MS Releases License For Sender-ID

NW writes "Microsoft published today a new license and FAQ for Sender-ID anti-spam standard being developed by the IETF's MARID WG (based on SPF). To use the license, a signed agreement with MSFT is required. Compatability with the Open Source Definition, the Free Software Definition, the Debian Free Software Guidelines, and the GPL/LGPL licenses is already in question."

Where will this lead?

[ravenspear]

How long will it be before you have to have a signed agreement with Microsoft to send an email?

Re:Where will this lead?

[Westech]

How long will it be before you have to have a signed agreement with Microsoft to send an email?

Not long. Especially if this standard takes off and anyone not using it has all of the email they send rejected as spam.

Re:Where will this lead?

[Citizen+of+Earth]

How long will it be before you have to have a signed agreement with Microsoft to send an email?

It will just be implicit. You will send your e-mail and they will charge $0.05 to your account.

Re:Where will this lead?

I'm sure a lot of people would be happy to pay 5 cents to send an email if it meant a 100% solution to eliminating spam. The catch is nobody would want their 5 cents to go to MS. It would also kill mailing lists. I participate on several lists with 1000+ memeber; that would make it $50+ to post a message. Same thing with newsletters.

OpenPGP Anyone?

[ChronoWiz]

Why not use something like gnupg to sign email in order to prove the identity of the sender?

Re:OpenPGP Anyone?

[JimDabell]

Why not use something like gnupg to sign email in order to prove the identity of the sender?

Because that requires changes to end-user behaviour.

In any case, a signature doesn't prove identity unless you or somebody in your web of trust has checked the fingerprint. This means that it's only a little more useful than a manual whitelist when it comes to avoiding spam.

Re:OpenPGP Anyone?

[0x0d0a]

It wouldn't work because you would only need to sign the first email, and then the next 10000 can be an exact copy of the first one.

So what? Sign the contents of the header as well, not just the body, and now if Bob lets you send email to him, you can send 10000 (well, unless he has a "rate limiting" cap on mail from you) emails -- but only to him. That's rather expected behavior, I'd say. If I don't accept any email that doesn't contain a "To:" or "Forwarded To" or "Bounced To" or whatever header containing my email address, I don't have a problem.

Sally, who still doesn't trust you, still doesn't get mail from you.

Are they purposely shooting their foot?

[chrispyman]

Seriously, does Microsoft think that highly of themselves that they can dictate a standard that requires a license from them? Sure they have a majority of the OS and E-mail clients, but I doubt they have a majority of the Mail Servers out there.

Current Climate...

[Manip]

In the current climate you could never produce a HTTP/SMTP type protocol because everyone is out to make money and gain power. What Microsoft has done is take a relatively open protocol and slapped a 'Microsoft Property' sticker on it, this will effectively limit its usefulness even if they are not charging a penny.

What is stopping them from letting it catch on and then asking for $1 from each project?

Re:Current Climate...

[perlchild]

Their word, it's not worth much, but it's there.

In the future, I'd recommend the IETF just make sure any standards it endorses includes a poison pill for would-be patenters contributing to standards, that if it changes the rights of patentees in the future, after it's become a standard, to restrict them in any discriminatory way, that it must pay the cost of developing the next, non-compatible(yet non-infringing on the patent) standard.

Let's face it, IBM wouldn't write compatible technology, because they'd have to cross-license their patents to Microsoft in order to get it, but neither can IBM afford to have a product that's incompatible with an IETF standard.

I'm all for rewarding the developer of a technology for doing useful work, I'm all against technologies being discovered useful only once the dollar signs come in. I'm pretty sure the IETF's stance on patents is due to the fact that it has to standardize what are often de-facto standards, picked by market effects to be the best technology. Now Microsoft is abusing the process, in order to use the IETF as a marketing weapon against its competitors.

Now my opinion is that patents and standards are exact opposites, and if you want a patent, you should just stay away from standard bodies until your patent runs out, and they should stay away from you. The patent owner and the standards body just have opposite goals:

The standards body wants to reduce the work and costs involved in increasing the number and likely hood of people using best practices and technologies, by agreeing on them and publicising them. In the knowledge fields, a standard has the force of law, simply because knowledge of a best practice being a best practice, means any other way of doing things has to be justified. The best practice is simply, better. The patent owner wants to make a maximal profit out of whatever use of his technology. That means those who compete with the patent owner cannot use the technology without the patent owner not having what he wants. The difference is fundamental, and a conciliatory position by Microsoft, as generous as it may be, is suspicious, simply because it's against their own interest

Well with the possible exception of removing "random" spam would allow them to become the only source of email advertising for their hotmail users, but in this case, their interest it would be magnified if they can deny it to _someone_, say aol, who would be denied from licensing the patent without some counterpart being presented to Microsoft. Can they exclude AOL reasonably without being discriminatory, I wonder, since IANAL, but I can certainly see their advantage in doing so.

