MS Releases License For Sender-ID

NW writes "Microsoft published today a new license and FAQ for Sender-ID anti-spam standard being developed by the IETF's MARID WG (based on SPF). To use the license, a signed agreement with MSFT is required. Compatability with the Open Source Definition, the Free Software Definition, the Debian Free Software Guidelines, and the GPL/LGPL licenses is already in question."

MS FAQ regarding issue

FAQ for Microsoft's
Royalty-Free Sender ID Specification License
Microsoft Corporation
August 2004
Q1: What is the purpose of the patent license?
A1: The adoption of Sender ID is important for the industry and Microsoft wants to facilitate the
adoption of the standard by licensing its necessary patent rights on a royalty free basis and
encouraging others to license their patent rights that cover the Sender ID specification similarly
on a royalty-free basis. That is why Microsoft's license includes all of Microsoft's current and
pending patent rights that are necessary to implement the Sender ID specification not just the
pending patent application claims Microsoft is currently aware of.
Q2: Doesn't having a patent on Sender ID complicate the process of getting it adopted as
an IETF standard?
A2: No. It should not. There are dozens and dozens of patent rights that have been disclosed to
the IETF that may cover IETF standards. See http://www.ietf.org/ipr.html for a complete list. We
are not aware of any of these patents complicating the standards process especially where the
patent owner has provided an assurance that it would make licenses available on a royalty-free
basis with other reasonable and non-discriminatory terms and conditions as Microsoft has done
here.
Q3: Why is Microsoft asking people to take a license?
A3: In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent
rights on a royalty-free basis but only to those who are also willing to make their Sender ID
patents available on a reciprocal royalty-free basis. The license is also important to Microsoft for
defensive reasons. The reciprocity provisions and the ability to reserve defensive rights for
Microsoft's implementations of standards are very important elements in our decision to
contribute technology to standards.
Q4: When do I need to execute a license with Microsoft?
A4: At this time Microsoft is only aware of pending patent application claims that cover its
submission of the Sender ID specification. Because Microsoft is not aware of any issued patent
claims, Microsoft does not require any one to sign a license with Microsoft to implement the
Sender ID specification or any part of it that is incorporated into IETF working drafts. In
conformance with the IETF IPR policy Microsoft has disclosed the existence of those pending
patent claims and has provided its assurance that if such claims are granted Microsoft will make
licenses available on reasonable and non-discriminatory terms. Microsoft has also gone beyond
the IETF's requirements by clarifying that its licenses will require no fees or other royalties, and
further, to make a license available to early adopters who wish at their option to clarify their rights
with Microsoft with respect to early implementations. Typically patent holders do not make their
license terms available until after the standard has been adopted and until after their patent
claims have been granted, leaving early implementers to speculate as to the ultimate terms of the
license.
Q5: What do I need to do for binary and/or source code distribution?
A5: Many open source licenses require you to include copyright notices distributed in the code
itself identifying the authors of the code being distributed. Some open source licenses also
require you to include the license under which you received the code with the code that you
distribute so that downstream users of the code are made aware of the terms and conditions
under which they can use the code. Microsoft does not require any notice or other attribution
when you disclose or distribute your implementation in binary form. However, if you disclose or
distribute your implementation in source code form, we think it is important for you to include a
patent attribution (from sec. 2.2 of our royalty-free patent license) in your source code and in
close proximity to the license under which you make your sou

Re:MS FAQ regarding issue

[VValdo]

A3: In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent
rights on a royalty-free basis but only to those who are also willing to make their Sender ID
patents available on a reciprocal royalty-free basis.

Gee, sounds almost viral to me.

W

Re:MS FAQ regarding issue

[ePhil_One]

In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent rights on a royalty-free basis but only to those who are also willing to make their Sender ID patents available on a reciprocal royalty-free basis.

Has anyone looked at the actual license to ensure that the patent reciprosity is limited only to Sender-ID? This thing could be a hell of a submarine patent reciprosity agreement, freeing MS to violate patents of anyone using email if it was worded carefully enough

Re:MS FAQ regarding issue

[ad0gg]

Read it for yourself

Take the tin foil hat off. Its a Standard reciprocal license agreement. Notice its the exact rights you get from licensing their patent. So how is this bad? All its saying is that you can use their patent if you grant them access to your patents on caller id.

