Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

FSF & OSI Speak out Against Sender-ID License

CmdrTaco posted more than 10 years ago | from the well-there's-no-surprise-here dept.

Microsoft 51

NW writes "As a followup to yesterday story, Eben Moglen of FSF and Larry Rosen of OSI have publically spoken out against Microsoft's Sender-ID license calling it incompatible with the GPL and Open Source. A related eWeek story also covers this and includes the following quote from Eric Allman, the author of Sendmail: "It's pretty clear that it's going to take an act of whatever deity Microsoft worships in order to get them to back down on the sublicensing issue. They made it absolutely clear to us that they were not even going to consider changing this, and the legal folks made it further clear that they would rather see Sender ID die than back down.""

Sorry! There are no comments related to the filter you selected.

Fine by me. (5, Funny)

LordNimon (85072) | more than 10 years ago | (#10081400)

the legal folks made it further clear that they would rather see Sender ID die than back down.

So be it.

Re:Fine by me. (3, Insightful)

GOD_ALMIGHTY (17678) | more than 10 years ago | (#10081629)

Second that... Either they release an RFC implimentable by OSS, or it doesn't get used.

Didn't MS learn this lesson back in '95 with Blackbird?

Re:Fine by me. (2, Funny)

km790816 (78280) | more than 10 years ago | (#10082534)

Q: What's Blackbird?
A: Exactly.

Q: No, really, what's Blackbird?

Re:Fine by me. (2, Interesting)

Piquan (49943) | more than 10 years ago | (#10082824)

No, really, what's Blackbird?

I'm not sure if you were just joking or really asking a question.

Blackbird was the protocol used by MSN. I'm not sure about the technical details, but I think it was pretty much sending GDI calls (Windows equiv to X calls) down the wire. Microsoft derided HTML in favor of Blackbird.

About a year after that, they were enthusiastically "supporting" HTML.

Re:Fine by me. (1)

km790816 (78280) | more than 10 years ago | (#10083664)

I'm not sure if you were just joking or really asking a question.

Both. :-)

Re:Fine by me. (4, Funny)

Phillup (317168) | more than 10 years ago | (#10081641)

There should be a "No, Seriously" mod to counteract "Funny".

It isn't a joke.


Re:Fine by me. (5, Informative)

LordNimon (85072) | more than 10 years ago | (#10082097)

That's what I was thinking. I wasn't intending to be funny. I was very serious. Oh well.

I'd rather see separate mod scales (0, Offtopic)

leonbrooks (8043) | more than 10 years ago | (#10085291)

I'd like to see separate Agree/Disagree mods that don't use up karma, and don't have a cap (on either the post's rating or the user's hoarding ability). I'd also like to see high-score tables for those (as in, all-time agreeable and disagreeable posts, most and least agreeable average-over-lifetime and -over-last-20-posts, plus the extremes for this month, the last 24 hours, and top/bottom 3 posts in each story.

Maybe allocate one agree/disagree point per user per visit-day (ACs don't get any) and allow someone to spend up to two on a post (as in "strongly-agree, agree, don't-know-or-don't-care, disagree, strongly-disagree").

I think having a discrete "agree/disagree" channel will help the noodles get feelings off their chests without modding to their feelings instead of impartial merit.

I'd also like to see the "real" mods split out into quality-of-language, quality-of-interest and quality-of-data. At the moment, there's no way of saying "this is interesting and based on quality data/good links but the language sucks" or "nice post but lacks supporting data".

Re:Fine by me. (1)

doctormetal (62102) | more than 10 years ago | (#10081645)

the legal folks made it further clear that they would rather see Sender ID die than back down.

So be it.

You mean that the SPF vs. Sender-ID battle has been won before it started?

Re:Fine by me. (4, Insightful)

walt-sjc (145127) | more than 10 years ago | (#10082468)

Sender-ID can incorporate SPF. It isn't a one or the other battle.

I've read through the ietf archives, and the big issues are that the license seems OK on the surface, but the details of exactly what is patented is very unclear AND The requirement that implementors and distributers get a license, even if it's free, is a huge burden. Imagine if this kind of thing happened with all the standards? A company like redhat would need to get thousands of licenses from thousands of companies. Debian would be impossible. Open source would die.