Re:MS FAQ regarding issue

[VValdo]

A3: In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent
rights on a royalty-free basis but only to those who are also willing to make their Sender ID
patents available on a reciprocal royalty-free basis.

Gee, sounds almost viral to me.

W

Re:MS FAQ regarding issue

[ePhil_One]

In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent rights on a royalty-free basis but only to those who are also willing to make their Sender ID patents available on a reciprocal royalty-free basis.

Has anyone looked at the actual license to ensure that the patent reciprosity is limited only to Sender-ID? This thing could be a hell of a submarine patent reciprosity agreement, freeing MS to violate patents of anyone using email if it was worded carefully enough

Where Sender ID fits into the picture

[jgardn]

Just to get everyone up to speed:

- SPF (http://spf.pobox.com) is the current email authentication protocol that is dominating the world.

- Microsoft proposed Caller ID which was never accepted by the community.

- Microsoft and SPF advocate Meng Weng Wong brokered a deal and formed Sender ID. Basically, SPF is intact, but some features of Caller ID are preserved as an optional extension.

The part of Caller ID that remains is the PRA or "Purported Responsible Authority". The PRA is deteremined by a complicated algorithm that I personally don't believe would work. The algorithm is intentionally vague in some areas, and the results are ultimately subjective. The intention of the PRA algorithm is to determine who wrote the email based on the email headers. As everyone knows, the email headers are spoofable. But the idea goes, if you can track down the PRA, then you can authenticate this email based on that, rather than just the last hop like SPF does.

The problem from day one has been the patent issue. Microsoft is in the process of patenting the PRA algorithm. This isn't a problem. The problem is that Microsoft refuses to put the patent in the public domain or license the patent such that anyone can use it except those who use patents against Microsoft. Both of those strategies are perfectly reasonable, and are pretty much what IBM does for most of its patents.

Microsoft originally wanted to get a copy of the software and a signature before they would grant a license. Well, that doesn't work for F/OSS. The MARID working group who is investigating various solutions to the email authentication protocol for the IETF has been petitioning Microsoft to revise or clarify their licensing procedure. Well, they finally have, and in so doing they have not made it F/OSS compatible.

Microsoft thinks they can bully us around, but they don't realize they are the small kid on the email block. Their Caller ID failed. Now Sender ID is going to fail because Microsoft refuses to participate.

But that's okay. The PRA algorithm isn't anything we'll need to solve the email authentication problem.

IETF Global Perspective

[toxic666]

As long as the IETF maintains a global perspective, it can not accept standards encumbered by IP more restrictive than the GPL. It seems obvious -- we've all benefited by open standards on the Internet. But who knows, stranger things have happened.

This could be a good test case. MS may continue to pursue its IP Holy Grail business model, but if the IETF can stand firm and refuse restrictive licensing, they will not be able to force it down the world's throat. On the other hand, if the IETF does accept these kinds of IP restrictions, MS may have a path forward in pursuing its new business model of patents and copyrights for obvious and trivial ideas.

Re:prefer DomainKeys

[WD_40]

You raise a good point. MS will use it's Exchange server base as a launch pad to make everyone else play their game. Open source servers can easily be modified to support MS's BS, but I'm sure Exchange won't play nice with other open standards. *Sigh.* Here we go again.

MS are hoarding patents?

[Halcyon-X]

In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent rights on a royalty-free basis but only to those who are also willing to make their Sender ID patents available on a reciprocal royalty-free basis.

So everyone shares their patents with MS, but not with each other, MS gets all patent rights, and everyone else has to fend for themselves? Where is the strategic advantage for everyone to jump on board exactly?

Re:MS are hoarding patents?

[Pharmboy]

The advantage is that deadbeats who created and contributed nothing at all can use a ready-made anti-spam technique at no cost whatsoever.

Is that so hard to understand?

Maybe some teen sitting in his bedroom things of "free as in beer" is more important than "free as in speech", but not all of us do. One of the main advantages of "free as in speech" is the ability to change and modify the software in any way I want, without spending $1 in time worrying if I am violating some license.