Re:MS FAQ regarding issue

[Richard_at_work]

Sounds kind of like the GPL, in a sense. Same outcome anyway.

Re:MS FAQ regarding issue

[ePhil_One]

Take the tin foil hat off.

Thanks, but I'll stick with the fool me twice, shame on me system. MS has proven time and time again that they play to win, and that their idea of fair play is whatever they can get away with. Wasn't that long ago they decided I needed to buy a second Windows license for every PC in my office because the one I bought with the computer didn't include a right for me to Ghost(tm) images onto it.

Fortunately, there's a lot of really sharp and really paranoid folks who understand the law better than me (IANAL, though I do work in IP protection); you just have to separate them from the really paranoid people who don't understand the law.

Re:MS FAQ regarding issue

[GooberToo]

Tin foil hat? You need to learn more about business.

The grandparent post has a legitimate question and concern. You dismissed it like a fool. Tin foil hat indeed.

Re:MS FAQ regarding issue

[zurab]

Q5: What do I need to do for binary and/or source code distribution?
A5: Many open source licenses require you to include copyright notices distributed in the code itself identifying the authors of the code being distributed. Some open source licenses also require you to include the license under which you received the code with the code that you distribute so that downstream users of the code are made aware of the terms and conditions under which they can use the code. Microsoft does not require any notice or other attribution when you disclose or distribute your implementation in binary form.

The above is a variation of MS propaganda against OSS; taking shots at OSS while pretending to answer a "question," failing to distinguish that they are comparing their license for a specification vs open source licenses for actual programs.

Anyway, I read most of the license and the sections 2.1 and 2.2 seem incompatible with most open source licenses that I am aware of. Why? Because both the patent and source code distribution license grants are explicitly stated as:

nontransferable, non-sublicenseable, personal.

IANAL, but to me this means that if you are a recipient of a program under this license (from a party who accepted this license), you have no right to redistribute the source code unless you sign a separate license with Microsoft. This, in turn, means that the source code distribution license is held hostage by Microsoft - i.e. they may, at any time, change the terms or discontinue this license offer and no new developers (who have not agreed to the original license) would be able to redistribute the source of the existing open source programs implementing the specification.

Once this becomes popular, as Microsoft seems to hope, they may even (or at least have an option to) say - sorry, but we are no longer offering the "source code distribution" option with our new licensees, so sorry, really.

So, at the end, again they hope, everyone would have granted their patent licenses to MS, and MS would be in charge of the terms for the source code distribution.

This license is not compatible with OSS.

Re:MS FAQ regarding issue

[Curtman]

Not really. The GPL allows you to charge money.

Re:MS FAQ regarding issue

Asshole is the word you're looking for. He dismissed it like an asshole.

I hate holier-than-thou people. I wonder how many people can read one of these agreements and actually decipher the legalese.

Re:MS FAQ regarding issue

[LO0G]

Here's the thing to think about here. Spam is KILLING Microsoft, especially with Hotmail. It's literally costing them millions of dollars a year (they've made this quite clear). Microsoft believes that widespread adoption of this standard will help them fight spam.

So now then you have a question to ask yourself:

Which is more important to Microsoft: Stopping spam or winning points against other developers?

If it's the former, then they're on the level.

If it's the latter, then they're going to use the license as an excuse to rape you.

Re:MS FAQ regarding issue

[tacocat]

What do you think?

They don't care about a few millions of dollars a year in this crud. It's all a tax write off to them.

They prefer raping over fighting

Re:MS FAQ regarding issue

[killjoe]

"If it's the latter, then they're going to use the license as an excuse to rape you."

Why do they have to choose between the two. They will probably prevent spam, save money AND rape you till get raw.

Re:MS FAQ regarding issue

It's literally costing them millions of dollars a year

At that rate, they'll be dead in a mere 20,000 years! But hey, once gmail goes public and they lose all their members, they won't have to worry about it anyway.

Re:MS FAQ regarding issue

[Bert64]

But microsoft is also one of the largest facilitators of spam.. Almost all the spam i recieve comes from hacked windows machines, many of which are compromised via vulns in IE or RPC.. Many of these are compromised by vulnerabilities for which no patch exists. I have seen machines with automatic updates turned on, and which are totally up to date, being compromised with spam relaying bots.

Re:MS FAQ regarding issue

[NoMercy]

I think it's more, if youre going to do Sender-ID, your going to do it our way, and if you don't we can sue you because weve patented it.

