Galaxy Z Flip 4 Preorder Quest 2: Still the Best Student Internet Discounts Best 55-Inch TV Galaxy Z Fold 4 Preorder Nintendo Switch OLED Review Foldable iPhone? 41% Off 43-Inch Amazon Fire TV
Want CNET to notify you of price drops and the latest stories?
No, thank you

Should Microsoft own antispam?

update Tech experts hash out how to better block spam. Some don't care which standard is adopted as long as it frees people's in-boxes.

WASHINGTON--Internet companies said Tuesday that they're racing to roll out better methods to block junk e-mail, but have not resolved long-standing differences over how much influence Microsoft will have over the final technology.

Microsoft's effort to convince the Internet Engineering Task Force to adopt its patented technology for e-mail authentication failed in September amid concerns it would cede too much control over the future of worldwide correspondence to one company. Since then, no progress has been made toward a resolution, engineers and lawyers said at a summit convened here by the Federal Trade Commission and the National Institute of Standards and Technology.

Key Internet standards currently are "freely available, no patent licensing from Microsoft," said Daniel Quinlan, a vice president of the Apache Software Foundation. "We want to make sure it stays that way for e-mail and other important parts of the Internet."

Quinlan's group, a nonprofit association, maintains the popular SpamAssassin software. In a statement, the foundation said Microsoft's proposal to authenticate senders of e-mail messages was "expressly incompatible" with the way the open-source development and distribution process works.

The summit, which ends Wednesday, comes as U.S. companies are becoming increasingly concerned about the problem of junk e-mail and "phishing" solicitations for personal data.

Some summit participants said they didn't care what standard was adopted--as long as it stopped the flow of fraudulent e-mail and Viagra solicitations. Visa, for instance, said Tuesday that it strongly endorsed the concept of e-mail authentication methods--but didn't reveal whether it preferred Microsoft's Sender ID, Yahoo's DomainKeys, or Cisco Systems' Identified Internet Mail.

David Kaefer, a director of Microsoft's patent licensing office, said Apache and other open-source advocates were ignoring "commercial realities" that require his employer to retain substantial control over its patents.

"Intellectual property is not just an inconvenience that can be ignored," Kaefer said. "We're starting to see patent issues and open-source issues coming together...There are commercial realities that come along with that." He added, though, that junk e-mail and fraudulent solicitations for financial data are now the "No. 1" problem of Microsoft's customers.

Sender ID combines a previous proposal called Sender Policy Framework, or SPF--authored by Meng Wong, chief technology officer at Microsoft's follow-on "Caller ID for E-Mail Technology." It's designed to verify that an e-mail message claiming to come from "" was not spoofed by a scam artist or a spammer.

Yahoo's DomainKeys takes a similar approach by embedding a digital signature--difficult or perhaps impossible to spoof--in outgoing e-mail messages that are legitimate. SBC, British Telecom, Rogers, Google's Gmail and Yahoo Mail are testing or already using the technique, Yahoo said.

A swath of Internet and financial companies sent a letter to the FTC last week that predicted deployment of e-mail authentication schemes "will be achieved in phases," starting with something like Sender ID and eventually moving to more flexible systems like Yahoo's or Cisco's. The letter was signed by companies including, Bank of America, EarthLink, eBay, Equifax, Microsoft and VeriSign.

Previous FTC events on technology topics have led to congressional action in areas like spam and online data collection from minors. But this week's summit was aimed at bringing industry rivals together and informing the federal government about what was taking place.