MARID Floats Sender ID Compromise

The working group charged with finding an acceptable method for
authenticating e-mails to reduce spam now has a proposal to consider before
Sender ID adoption grinds to a halt.

The proposal, posted Wednesday by Andrew Newton, co-chair of the MTA Authorization Records in DNS (MARID)
working group, is an alternative to the current Microsoft-sponsored Sender ID specification and is a compromise
measure to salvage the spec before it dies.


The proposal, which contains seemingly insurmountable
differences between the open source community and Microsoft , comes just two days before MARID’s self-imposed last call.
At that time, the Sender ID issue will move forward to the next step in the Internet
Engineering Task Force (IETF) standards process. Newton doesn’t believe the proposal will delay the Friday deadline.

“It is the opinion of the co-chairs at this time that the MARID working
group has no consensus regarding the deployment of Sender ID,” Newton’s
e-mail states. “This lack of consensus centers around the [Intellectual
Property Rights (IPR)] associated with the [Purported Responsible Address
(PRA)] algorithm.”

As such, Newton and fellow co-chair Marshall Rose have suggested the
separation of Microsoft’s PRA technology — which verifies the Internet
address of the originating e-mail address and is the source of the patent
contention — from the core Sender ID specification.

That way, those who already accept Sender ID as it stands today will be able
to continue using PRA, while those opposed to the technology can incorporate
other extensions to verify a sender’s address.

For weeks, the open source community has become increasingly vocal in its criticism of the patent
claims surrounding Sender ID, the merger
of Microsoft’s Caller ID for E-Mail and the Sender Policy Framework (SPF).

Microsoft has pending patents on the use of the PRA algorithm — used in the Caller ID for E-Mail
specification — operating in conjunction with the core Sender ID specification. However, Redmond
officials have been noticeably stubborn about publicizing what exactly the company is trying to patent.
They are also asking Sender ID users to sign a license agreement, which many say violates the GPL
and other open source licenses.

Although Microsoft lawyers tweaked their license agreement
in response to the
criticism, the changes weren’t enough to prevent the Apache Software
Foundation (ASF) and Debian Project, two major open source communities, from
saying they will not implement Sender ID if Microsoft’s
current license agreement isn’t modified or removed from Sender ID entirely.

Open source endorsement is essential for widespread, worldwide adoption of
Sender ID. Although major e-mail service providers like Microsoft and AOL
say they will be incorporating Sender ID as it stands, and
many software vendors are already moving forward
with implementations of their own. The
vast majority of administrators around the world use open source Message
Transfer Agents like
Sendmail, QMail, Postfix or Exim.

Yakov Shafranovich, a former co-chair of the Anti-Spam Research Group (ASRG)
and one of the more vocal critics of Microsoft’s patent claims, was
initially receptive to Newton’s proposal, which puts the decision of which
extension to use in the hands of network administrators.

“A proposal that allows Sender ID to be used with multiple identities would
sidestep that problem by letting end users pick if they want to use PRA and
handle the IPR issues themselves,” he said in an e-mail interview. “Others
are free to choose ‘mailfrom’ or any other extensions that will probably be
developed. This way the IETF will sidestep IPR issues and can approve the
standard.”

Microsoft officials could not be reached for comment at press time.

News Around the Web