I hate modern business.

April Trolls!

First Trolling Post.

Where will this lead?

[ravenspear]

How long will it be before you have to have a signed agreement with Microsoft to send an email?

Re:Where will this lead?

[Westech]

How long will it be before you have to have a signed agreement with Microsoft to send an email?

Not long. Especially if this standard takes off and anyone not using it has all of the email they send rejected as spam.

Re:Where will this lead?

[Citizen+of+Earth]

How long will it be before you have to have a signed agreement with Microsoft to send an email?

It will just be implicit. You will send your e-mail and they will charge $0.05 to your account.

Re:Where will this lead?

[ePhil_One]

How long will it be before you have to have a signed agreement with Microsoft to send an email?

It will just be implicit. You will send your e-mail and they will charge $0.05 to your account.

Tracked by MS Passport, of course. Don't worry about getting your Credit Card out, MS already has it.

Man, I just love a good conspiracy theory!

Re:Where will this lead?

I'm sure a lot of people would be happy to pay 5 cents to send an email if it meant a 100% solution to eliminating spam. The catch is nobody would want their 5 cents to go to MS. It would also kill mailing lists. I participate on several lists with 1000+ memeber; that would make it $50+ to post a message. Same thing with newsletters.

Bullshit!

That's bullshit.

I'm smart and posted first!!

OpenPGP Anyone?

[ChronoWiz]

Why not use something like gnupg to sign email in order to prove the identity of the sender?

Re:OpenPGP Anyone?

[Inf0phreak]

It wouldn't work because you would only need to sign the first email, and then the next 10000 can be an exact copy of the first one.

What would work is if you required all incoming email to be encrypted (and possibly signed) except for things on a white-list, but I suspect you wouldn't get much email then.

Of course one could argue that that would solve the problem with spam, but I think I prefer the disease to the cure in that case.

Re:OpenPGP Anyone?

[JimDabell]

Why not use something like gnupg to sign email in order to prove the identity of the sender?

Because that requires changes to end-user behaviour.

In any case, a signature doesn't prove identity unless you or somebody in your web of trust has checked the fingerprint. This means that it's only a little more useful than a manual whitelist when it comes to avoiding spam.

Re:OpenPGP Anyone?

[maxpublic]

t's only a little more useful than a manual whitelist when it comes to avoiding spam.

Last I checked, a whitelist-only approach was 100% effective at avoiding spam.

Max

Re:OpenPGP Anyone?

[JimDabell]

I didn't say "effective" though, did I? I said useful. I'd guess that most people want to recieve email from people they haven't whitelisted, making whitelists far, far less than perfect.

Re:OpenPGP Anyone?

100% effective and only 99% inconvenient, what a deal. Whitelist only is only workable if you never, ever want to be able to receive email from someone you aren't expecting to, and they never change their email address without letting you know in advance, and you don't mind manually updating your whitelist entries everytime you want to receive mail from someone else or someone on your list changes their address, etc. Its just not something that is workable for a lot of people, but if it works for you, then more power to you.

Re:OpenPGP Anyone?

[maxpublic]

Actually it's quite workable. You use a whitelist for your real email address, and then a throwaway webmail account (yahoo, gmail) for everything else. It's how I work it and it isn't inconvenient in the slightest.

I only get the mail that I want at my real email address, and every once in awhile I check my throwaway account to see if anything interesting has shown up from someone not on the whitelist.

It's not rocket science, boys.

Max

Re:OpenPGP Anyone?

[slamb]

Why not use something like gnupg to sign email in order to prove the identity of the sender?

Because there is no standardized way to say "if there's no signature, the message did not come from me".

Most people do not sign their messages with gnupg; it's ordinary to accept unsigned messages. Thus, there's no way for me to prevent people from forging mail from me. Which is most annoying - I regularly have to wade through all the messages sent in reply to viruses/worms I supposedly emailed out.

Re:OpenPGP Anyone?

[rikkus-x]

Confirmed. I haven't had any spam since I started using qconfirm.

Rik

Re:OpenPGP Anyone?

[Elwood+P+Dowd]

Meanwhile, you've been spamming everyone who's had their email address forged as the sender on your inbound mail.

Nice.

Re:OpenPGP Anyone?

