Microsoft's effort to convince the Internet Engineering Task Force to adopt its patented technology for e-mail authentication Federal Trade Commission and the National Institute of Standards and Technology.amid concerns it over the future of worldwide correspondence to one company. Since then, no progress has been made toward a resolution, engineers and lawyers said at a summit convened here by the
Key Internet standards currently are "freely available, no patent licensing from Microsoft," said Daniel Quinlan, a vice president of the Apache Software Foundation. "We want to make sure it stays that way for e-mail and other important parts of the Internet."
Quinlan's group, a nonprofit association, maintains the popular SpamAssassin software. In a statement, the foundation said Microsoft's proposal to authenticate senders of e-mail messages was "expressly incompatible" with the way the open-source development and distribution process works.
The summit, which ends Wednesday, comes as U.S. companies are becoming increasingly concerned about the problem of junk e-mail and "phishing" solicitations for personal data.
Some summit participants said they didn't care what standard was adopted--as long as it stopped the flow of fraudulent e-mail and Viagra solicitations. Visa, for instance, said Tuesday that it strongly endorsed the concept of e-mail authentication methods--but didn't reveal whether it preferred Microsoft's Sender ID, Yahoo's DomainKeys, or Cisco Systems' Identified Internet Mail.
David Kaefer, a director of Microsoft's patent licensing office, said Apache and other open-source advocates were ignoring "commercial realities" that require his employer to retain substantial control over its patents.
"Intellectual property is not just an inconvenience that can be ignored," Kaefer said. "We're starting to see patent issues and open-source issues coming together...There are commercial realities that come along with that." He added, though, that junk e-mail and fraudulent solicitations for financial data are now the "No. 1" problem of Microsoft's customers.
Sender ID combines a previous proposal called Sender Policy Framework, or SPF--authored by Meng Wong, chief technology officer at Pobox.com--with Microsoft's follow-on "Caller ID for E-Mail Technology." It's designed to verify that an e-mail message claiming to come from "example.com" was not spoofed by a scam artist or a spammer.
Yahoo's DomainKeys takes a similar approach by embedding a digital signature--difficult or perhaps impossible to spoof--in outgoing e-mail messages that are legitimate. SBC, British Telecom, Rogers, Google's Gmail and Yahoo Mail are testing or already using the technique, Yahoo said.
A swath of Internet and financial companies sent a letter to the FTC last week that predicted deployment of e-mail authentication schemes "will be achieved in phases," starting with something like Sender ID and eventually moving to more flexible systems like Yahoo's or Cisco's. The letter was signed by companies including Amazon.com, Bank of America, EarthLink, eBay, Equifax, Microsoft and VeriSign.
Previous FTC events on technology topics have led to congressional action in areas like spam and online data collection from minors. But this week's summit was aimed at bringing industry rivals together and informing the federal government about what was taking place.