Security threats Toolkit

Debian rejects Sender ID

Published: 06 Sep 2004 13:00 BST

Developers responsible for the Debian Linux distribution announced on Saturday that they will not implement Sender ID due to Microsoft's insistence on licensing the anti-spam standard. This announcement comes only a few days after the Apache Foundation's refusal to implement Sender ID.

The Debian project said in a statement that Microsoft's licence terms are incompatible with its free software guidelines. It will not implement or deploy Sender ID and will not support the standard in other software that implements it.

Sender ID has been developed to combat domain spoofing -- faking the sender's address -- in spam emails, by verifying that each email originates from the Internet domain that it claims to come from.

It is hoped that Sender ID will help companies identify and filter junk mail. Domain spoofing has also caused problems for legitimate senders who have found their domain blacklisted by anti-spam organisations due to their address being faked on spam emails.

Microsoft has released Sender ID under a royalty free licence, meaning that organisations who wish to use the standard have to sign a licence agreement. In an FAQ on the Microsoft Web site, the company said that an implementation of Sender ID can probably be distributed under an open-source licence on condition that the source code displays a statement saying that it may include intellectual property of Microsoft.

"While each open-source software licence may differ, we believe you can distribute your implementation under most open-source software licences, so long as you include the attribution stipulated in Section 2.2 of Microsoft's Royalty Free Sender ID Patent License," it said on the Microsoft Web site.

A Microsoft representative was not immediately available for comment on this issue.