The end result is that SenderID will be mostly useless because it will not get critical mass adoption. ISP's rely heavily on opensource software. If opensource mail software does not support SenderID, only a small fraction of the world will adopt it.

Re:Fine by me. (2, Interesting)

Rick the Red (307103) | more than 10 years ago | (#10084429)

Unfortunately, Microsoft Outlook and Outlook Express have a huge market share. My brother, for example, uses it/them. So what am I supposed to do when my brother's email program refuses to accept my emails because I don't use the same mailer that he uses? How can I even email him to explain myself? For all I know, he won't even see that my email came in marked as "spam", he'll just wonder why I never send emails anymore.

That's my fundimental objection to all these anti-spam kludges (and that's what they are, kludges): they only work if everyone adopts the same kludge.

Re:Fine by me. (2, Insightful)

sbryant (93075) | more than 10 years ago | (#10086322)

Consider this: current versions of Outlook (and O. Express) do not support sender ID. Microsoft has said they want to kill off Outlook Express, and Outlook, as a part of Office, costs cash. People don't generally upgrade that fast. There will be plenty of people with Microsoft software that doesn't support sender ID, and Microsoft needs to retain backwards compatibility, because not doing so gives people an incentive to use another product instead.

If Microsoft make new products that mark all email without sender ID as spam (possibly meaning it isn't even seen), that will legitimately upset a lot of paying customers. The lack of sender ID then becomes effectively meaningless, and things like that do die off. It's happened to them before; sometimes they let it die, sometimes they change their tune.

Consider this: Microsoft wasn't interested in supporting TCP/IP or the Internet; they wanted everyone on their own private MSN too (not the MSN we know today).

-- Steve

Re:Fine by me. (1)

WolfWithoutAClause (162946) | more than 10 years ago | (#10099606)

Um, but only the mail servers *need* to implement SenderId. Outlook Express and Outlook are irrelevant in this.

Re:Fine by me. (1)

Rick the Red (307103) | more than 10 years ago | (#10104075)

Then what's the problem with the GPL? If elm and pine and all the rest will work with senderID as-is -- if it's purely a mail server thing -- then what's the problem? I have zero control over what software Comcast uses to provide me my email, and frankly I don't care if they use something from Microsoft or something open, as long as it works. If you're an ISP and you want to use non-Microsoft software, then you should be on the front lines fighting this patent nonsense, but if it doesn't affect the rest of us, so what?

But now I'm troubled by the notion that Comcast will (or will not) assign me a senderID whether (or not) I want them to.

Re:Fine by me. (1)

WolfWithoutAClause (162946) | more than 10 years ago | (#10104360)

But now I'm troubled by the notion that Comcast will (or will not) assign me a senderID whether (or not) I want them to.

No, as I understand it, that's not how it works, atleast as far as spam killing goes.

The sender Id identifies the ISP, not the user. That way, if a users' machine gets owned, the sender Id doesn't get added, because the mail isn't being officially sent by the ISP's server. So when the mail arrives at the destination mail server, it throws it away, because it doesn't have the right digital signature to say it is from the ISP that apparently sent it.

And if the users' machine attempts to go through the ISP's mail server, that already is going to be set up with spam detectors and rate limiters and ultimately backed up by the mark 1.0 human eyeball so that the spam never enters the internet at all. It's much better to do this on the way in to the internet, because the spammers quickly realise that they are onto a losing proposition and go somewhere else, or give up.

Re:Fine by me. (2, Interesting)

phraktyl (92649) | more than 10 years ago | (#10082018)

Actually, I think your sig says it all:

And the men who hold high places must be the ones who start

To mold a new reality ... closer to the heart

The FSF/OSI communities are doing as much as we can, but as much as I hate to say it, things aren't fundamentally going to change until the big companies -- to include Microsoft -- do.

Great Rush quote, BTW.

Re:Fine by me. (2, Funny)

tsg (262138) | more than 10 years ago | (#10082186)

"Over my dead body"

"I accept your terms..."

