Microsoft e-mail proposal dealt setback

On Saturday, a co-chair of the technical working group responsible for developing a standard for authenticating the origin of e-mail messages summarized the results of a vote by the group members. The group--part of the Internet Engineering Task Force and more formally known as the MTA Authorization Records in DNS, or MARID, working group--decided that Microsoft's insistence on keeping secret a possible patent application on its proposed technology was unacceptable.

"The working group has at least (reached a) rough consensus that the patent claims should not be ignored," Andrew Newton, one of two co-chairs of the working group, wrote in an e-mail to the group's discussion forum. "It is the opinion of the co-chairs that MARID should not undertake work on alternate algorithms reasonably thought to be covered by the patent application."

The ruling comes about three weeks after the two chairs of the working group, Marshall Rose and Andrew Newton, called for a virtual show of hands from engineers over whether they would deploy a hybrid technical specification that used Microsoft's technology. Open-source software groups, including those that manage the development of the Apache Web server and the Debian distribution of Linux, took umbrage with Microsoft's lack of clarity on issues of the company's intellectual property claims on the combined proposal, known as Sender ID.

Newton clarified in a second e-mail that MIcrosoft's proposed solution could be used as part of a standards-compliant tool for thwarting spam, but the group settled on a standard that does not include potential patent risk.

"The objection to (Microsoft's solution) is based on questions of deployment caused by incompatibilities with open-source licenses," Newton stated. "However, there were also a significant number of responses from participants stating that hey had no such deployment issues."

Microsoft spokesman Sean Sundwall said the company would continue to support the IETF process and adopt the final version of Sender ID. The company, however, will use the technique that it developed, know as Purported Responsible Address (PRA), to authenticate the source of e-mail messages.

"Microsoft will continue to publish both types," he said, referring to the Sender Policy Framework (SPF) and PRA records used to check the authenticity of the sender. "But we will only check the PRA."

At the most basic level, Purported Responsible Address (PRA) and Sender Policy Framework (SPF) differ in the address that they check for authenticity. SPF uses the visible e-mail address of the sender, while the PRA technique checks the record against the most recent sender of the e-mail address. In many ways, the difference is between from where the e-mail has come most recently (PRA) and from where the e-mail initially came (SPF).

In August, Microsoft had feted more than 80 e-mail service providers in Redmond, Wash., as part of the E-mail Service Provider Consortium. Between the company's participation in that group and the Anti-Spam Technical Alliance, Microsoft has done a good job of selling major Internet infrastructure companies on the benefits of its proposal.

Sundwall would not say whether the IETF's censure would hinder the company's quest to get its Sender ID proposal accepted as a de facto Internet standard. But he did note that many participants stayed out of the vote on Microsoft's involvement.

"If you look at the number of contributors that (voted), it is very small," he said.

Sender ID would create a system to positively identify whether the source address of an e-mail message is the actual source of the message. The proposal is based on a previous scheme, known as the Sender Policy Framework, or SPF, which had been suggested by Meng Wong, the founder of e-mail service provider Pobox.com. Microsoft later proposed its own way of authenticating the source of e-mail, called Caller ID for E-mail, and a hybrid system was created.

The use of Microsoft's technology in the combined specification would mean the company could specify a license that potential users have to agree to before using the code. Microsoft has instead provided a license that appears to be voluntary, according to the analysis of some users of Sender ID. Microsoft has not provided guidance on the issue.

Industry participants in the IETF say that Microsoft may be content to let PRA be one option to the standard. But unless the e-mail recipient's software supports the format as a check of authenticity, it is likely that the proposed protocol will die.

"Microsoft has a couple of choices now," said Craig Taylor, vice president of technology for e-mail device maker IronPort Systems. "They can continue pushing for (PRA to become) the de facto standard or donate the patents to the open-standards guys."

Taylor added the IronPort has no issues with the license under which Microsoft intends to release the PRA technology, so the company plans to use the Sender ID proposal with PRA.

The ruling appears to allow for negotiation, if Microsoft considers removing licensing restrictions.

"We do feel that future changes regarding the patent claim or its associated license could significantly change the consensus of the working group, and at such a time it would be appropriate to consider new work of this type," the co-chairs said in the e-mail message.