The effort to create an email sender authentication standard can't overcome patent concerns surrounding Microsoft's Sender ID proposal.
The Internet Engineering Task Force has disbanded its working group tackling spam, saying it was deadlocked, in part, over troubles related to Microsoft Corp.'s Sender ID proposal.
The decision, announced in an e-mail this week to the MADRID group by co-area director Ted Hardie, left in limbo industry efforts to develop a single standard for authenticating senders of e-mail, a process that would make it more difficult for spammers to disguise the origin of their inbox-clogging, annoying messages.
"I'm very puzzled by this," Matt Cain, security analyst for researcher the Meta Group, said Thursday of the IETF's decision. "Ultimately, the industry will probably converge on one or two approaches (for authentication), but my sense is this will delay deployment."
Sender ID is a combination of Microsoft's Caller ID technology and the Sender Policy Framework, an extension to the standard Internet protocol for transmitting email called Simple Mail Transfer Protocol. Earlier this month, MADRID, which stands for MTA Authorization Records In DNS, said patents related to Caller ID's part in Sender ID had made the latter unworkable.
In his e-mail, Hardie said the group has failed to reach a consensus on one anti-spam technology, blaming the logjam, in part, "by the need to evaluate IPR (intellectual property rights) and licensing related to at least one proposal," an apparent reference to Sender ID.
"Efforts to reach consensus by compromise and by inclusion have been attempted on multiple occasions," Hardie said. "Despite early hopes of success after each such attempt, post-facto recycling of technical issues which these efforts should have closed has shown that the group remains divided on very basic issues."
Industry unhappiness with Sender ID was pushed to the forefront earlier this month when America Online Inc., a unit of Time Warner Inc., dropped support for the technology, saying that it would only use SPF for checking inbound e-mail for the millions of subscribers to its Internet service.
In making its decision, AOL cited "serious technical concerns" with Sender ID, and the fact that it was not supported by the open-source community. The influential, open-source Apache Software Foundation had earlier rejected the proposed standard, saying the licensing terms set by Microsoft were too strict.
With so much disagreement over the technology needed to beat back spam, it appears the industry is headed for fragmentation, rather than a single standard.
"My initial analysis is that it will be left up to the vendors themselves to propagate their approaches," Cain said.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.