Actually, the quote was... (1)

leonbrooks (8043) | more than 10 years ago | (#10085409)

"You can have my gun when you pry it from my cold dead hands!"

"Your proposal is... acceptable."

Can't find a still of Edgar getting his face ripped off, though.

Re:Actually, the quote was... (1)

tsg (262138) | more than 10 years ago | (#10090509)

Yeah. But mine is applicable in so many more situations.

Typo In Article Summary (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#10081489)

As a followup to yesterday story

I think you want "yesterday's story."

Familiar dialogue? (3, Funny)

silicon not in the v (669585) | more than 10 years ago | (#10081715)

the legal folks made it further clear that they would rather see Sender ID die than back down.
Sith lawyer: "As you can see, my sublicensing powers are far beyond yours; now back down."
Eben-Wan Kenobi: "I don't think so."

OK, so the "back down" is directed the other direction, but it sounds so right, doesn't it?

Uh... (1)

T-Ranger (10520) | more than 10 years ago | (#10082025)

Someone actually want to link to a reference where this statement was made?

Re:Uh... (3, Informative)

gorre (519164) | more than 10 years ago | (#10082528)

Yes, the statements can be found here [imc.org] .

Open Letter to Bill Gates and Minions (3, Funny)

jo42 (227475) | more than 10 years ago | (#10082079)

Dear Bill,

Regarding mandatory Sender-ID licensing.

Get bent!!!

Yours Sincerly,
jo42 (on behalf of the rest of the world)

Spam for OSS zealots (-1, Troll)

Anonymous Coward | more than 10 years ago | (#10082181)

Sounds like OSS zealots will be receiving all the spam and they'll only be able to email themselves. Sounds good to me.

Act of... (5, Interesting)

warrendodge (76230) | more than 10 years ago | (#10082235)

"going to take an act of whatever deity Microsoft worships in order to get them to back down"

That would be an act of Dollar, the almighty god of commerce. Worshiped by by corporations and monopolists around the world.

Get used to it... (3, Informative)

cornice (9801) | more than 10 years ago | (#10082389)

It's quite clear that this is the best strategy that Microsoft has against Free Software. MS _may_ not get to point where they directly sue over patents and copyrights but be assured that they will work very hard to create useful and popular things that are legally incompatible with Free Software.

Re:Fight back (2, Interesting)

Bastian (66383) | more than 10 years ago | (#10082469)


I wonder how feasible it would be for Free Software to fight back by embrace and extending some ubiquitious and vital technology the way Microsoft hs tried with e-mail and the Web, getting a patent on it, and then licensing it under some GPL-like license?

Sadly (for some, at least), this would be a strike at business in general, and I'm not sure everyone would want to attack an entire industry based on the actions of a few unruly members, and open source probably isn't big enough to do it to the entire industry. Personally, I'd just make a commercial licensing option that is more BSD-like for some vendors with a specific "No Microsoft" clause.

It'd be fun to see what happens to Microsoft if we could effectively make it impossible to provide some service from Windows servers. Maybe actually bring competition back to the market.


Re:Fight back (4, Insightful)

Xentax (201517) | more than 10 years ago | (#10082655)

"No Microsoft" is still "Not Free".

This is one of those moments where you have to reflect on what TRULY free TRULY means.

For example, Free Speech means you can say something that I absolutely, 100% disagree with, or even despise you as a person for, yet you are acting within the law (whether I is joe citizen or the US government).

Or, as has been mis-attributed to Voltaire a few times, "I disapprove of what you say, but I will defend to the death your right to say it".

If you truly believe your software, or ALL software should be free, that means ANYONE, including Microsoft, MUST be allowed to use it (within the terms of the particular "Free-compatible" license, of course).

I wouldn't expect to see MS modifying and sharing any GPL code anytime soon, but they have used BSD code in the past, and I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).

You can't pick and choose and still call it 'Free'.

I recognize your knee-jerk tag - so just consider this the second part of a knee-jerk chain reaction :)


Re:Fight back (2, Interesting)

molo (94384) | more than 10 years ago | (#10083723)

I wouldn't expect to see MS modifying and sharing any GPL code anytime soon, but they have used BSD code in the past, and I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).

