“Despite occasional comments to the contrary, no one has actually tried out
SPF or Sender ID or anything else,” Levine continued. “And since the e-mail
system is so large, you’ve really got to try it out to see where it breaks
and how hard it is to fix the breaks and how much damage it causes.”

Hardie’s e-mail draws the same conclusion. He said that while shutting down
a working group that hasn’t met its goals is never pleasant, and that a
little more energy would bring consensus, the working group and area
advisors “concluded that such energy would be better spent on gathering
deployment experience.”

There are several e-mail authentication schemes available for deployment
tests. Besides Sender ID, which had garnered the most significant big-name
support initially, the MARID working group was considering other options.
The most notable included CSV and Domain Name Accreditation (DNA).

News Around the Web