September 13, 2004 2:42 PM PDT

Microsoft e-mail proposal dealt setback

Internet engineers working on a standard for identifying the source of e-mail messages voted down a proposal by Microsoft to make some of the company's intellectual property a mandatory part of the solution.

On Saturday, a co-chair of the technical working group responsible for developing a standard for authenticating the origin of e-mail messages summarized the results of a vote by the group members. The group--part of the Internet Engineering Task Force and more formally known as the MTA Authorization Records in DNS, or MARID, working group--decided that Microsoft's insistence on keeping secret a possible patent application on its proposed technology was unacceptable.

"The working group has at least (reached a) rough consensus that the patent claims should not be ignored," Andrew Newton, one of two co-chairs of the working group, wrote in an e-mail to the group's discussion forum. "It is the opinion of the co-chairs that MARID should not undertake work on alternate algorithms reasonably thought to be covered by the patent application."

The ruling comes about three weeks after the two chairs of the working group, Marshall Rose and Andrew Newton, called for a virtual show of hands from engineers over whether they would deploy a hybrid technical specification that used Microsoft's technology. Open-source software groups, including those that manage the development of the Apache Web server and the Debian distribution of Linux, took umbrage with Microsoft's lack of clarity on issues of the company's intellectual property claims on the combined proposal, known as Sender ID.

Newton clarified in a second e-mail that MIcrosoft's proposed solution could be used as part of a standards-compliant tool for thwarting spam, but the group settled on a standard that does not include potential patent risk.

"The objection to (Microsoft's solution) is based on questions of deployment caused by incompatibilities with open-source licenses," Newton stated. "However, there were also a significant number of responses from participants stating that hey had no such deployment issues."

Microsoft spokesman Sean Sundwall said the company would continue to support the IETF process and adopt the final version of Sender ID. The company, however, will use the technique that it developed, know as Purported Responsible Address (PRA), to authenticate the source of e-mail messages.

"Microsoft will continue to publish both types," he said, referring to the Sender Policy Framework (SPF) and PRA records used to check the authenticity of the sender. "But we will only check the PRA."

At the most basic level, Purported Responsible Address (PRA) and Sender Policy Framework (SPF) differ in the address that they check for authenticity. SPF uses the visible e-mail address of the sender, while the PRA technique checks the record against the most recent sender of the e-mail address. In many ways, the difference is between from where the e-mail has come most recently (PRA) and from where the e-mail initially came (SPF).

In August, Microsoft had feted more than 80 e-mail service providers in Redmond, Wash., as part of the E-mail Service Provider Consortium. Between the company's participation in that group and the Anti-Spam Technical Alliance, Microsoft has done a good job of selling major Internet infrastructure companies on the benefits of its proposal.

Sundwall would not say whether the IETF's censure would hinder the company's quest to get its Sender ID proposal accepted as a de facto Internet standard. But he did note that many participants stayed out of the vote on Microsoft's involvement.

"If you look at the number of contributors that (voted), it is very small," he said.

Sender ID would create a system to positively identify whether the source address of an e-mail message is the actual source of the message. The proposal is based on a previous scheme, known as the Sender Policy Framework, or SPF, which had been suggested by Meng Wong, the founder of e-mail service provider Pobox.com. Microsoft later proposed its own way of authenticating the source of e-mail, called Caller ID for E-mail, and a hybrid system was created.

The use of Microsoft's technology in the combined specification would mean the company could specify a license that potential users have to agree to before using the code. Microsoft has instead provided a license that appears to be voluntary, according to the analysis of some users of Sender ID. Microsoft has not provided guidance on the issue.

Industry participants in the IETF say that Microsoft may be content to let PRA be one option to the standard. But unless the e-mail recipient's software supports the format as a check of authenticity, it is likely that the proposed protocol will die.

"Microsoft has a couple of choices now," said Craig Taylor, vice president of technology for e-mail device maker IronPort Systems. "They can continue pushing for (PRA to become) the de facto standard or donate the patents to the open-standards guys."

Taylor added the IronPort has no issues with the license under which Microsoft intends to release the PRA technology, so the company plans to use the Sender ID proposal with PRA.

The ruling appears to allow for negotiation, if Microsoft considers removing licensing restrictions.

"We do feel that future changes regarding the patent claim or its associated license could significantly change the consensus of the working group, and at such a time it would be appropriate to consider new work of this type," the co-chairs said in the e-mail message.

5 comments

Join the conversation!
Add your comment
Bigger issue with open source and standards
The Sender ID patent problem shows that open source is not compatible with commercial software and will negatively impact future joint standards. Open source requires all parties to submit to shared intellectual property rules and prohibits ownership of intellectual knowledge. I don't believe shared knowledge should be the only source for standards, which means we have a serious problem.
Posted by padant (6 comments )
Reply Link Flag
The internet is open source software
On the contrary, most of the internet that you and me use is of open source nature.
No one owns the internet by itself. Microsoft wants to but no, the internet does not belong to Microsoft. And yet commerical software thrives on the Internet.
This is because most people understands that for anything to work on the Internet, it must done with all the parties collabaration. Meaning there must be a clear, free for all to see, and implement protocol specifications.
What Microsoft did was wrong because it wants to make everyone to agree to their method by submitting their Sender ID solution as part of the Internet architecture.
In other words, Microsoft tries to own a piece of the Internet by brute marketing force.
So, other parties have everyone right not to use it and let the Sender ID solution dies.
p.s. IBM is making a lot of money using open source software. Who says open source is anti commerical?
Maybe for some people they should at least have an open mind, even they will never let the software open source.
Posted by (6 comments )
Link Flag
That's not the issue.
"The Sender ID patent problem shows that open source is not
compatible with commercial software and will negatively impact
future joint standards."

You're confused. Open source is inseparable from open
standards. Microsoft is the one that's not compatible. They're
not compatible with openness, standards, fairness or quality.
This doesn't surprise me at all. Their behavior is becoming all
too predictable.
Posted by (33 comments )
Link Flag
Spam & Sender ID are evil
Sender ID is the same idiotic scheme CAUCE was pushing in their first days.

It's clear that the general push is to eliminate all of the aspects of the net that made it robust and compatible with free speech and privacy rights so that it can better serve those who are truly POWER crazed.
Posted by (13 comments )
Reply Link Flag
Microsoft's objective...
... is not to prevent spam. They just want to make sure they
profit from it. If you can control access and charge for it, you
don't want to throttle the traffic, you just want to funnel it all
through your toll booth. If Microsoft had their way, you wouldn't
see any less garbage in your in-box; the only difference you'd
see is that it comes with Microsoft's seal of approval, meaning
they've taken their cut.
Posted by (33 comments )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.