Security threats Toolkit

Microsoft's email proposal returned to sender

Tags:
Microsoft,
SenderID,
SPF

Published: 14 Sep 2004 08:15 BST

Internet engineers working on a standard for identifying the source of e-mail messages voted down a proposal by Microsoft to make some of the company's intellectual property a mandatory part of the solution.

On Saturday, a co-chair of the technical working group responsible for developing a standard for authenticating the origin of e-mail messages summarised the results of a vote by the group members. The group -- part of the Internet Engineering Task Force and more formerly known as the MTA Authorisation Records in DNS, or MARID, working group -- decided that Microsoft's insistence on keeping secret a possible patent application on its proposed technology was unacceptable.

"The working group has at least (reached a) rough consensus that the patent claims should not be ignored," Andrew Newton, one of two co-chairs of the working group, wrote in an e-mail to the group's discussion forum. "It is the opinion of the co-chairs that MARID should not undertake work on alternate algorithms reasonably thought to be covered by the patent application."

The ruling comes about three weeks after the two chairs of the working group, Marshall Rose and Andrew Newton, called for a virtual show of hands from engineers over whether they would deploy a hybrid technical specification that used Microsoft's technology. Open-source software groups, including those that manage the development of the Apache Web server and the Debian distribution of Linux, took umbrage with Microsoft's lack of clarity on issues of the company's intellectual property claims on the combined proposal, known as Sender ID.

Newton clarified in a second e-mail that Microsoft's proposed solution could be used as part of a standards-compliant tool for thwarting spam, but the group settled on a standard that does not include potential patent risk.

"The objection to (Microsoft's solution) is based on questions of deployment caused by incompatibilities with open-source licences," Newton stated. "However, there were also a significant number of responses from participants stating that hey had no such deployment issues."

Microsoft spokesman Sean Sundwall said that the company would continue with its plans to develop its own proposal, Caller ID for E-mail. The company, however, will use the technique that it developed, know as Purported Responsible Address (PRA), to authenticate the source of e-mail messages.

"Microsoft will continue to publish both types," he said, referring to the Sender Policy Framework (SPF) and PRA records used to check the authenticity of the sender. "But we will only check the PRA."

At the most basic level, Purported Responsible Address (PRA) and Sender Policy Framework (SPF) differ in the address that they check for authenticity. SPF uses the visible e-mail address of the sender, while the PRA technique checks the record against the most recent sender of the e-mail address. In many ways, the difference is between from where the e-mail has come most recently (PRA) and from where the e-mail initially came (SPF).