They already distribute GPL licensed code. See Windows Services for UNIX 3.5 [microsoft.com] . It includes gcc, g++, make, rcs, awk, grep, sed, tar, cpio, etc.


Fighting back means not helping those who harm us. (1)

jbn-o (555068) | more than 10 years ago | (#10085968)

This is one of those moments where you have to reflect on how freedoms work and then recognize that we cannot afford to support those who would take other freedoms away.

Software proprietors like the new BSD license (among others) because it allows them to build on the program and not share their improvements in a form which allows others to excercise their software freedom to inspect, share, and modify the software. As you have pointed out, Microsoft has done this.

We don't gain or retain software freedom by trying to grant all possible freedoms to all people and all organizations. Extending such power to those who would build on our commons and then take our commons away from us with their superior advertising or patent acquisition power is unwise. Their proprietary variant of the program could become the de facto standard. Then we would either end up working for them by continuing to make gifts of code to them (thus treating a business like a charity and competing against a derivative of our own code) or we would be defeated in our struggle to maintain a software commons. If their new algorithms are patented, we lose the opportunity to outcompete until the patent expires, no matter how skilled a programmer we are. Waiting for patents to expire means our software will be less competitive, possibly obsolete.

It is not our job in society to look out for businesses. However, time has shown that businesses are willing to share and modify code as equals under a strong copylefted license like the GPL. This kind of cooperation is beneficial in more important ways than adding hackers to a project. I'm not anti-business, I'm against giving business the power to step on my software freedom. I'm all for giving people choices in licensing, but I want more people to realize the ramifications of that power, not select a license because of some enclosure-movement-friendly misinterpretation of freedom and power [gnu.org] .

What an odd definition. (1)

Medievalist (16032) | more than 10 years ago | (#10111609)

Where I come from, "fighting back" means killing or beating the living s**t out of whoever's trying to harm you. But I guess we're kind of backwards around here, we haven't really got the hang of this new millenium yet.

Suck an egg, pedant. (0)

Anonymous Coward | more than 10 years ago | (#10111655)

"Oh, ho, ho, irony! Oh, no, no, we don't get that here. See, uh, people ski topless here while smoking dope, so irony's not really a, a high priority. We haven't had any irony here since about, uh, '83, when I was the only practitioner of it. And I stopped because I was getting tired of being stared at." --Steve Martin as C.D. Bales, in Roxanne

Re:Fight back (1)

spitzak (4019) | more than 10 years ago | (#10086770)

I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).

There is nothing wrong with looking at the source or even modifying it. Microsoft knows this (although they won't say that publically to avoid counteracting their FUD) and I'm sure they are modifying and testing GPL code plenty in there.

What they cannot do (without releasing the source) is redistribute the software. And they are not doing that.

"tainting" is a bogus argument, used to scare people from the GPL. I know for a fact that Microsoft has zero qualms about hiring people with intimate familiarity with GPL software, so they are litarlly lying when they make claims about this. If in fact "tainting" was true, Microsoft could not hire anybody with a single bit of exposure to any copyrighted or proprietary code. They would have to teach their employees in a private school from when they are 5 years old and prevent all contact with the outside world. Obviously they do not do this. "Tainting" is a lie and probably the deepest, most insidious piece of FUD from Microsoft. It's very sad when you see people who think they disagree with Microsoft fall into repeating it.

Re:Fight back (1)

Xentax (201517) | more than 10 years ago | (#10087230)

You're right and you're wrong (IMHO), to various degrees.

You're right in that anything short of a 'clean room' approach is, to some degree, tainted, so it must not be THAT hard-and-fast, or you could never hire anyone that ever worked for your competition.

But you're wrong in that tainting is completely unheard of or a boogeyman that has no force.

It's really more of a *general* trade-secret issue that Microsoft (and probably others) is playing safe by including GPL'd source as well as other competitor's product internals.

I think it's a no brainer that an MS employee who gained access to a competitors source via some means (legal or otherwise) would be risking legal issues if he also has access (however indirect) to MS source of a competing product.

