UPDATE: Though it may not be as obvious as some would hope, Sender ID is still
moving forward, and a revamped version should be finalized in the coming
months, according to Andrew Newton, co-chair of the MARID working group.
The confusion over Sender ID’s fate began when Newton sent a missive
to the group’s e-mail discussion list last weekend. He said the e-mail was a
status report of the general consensus within the MARID group — which
stands for MTA
to identify the steps that should be taken to get Sender ID adopted. Another
point he raised concerned the continued division within the working group
over Microsoft’s unspecified patent claims on Sender ID.
Using Sender ID requires signing a licensing agreement. Though royalty-free,
the license includes clauses on sub-licensing and transferability, which
critics say violates the open source community’s GPL
Debian Project and the Apache Software Foundation (ASF) have already
publicly stated they will not support an Internet standard that imposes such
a licensing agreement.
Newton said the Sender ID draft authors went to work on retooling four
specification proposals to allow a second authentication scheme last week.
And on Thursday, MARID members submitted updated Protocol and Mailfrom
drafts — sub-components of the overall Sender ID specification — to the
IETF for comment and consensus by the entire working group.
When it comes time to approve the overall specification, it has to go through a multi-step process. After the MARID group blesses Sender ID, it moves up the chain of approval to the IETF and the IESG for another round of review. The IESG will issue a last call for comments to the IETF; after this last call, the IESG will make a final determination over whether to make Sender ID an Internet Proposed Standard, the first level of standards maturity for an RFC
As it stands now, Sender ID only verifies the validity of an e-mail using
an RFC 2822 check, which checks an e-mail’s header information. The
alternative check, commonly
called a “mailfrom” check that is based on RFC 2821, has the strongest
support within the MARID working group as a shoe-in for Microsoft’s
Newton and another co-chair, Marshall Rose, have a balancing act to maintain
in order to get an e-mail authentication standard out the IETF doors.
They have to satisfy e-mail users around the world increasingly fed up with
the amount of spam in their inboxes, companies that want an effective
anti-spam solution for their networks, and the software vendors that want to
solution out the door. And they also have to shepherd the work done
within the MARID group to devise a standard that will meet the technical
requirements for universal adoption.
The only thing different now is that it’s just going to take a little longer
than expected to complete.
(Update corrects the approval process at the IETF.)