Standards Group Rejects Microsoft's E-Mail Authentication Plan
The Internet Engineering Task Force has nixed Microsoft's Sender ID proposal because of patent concerns.
The Internet Engineering Task Force, an international standards organization, has rejected Microsoft's plan for E-mail authentication because of intellectual-property concerns. The group's reservations echo worries about licensing restrictions voiced last week by two open-source software groups.
In a message sent Saturday to members of the Marid working group, which is responsible for dealing with E-mail-authorization issues in the Domain Name System, co-chair Andrew Newton summarized the task force's position that uncertainty about patents related to Microsoft's Sender ID proposal made the scheme unworkable.
In May, Microsoft said it had combined its Caller ID for E-mail proposal with Sender Policy Framework (SPF), an E-mail-authentication plan authored by Meng Wong, co-founder and chief technology officer of Pobox.com. Renamed Sender ID, the specification is intended to curtail domain spoofing, which is commonly seen in phishing attacks.
At the time, Newton expressed his optimism about the prospects of Sender ID. In a Microsoft press release, he's quoted as saying, "We are very optimistic that this proposal will provide the type of solution that Marid is looking for."
It now appears that only the SPF portion of the proposal will receive the blessing of the Internet Engineering Task Force.
Among those in the E-mail industry, this decision isn't much of a surprise. "I never thought that the IETF would accept this as a standard," says Avner Amram, executive VP of anti-spam company Commtouch Inc. "It's nice but it's not enough."
Dave Anderson, president and CEO of enterprise E-mail company Sendmail Inc., says anticipated concerns about Sender ID's acceptability among open-source advocates led his company to make Sender ID support available through a plug-in rather than integrating it with its products.
While Microsoft intends to publish SPF records and Purported Responsible Address records, the format it developed, it will only rely on PRA records for authentication, according to a spokesman. In July, Microsoft said it would begin checking for the existence of Sender ID framework records on October 1st at MSN and Hotmail.
Microsoft's plan is far from dead however, as it has significant support from America Online and the Email Service Provider Coalition, among others. Both SPF and PRA will co-exist, the spokesman says. "One [standard] would have been best, but two is better than five," he says.
Anderson says he expects the Internet Engineering Task Force's decision will adversely affect the adoption of Sender ID. "It doesn't change what we're going to do," he says, "but I do believe it will change the relative share of what the authentication schemes will be in the market."
He believes the concerns about Microsoft flexing its intellectual-property rights are overblown and speculates that Microsoft only wants to protect itself from having someone else claim to have originated its technology.
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.