The fact that the GPL makes that competing source publicly and legally accessible doesn't change that. You *could* try to argue that, if I see the source for the kernel, and work on the Windows core, that I'm potentially lifting things that are SUPPOSED to be protected by the GPL, without abiding by the GPL. I don't see how you can argue otherwise.

To put it another way: If you ARE claiming otherwise, you're saying a Windows developer could freely, minutely examine the Linux kernel, and then, without any degree of fear of legal repercussion, *implement the ideas expressed in that code* without GPL or other legal fallout. To be clear, he doesn't copy a single line of code, just reuses the good ideas, tweaks things based on the insights he gains, etc.

Do you really claim that?

Among the arguments against it is a natural claim that lines of code WERE copied, then there's a big mess to try to prove that direct copying happened, or didn't, etc. Basically, a big mess. The mess is reason enough to avoid such an entanglement, even if it would 'in theory' be ok.


Re:Fight back (1)

someone247356 (255644) | more than 10 years ago | (#10088114)

You wrote;
"If you ARE claiming otherwise, you're saying a Windows developer could freely, minutely examine the Linux kernel, and then, without any degree of fear of legal repercussion, *implement the ideas expressed in that code* without GPL or other legal fallout. To be clear, he doesn't copy a single line of code, just reuses the good ideas, tweaks things based on the insights he gains, etc.

Do you really claim that?"

I'm not sure about the original author, but I'll claim that.

The GPL is based on "copyright" law. Copyright, as it applies to software, not to be confused with patents, only covers an expression of an idea, not the original idea itself.

So, if Microsoft wanted to have an army of coders spending long nights studying the Linux kernel in infinitesimal detail, trying to glean that special something and reimplement it in Microsoft's OS, that's perfectly legal. Not only that, but I wish them the best of luck.

If you think otherwise, then anyone who has ever looked at any source code, couldn't code. Every university student who studied Lyons' Unix book wouldn't be able to program for Linux (a.k.a. the SCO Group hypothesis).

Direct copying, bad, reimplementing someone else's idea, good.

I hope that helps.

Re:Fight back (1)

spitzak (4019) | more than 10 years ago | (#10089913)

you're saying a Windows developer could freely, minutely examine the Linux kernel, and then, without any degree of fear of legal repercussion, *implement the ideas expressed in that code* without GPL or other legal fallout. To be clear, he doesn't copy a single line of code, just reuses the good ideas, tweaks things based on the insights he gains, etc.

Do you really claim that?

Yes I am claiming that.

Read RMS's rants some time. Take a look at where he talks about reverse engineering. Even he says that learning from the source code is more important than some attempt to prevent a company from using your ideas.

Also legally the GPL is based on copyright, and only grants some exceptions to it's rules. Copyright allows exactly what you state above, therefore there is no way for the GPL to prevent it.

I think the only dangerous code is where people who read it have to sign NDA's or contracts that say they cannot copy any of the ideas.

Re:Fight back (1)

Xentax (201517) | more than 10 years ago | (#10090754)

The reason this *does not* happen is the legal mess I pointed to.

If some Windows devs DID do this, you're right that it *ought* to be fine.

But what *could* (and I really mean "could", I don't mean Linus would, should, or even 'might' do this) happen is that the authors of that code COULD turn around and claim MORE happened - ie, that copying occurred. You'd have MS saying no, we just LOOKED AT the code, and used the good ideas, etc. - while (whoever) says there MUST be copying. They'd want their lawyers to do discovery on the Windows sources to see that there's no copying, they'd want to depose the MS devs in question under oath to ensure they're telling the truth, etc.

Even if you factor the likelihood of such a thing (low to not-bloody-likely), the cost if it DID happen (millions of dollars, thousands of man-hours of wasted time, PR nightmare) is such that the RISK IS NOT WORTH IT.

That's all I'm really saying, guys. It's one thing when both sets of sources are Open. It's another thing when one is protected by trade secret status.