WHY the MS appologists do not understand that the price of the software is trivial, is beyond me. I don't use Linux because it costs $0 vs. $800 for a copy of MS 2003 server. Screw $800. The freedom (as in speech) allows me to innovate without restriction. This helps me generate hundreds of thousands in profits. The labor to install, upgrade and maintain any server FAR outweighs the cost of the freaking software. Again, screw $800, its trivial.

Those of us that run servers are interested in the freedom to USE the software as we please, and happy to share changes. I am not interested in "free as in beer" software that is not "free as in speech". We are NOT the cheap, short-sited bastards you seem to think we are.

Beware any time Microsoft is offering *ANYTHING* for "free".

Re:Yeah, funny and all

[Inf0phreak]

And you think that the patent won't be granted?! You hold the USPTO in much too high regard.

Prior art may exist (I know absolutely nothing of that), but who wants to go to court with Microsoft?! Especially when they have admitted (q.v. Halloween memos) that patents are potentially useful to combat open source software.

Stalemate

[Performer+Guy]

So now nobody will implement this, and Microsoft, through patenting something obvious and trying to license it has scared everyone away from some pretty good ideas that would have been implemented otherwise, with or without Microsoft's help.

This is just the latest chapter in IP stupidity.

This stuff has been discussed for years, if this had been treated like most other W3C standards we'd be in the clear by now waiting for implementations, instead everyone's scared. Does anyone realistically think that there aren't patents that W3C standards already infringe? Finally we actually get rights to something and we're inspecting the teeth, simply because the subject has been raised.

The crazy part of this whole deal is that most software is riddled with potential patent violations, including Microsoft's and including projects like Mozilla, Gimp and Open Office. That's why MS are trying to retain *defensive* rights, because they know it would be dangerous to give this IP away, anyone could stand on their shoulders, and a widget and then sue them (and that has happened already) and Microsoft would have no way of countering. If they adopted a more GPL oriented license with the rights being rescinded in the event of any patent suit against M$ it would be golden. They could just do to the protagonists what IBM has just done to SCO, infact that wording is almost already in the GPL.

I think this situation can be salvaged with another revision of the license. We should not give up on this or go for the second best option on such an improtant proposal.

We're getting to witness what the beginning of the web would have been like had Tim Bernards Lee patented some of his ideas. It ain't going to be pretty.

Re:Jeez

[Soko]

Is just ridiculous. How many things must something be "compatible" (whatever that means in each context) with before it can be considered "good" considering most of you can't make up your minds about them to begin with?

It's considered good when anyone can play the game under the exact same rules, regardless of how much money, prestige and lawyers they have. That's what an "Open Standard" is defined as - an agreement on a set of rules that is there for all to see and use. Microsoft still doesn't get the "Open" part, it seems.

...blatent troll snipped...

Sigh.

Soko

Re:Jeez

[DunbarTheInept]

If the license they use is not compatable with use in an open source tool, and their system ends up taking off, then the end result is that all people using open source e-mail clients will be misidentified as "spammers" and thus unable to send e-mail to people who do participate in this system.

Are you unable to see what's bad about that - cutting all open source out of the use of e-mail - so that this once open standard gets nicely hijacked and "owned" by MS?

Re:Outlook has enough users to set new standards

[DA-MAN]

Most corp. users don't configure their e-mail personally, it is done by a sysadmin or pre-configured when they arrive to work. A vast majority of home users use webmail's such as gmail, etc.

If word got around that MS was going to change the behaviour of Outlook to this, I doubt a great many corps will change over to this new Outlook. Many companies are still out there using NT4/Office97. Even if they did upgrade, it wouldn't be without first disabling this via a policy. Sure home users will get spooked, but nothing is changed at Microsoft without first considering how major corps will react.

Non-open Source license

[rjdohnert]

Personally I dont feel this is a big deal unless you make it one. You can access the source code, you can redistribute the only catch is you have to acknowledge the patent. Unless someone can give me specific examples of why this violates the GPL and other open source licenses other than "Its Microsoft and Microsoft is evil" I do plan to deliver a software application utilizing this technology for Linux. I may be contacted at:

robertojdohnert@msn.com

Re:Non-open Source license

[Corydon76]

Bzzzzzzzzzzzt.

