Internet group rejects Microsoft's anti-spam solution

The Internet Engineering Task Force (IETF) has provisionally rejected Sender ID, a proposed anti-spam specification from...

The Internet Engineering Task Force (IETF) has provisionally rejected Sender ID, a proposed anti-spam specification from Microsoft, because of a possible intellectual property rights conflict.

The co-chair of an IETF working group called Marid (MTA Authorization Records in DNS), which is discussing how to ensure that the sender of a message is using an authentic address, said the working group's members had reached a rough consensus that Microsoft's specification should not be made a mandatory part of Marid's eventual standard.

At issue is the company's perceived lack of clarity over intellectual property conflicts - specifically, the company has said that it has applied for patents which could affect Sender ID, but has declined to give details.

According to co-chair Andrew Newton's summary of votes by working group members, this possible conflict could not be ignored.

"The working group has at least rough consensus that the patent claims should not be ignored," Newton wrote.

Newton stated that since Microsoft's patent application is not publicly available, and working group members cannot accurately describe what its claims might be, Marid's co-chairs decided not to take a risk.

"It is the opinion of the co-chairs that Marid should not undertake work on alternate algorithms reasonably thought to be covered by the patent application," Newton wrote.

He added, however, that should Microsoft change its position on the matter things could change.

"Future changes regarding the patent claim or its associated licence could significantly change the consensus of the working group, and at such a time it would be appropriate to consider new work of this type," he wrote.

Earlier, the Debian operating system project and the Apache server project said they would not implement Sender ID under its current licensing terms, arguing they are incompatible with open-source licences.

The licensing dispute marks a serious setback for the Sender ID specification, designed to combat spam by authenticating the source of e-mail messages.

Sender ID combines Caller ID for E-mail, proposed by Microsoft, and Sender Policy Framework (SPF), proposed by Meng Wong, the founder of e-mail service provider While many believe the project could make a significant dent in spam, open-source critics said Microsoft's licensing plans would disrupt the normal distribution of open-source software.

Microsoft has offered a royalty-free licence to anyone wishing to implement Sender ID in their products. The main problem with this, according to an analysis by Larry Rosen, general counsel of the Open Source Initiative, is that open source licences are treated as sublicensable.

"Open-source licences contemplate that anyone who receives the software under license may himself or herself become a contributor or distributor.

"The Microsoft Sender ID patent licence continues the convenient fiction that there are 'End Users' who receive limited rights. That is unacceptable in open-source licences," Rosen said.

Like other critics, Apache's developers said they were concerned the specification was being pushed ahead without serious attention being paid to intellectual property risks, particularly the existence of Microsoft's pending Sender ID-related patents.

"We feel that dismissal of unspecified, pending, patent claims recklessly shifts the risk and potential burden onto implementers," Apache said.

Matthew Broersma writes for

Read more on IT risk management