Do you really think NOONE would accuse MS of copying (in the copyright-violating sense, or the GPL-violating sense, NOT the "good idea reused" sense) if MS said they were doing the "good idea" version? Even if none of the Linux copyright holders made a fuss, or a legal fuss, plenty of OTHER people *would* make a fuss, and the PR flak from that would probably be hassle enough to be worth avoiding.


Re:Fight back (1)

spitzak (4019) | more than 10 years ago | (#10092607)

That argument makes no sense. If Microsoft was willing to lie and copy GPL code, then they are equally willing to lie about not looking at it. In fact somebody can claim "by saying they are not looking at GPL code, they must be covering something up, therefore their denial is proof that they are copying it".

There is no way for Microsoft to prevent made-up accusations like this and it is insane for them to change their behavior and limit their options because of this. I can claim they are killing kittens in their basement and the fact that such an accusation is possible does not mean they must avoid any contact between their employees and kittens. The exact same thing is true of GPL code, there is no logical reason to avoid looking at it.

Re:Fight back (1)

Xentax (201517) | more than 10 years ago | (#10109209)

I disagree.

The key difference is that you can make a much more substantial claim with available evidence.

If you have code that acts substantially similar, and claim it's because you copied, but only copied ideas based on viewing the code, that's (Arguably) hard to distinguish from less-legal copying.

Your kitten-killing claim is different. Maybe if kittens near MS campus were disappearing and MS claimed they were 'just adopting them all' or something.

My claim is that it is (or may be claimed) that distinguishing between literal and non-literal copying, without access to both sets of sources, is difficult. Since MS isn't keen on giving away their source, that could spell trouble. Given that, I can see why MS would insist on a policy of not even looking at code, so that a claim of copying must be weighed against the notion that NO copying is going on, not just non-literal copying.

To have a claim with merit, you'd have to show that there are similarities such that *at least* non-literal, and possibly literal, copying is going on.

Make sense?


Re:Fight back (1)

aminorex (141494) | more than 10 years ago | (#10084468)

The EFF should be patenting open source technologies right and left.

Re:Fight back (1)

grahamm (8844) | more than 10 years ago | (#10087753)

That should not be necessary. Merely publishing the source, which Open Source software does, should prove prior art and hence prevent anyone else subsequently patenting it.

Re:Fight back (1)

aminorex (141494) | more than 10 years ago | (#10088695)

It is necessary for the same reason corporations
build defensive patent portfolios: Cross-licensing
agreements. In this case, in the public interest,
since the government long since abdicated the role
of defending the public interest.

Okay (0)

Anonymous Coward | more than 10 years ago | (#10086972)

So, we have MS, who appears to be trying to hijack the IETF Sender ID MADRID Proposal. Hijacking? Umm, yes. Why yes? Because it is a fact not lost on this anonymous coward that all of the spam is originiating from machines running software provided by his master himself. The quiet squabble a few months back when himself said that targeted email marketing was a good idea, and was moving forward with "ethical spammers" to integrate targetted marketing into hotmail.

Also, the "If the whole world Ran My Software," all of these problems would vanish attitude. Well, most of the world does, and most of the problems result from that fact.

Many folks whimper and cry that their os of choice is so much better, because an exploit for another os doesn't run on theirs, umm, well, uh, yeah.

I just recently broke down and got a XP Pro laptop to help with doing security assesments. Low and behold, applying SP2 breaks the machines ability to do anything useful. MS is quoted as saying "We have removed support for TCP sends over RAW sockets in SP2.
We surveyed applications and found the only apps using this on XP were
people writing attack tools." Umm, why am I reminded of Zaphod Beeblebrox's Super-Chromatic Peril Sensitive Sunglasses? If I can't see the problems in my network, they must not be there.

So, the three stooges, Steve, Jim and Billy are going to save us from the mess they made so much money creating by offering a new way to stomp out the competition. Just use Exchange, or Sign our License to use our not-disclosed patented processes, right here, in blood if you will, and all of your spam problems will go away. You can just hear the evil laughter.

They are the spammers. Simple fact, put products under the nose of the meme-built "consumer" (what ever happened to citizen?) and they will buy it. Be it cheats for their iPods, v1agrah or whatever.
Demographics tell a true story.