You obviously didn't read the thread. Microsoft's patent license is explicitly non-sublicenseable, which means that you may not redistribute to anybody who has not already accepted Microsoft's license (and by accept, I mean, printed it out, signed it, and faxed it back to Microsoft).

While that may not seem like a big deal to you, keep in mind that that's an incredible burden to place on freely distributed software, which would otherwise circulate quickly and freely.

Re:Why not create another solution?

[kindbud]

Microsoft has a whole lot more leverage to push their own solution.

No they don't, not in this case. If Sender-ID client code is only deployed among Microsoft products, then communicating with Microsoft products may require an administrator to put some records in their domain zone file. Microsoft cannot yet prevent me from putting the DNS records in my zone that their software is looking for. I wouldn't put it past them to try, but it doesn't seem like they can have any IP claim over a string in a TXT record.

But I don't have to use or deploy any software that uses any Sender-ID patented algorithms. Email for my users will still be delivered as usual, whether my MTA checks Sender-ID records or not.

The worst that can happen is that people will face a choice of whether or not to put Sender-ID records in their DNS, if they wish to communicate with Microsoft products that enforce Sender-ID protocol.

Re:Jeez

[Flower]

"You guys"? WTF? Are you actually so misguided as to think everybody posting here is holding up FOSS development with our little /. debates?

From what I've seen looking at the major FOSS development communities you listed they code and just keep moving on. Nobody is really wasting tons of time going on COLA and spending hours debating whether it should be GNU/Linux or just Linux.

Now the people that are debating this in the IETF? Well that's their job. This stuff needs to get sorted out so the proposed standard can be applied as widely as possible. Considering how deep FOSS is in the email infrastructure I, as a user and administrator, want this debate on whether the proposed changes are compatible or not.

Re:MS FAQ regarding issue

[GooberToo]

Tin foil hat? You need to learn more about business.

The grandparent post has a legitimate question and concern. You dismissed it like a fool. Tin foil hat indeed.

Microsoft would lose that gamble

[dekeji]

Microsoft has a whole lot more leverage to push their own solution. If Microsoft decides that their way is the way to go, they can implement it in all of their product offerings, thus forcing others to follow suit or risk being cut off from the vast majority of the Internet using public.

SPF is not necessary for exchanging electronic mail. If Microsoft servers fail to exchange mail with any significant number of OSS mail servers, the result won't be that OSS gives up and everybody signs patent license agreements with Microsoft, but rather that SPF won't get used. The long term fall-out would be that people would take Microsoft even less seriously when they come to standards bodies, and to hurt IETF credibility even further (IETF is already largely irrelevant).

Microsoft doesn't get it

[dekeji]

Microsoft is apparently trying to play hard-ball with OSS developers, forcing them to accept some kind of licensing terms or forcing them to stop developing this kind of software. But OSS developers don't have a choice: there simply is no way under which OSS developers can give in to Microsoft's licensing terms, even if they wanted to, since the terms are just fundamentally incompatible with most OSS licenses.

Furthermore, going to IETF with such standards proposals is pointless: the only producers of software that count in this space are Microsoft and OSS. If IETF starts producing standards under terms that are not acceptable to OSS developers, then that just makes the IETF irrelevant but it won't help with adoption of a solution.

In this case, if IETF's SPF standard isn't 100% compatible with OSS licenses, OSS software will not incorporate it and Microsoft Exchange installations will be unable to use IETF SPF with a significant fraction of Internet hosts. If Microsoft were competing with a commercial vendor of mail server software, that vendor would be in deep trouble and it might induce that vendor to come crawling to Microsoft begging for a license. But OSS developers won't do that: OSS projects don't have the same kinds of short-term pressures on them as commercial software vendors, and even if they wanted to give in, OSS licenses make it impossible.

Microsoft's management just doesn't seem to understand that they are not dealing with another business anymore: the strategies that they have used against commercial competitors just don't work against OSS. All they are accomplishing with this sort of behavior is to taint their own credibility and the credibility of the standards bodies they get involved.

Revert back to SPF only?

[IGnatius+T+Foobar]

Ok, so Microsoft seems to be trying to assert patent rights on Sender ID, in a fashion that makes open source difficult to implement.

Can anyone tell us what is stopping the Free world from simply reverting back to plain old SPF and ignoring Microsoft's extensions?

Re:MS FAQ regarding issue

It's literally costing them millions of dollars a year

At that rate, they'll be dead in a mere 20,000 years! But hey, once gmail goes public and they lose all their members, they won't have to worry about it anyway.