Wednesday, September 8

Opensource not ready to recieve MS Sender ID

Computerworld has an extensive story on Microsoft's Me, Myself & Microsoft Reloaded implementation of Sender ID & its licensing policy. Opensource & Free Software Foundation have both rejected the proposed technology, saying that it is incompatible to opensource. Apache Software Foundation and the Debian Project declared that they won't be able to support the Sender ID e-mail authentication standard in their products due to clashes in way they share Intellectual Property with their users which makes supporting Sender ID impossible.

An introduction to Sender ID by Microsoft :
The Sender ID Framework is an industry standard created to counter e-mail domain spoofing and to provide greater protection against phishing schemes. This combined specification is the result of Microsoft's Caller ID for E-Mail proposal, Meng Wong's Sender Policy Framework (SPF), and a third specification called the Submitter Optimization. These three draft technical specifications were recently submitted to the Internet Engineering Task Force (IETF) and other industry organizations for review and comment.

Domain spoofing refers to the use of someone else's domain name when sending a message and is part of the larger problem of spoofing (the practice of forging the sender's address on e-mail messages). Domain spoofing can also be used by malicious individuals in phisher scams, which try to lure consumers into divulging sensitive information by pretending the e-mail is from a trusted source, such as a consumer's bank.

The Sender ID Framework is tasked with verifying that each e-mail message originates from the Internet domain from which it claims to come based on the sender's server IP address. Eliminating domain spoofing will help legitimate senders protect their domain names and reputations, and help recipients more effectively identify and filter junk e-mail and phishing scams.


Arstechnica however reports that Microsoft may face lawsuit from F. Scott Deaver, owner of Failsafe Designs, is now claiming that Microsoft has stolen his intellectual property, property which he claims was eventually to be released as open source.

Deaver has been the registered owner of calleridfore-mail.com for almost two years, and has in that time developed beta versions of a software application called Caller ID for E-Mail, an e-mail validation program that works in, ironically, Outlook Express -- a Microsoft product. Currently his trademark application (filed in March 6, 2003) for the term, "Caller ID for E-Mail" is pending approval at the U.S. Patent and Trademark Office (USPTO), and Deaver said in an e-mail interview he has substantive and numerous registered patents on file dated January 2003 and 2004 at the USPTO on software that predates and precedes any other claims.


The Other Irony is that that Sender ID was already based, in part, on Pobox.com's Sender Policy Framework, which is still free to use and implement. Thats why I think Microsoft is ready for a favor :
In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent rights on a royalty-free basis but only to those who are also willing to make their Sender ID patents available on a reciprocal royalty-free basis. The license is also important to Microsoft for defensive reasons. The reciprocity provisions and the ability to reserve defensive rights for Microsoft's implementations of standards are very important elements in our decision to contribute technology to standards.