Steve, Jim and Billy know this to be true. Look at their wealth. Oh yeah, they are going to stop spam alright. Or more to the point, put a quick and simple end to your ability to do anything about it.

Just get Jon Johansen on the case (-1)

ChipMonk (711367) | more than 10 years ago | (#10082680)

Let them reverse-engineer and re-implement it in Norway, then we can download it and use it here.

Who cares... (3, Insightful)

qtp (461286) | more than 10 years ago | (#10084948)

As long as Microsoft is incorporating SPF [pobox.com] into their solution, then it doesn't really matter if few providers use SenderID (as long SPF is widely adopted).

SPF provides the means to eliminate the most egregious spammers by eliminating all emails with forged headers and providing a means to ensure that the sender is complying with the rules set by their ISP. It is simple to implement because it uses already existing features of SMTP and DNS to operate, and it does not need to be adopted "all at once" by every ISP, as it does not interupt mail being sent to/from non-participating ISPs until the provider using it makes that decision themselves. It is also possible for a user (of a participating ISP) to incorporate SPF response into their filters in such a way that it would not eliminate any legitimate mails, and it would still be effective at helping the user to identify spam.

It will help ISPs verify that their users are violating policy by sending spam. It will help make blacklists more accurate by identifying ISPs that permit or encourage spammers to use their services.

Read the FAQ [pobox.com] .

As long there is progress toward wide adoption of SPF, there is little reason to argue over Microsoft's SenderID licensing scheme. If their protocol cannot be used with qmail, sendmail, and other high reliability/security servers, it will not be adopted. As long as Microsoft has followed its stated intention to adopt SPF as part of SenderID, then SPF will work for everyone, including those using SenderID.

Hotmail (3, Interesting)

Tyreth (523822) | more than 10 years ago | (#10085161)

Sender ID has already gained market support. Both ISPs, such as AOL, and mail software and support companies, such as Cloudmark Inc. and Tumbleweed Communications Corp., have announced support for it. Microsoft has also announced that it will start using Sender ID for inbound e-mail to its hotmail.com, msn.com and microsoft.com domains in October.

Practically speaking, what does this mean? That we won't be able to send emails to hotmail.com, msn.com and microsoft.com unless we use Sender ID enabled mail servers? What exactly does Sender ID do that will cause a problem of incompatibility for the open source community? I understand that Sendmail and others won't be able to implement it as is, but what does not being able to implement it mean?

Re:Hotmail (1)

WWWAvenger (625119) | more than 10 years ago | (#10087740)

SenderID is a combination of the Meng Wong's SPF and Microsoft's Caller-ID. If someone has implemeneted "Sender-ID" that means they use both to check for an email sender's right to send mail from a particular server. This licensing issue is really about the MTAs (the mail software) that checks for the Sender-ID records and scores mail based on them. If Microsoft won't let their portion of the schema be compatible with the licenses MTAs like Sendmail have, then the technology can't be incorporated legally and no one who uses sendmail can check email send from domains who publish records based on only Microsoft's contribution. However, SPF1, which is Meng Wong's free contribution to Sender-ID is the basis on which most companies have published Sender-ID records, therefore you can still USE SPF to check for servers permitted to send mail from a particular domain.

That really sucks (1)

Aloaha (808856) | more than 10 years ago | (#10089649)

Its incredible. I feel just an other time f... by M$. We small/tiny vendors leave modules Freeware like we do in our Aloaha because we believe in the Idea of SPF and so on and the big ones just focus on how to gain control. It would be interesting how it would legally look if we would silently support SPF2/SenderID. Anyway - I always prefered SPF1 and I hope that people are now even more motivated to push it... Thanks Frank

Just the beginning (1)

stox (131684) | more than 10 years ago | (#10094163)

I suspect the future will be fraught with Microsoft "innovations" in use of patent/copyright/trademark law.

How can I implement Sender ID in a freeware module (1)

Aloaha (808856) | more than 10 years ago | (#10182862)

Since SPF in our Aloaha is Freeware of course we are not implementing PRA - even though we support SPF2 records.....
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?