You also won't get any email from major companies unless you manually add them yourself. Working for one of the biggest private companies in the world, it's standard policy to just drop automated whitelist requests - there's too damn many of varying types to be able to do it effectively. Ah well. If you don't want a response to your email from them though, I guess it doesn't matter.

Re:OpenPGP Anyone?

[SpaceLifeForm]

If you signed *all* of your e-mails, and you made it your standard policy, then you can refute forgeries.

Re:OpenPGP Anyone?

[slamb]

I said: Most people do not sign their messages with gnupg; it's ordinary to accept unsigned messages. Thus, there's no way for me to prevent people from forging mail from me. Which is most annoying - I regularly have to wade through all the messages sent in reply to viruses/worms I supposedly emailed out.

SpaceLifeForm replied: If you signed *all* of your e-mails, and you made it your standard policy, then you can refute forgeries.

No, you missed my point. What I'm concerned about is these replies to forged messages wasting my time. Refuting forgeries would be a further waste of my time.

SPF is a much better solution. Unfortunately, the people sending the automated emails are going to be the slowest adopters (since they're incompetent). But SPF at least gives me a way to say "any message which does not satisfy these criteria is a forgery".

Re:OpenPGP Anyone?

[dtfinch]

Hello <giant spam message in the from field>

Your message will not be delivered until you confirm your identity by clicking on this link.

Re:OpenPGP Anyone?

[tacocat]

maybe not, but how many millions of viagra ads do you have to troll through to find a real email? And how would you handle something like a mailing list based contact who wants to contact you directly?

Your rocket is in trouble

Re:OpenPGP Anyone?

[0x0d0a]

Because there is no standardized way to say "if there's no signature, the message did not come from me".

And we are proposing using DNS to distribute *exactly* that sort of information with SPF, but to have a less functional and much easier to attack system. Why not use GPG instead? There's a bit more CPU overhead, as you have to check, say, a two-signature-chain, but not much, and GPG is much more mature and better designed than SPF.

Remember that SPF has a bunch of problems that the designers just waved their hands at and said "well, you can use a trust network or something for that", like throwaway domains. And what system do we already have deployed and tested that *handles* trust networks? GPG!

Re:OpenPGP Anyone?

[0x0d0a]

It wouldn't work because you would only need to sign the first email, and then the next 10000 can be an exact copy of the first one.

So what? Sign the contents of the header as well, not just the body, and now if Bob lets you send email to him, you can send 10000 (well, unless he has a "rate limiting" cap on mail from you) emails -- but only to him. That's rather expected behavior, I'd say. If I don't accept any email that doesn't contain a "To:" or "Forwarded To" or "Bounced To" or whatever header containing my email address, I don't have a problem.

Sally, who still doesn't trust you, still doesn't get mail from you.

Re:OpenPGP Anyone?

[rikkus-x]

I stopped getting messages with From addresses of real people (but not sent by them) a long time ago, well before I started using qconfirm. I did think about that before I activated it.

Weren't those messages created by a virus? Most spammers seem to use completely fake addresses (the domain is just made up).

BTW, 'qconfirm list' gives the list of messages for which which it is waiting for confirmation from the sender. I have a cron job send me the new addresses once a day.

The only times I see addresses I need to allow through are when I've done something like entered my email address on some web form when asking to evaluate a product, then forgotten that I should be expecting a message.

The nice thing is, I can just accept this one message (qconfirm peek email-address) without allowing future spam through from that company. This is handy for those companies that insist on spamming you just because you downloaded their software, tried it once, and deleted it because it was crap.

Rik

Re:OpenPGP Anyone?

[Elwood+P+Dowd]

I stopped getting messages with From addresses of real people (but not sent by them) a long time ago, well before I started using qconfirm. I did think about that before I activated it.

Oh. That's at least 50% of my unwanted email.

Weren't those messages created by a virus?

Some of it is. My ISP disappears virus email within its first 24 hours. Most of it is confirmation or anti-virus software responding to a virus that forged my name. That's spam, though, and not virus email.

Re:OpenPGP Anyone?

[Elwood+P+Dowd]

Huh, so, I guess I answered my own complaint. qconfirm won't pester the people that sent you confirmation & anti-virus mail. It'll only pester the forged senders of viruses, which you say you never receive anymore.

bummer

bummer

FP

to nitpick...

[bomb_number_20]

it's 'compatibility'.

Just thought I'd do my part to halt the spread of bad spelling.

Thank you and have a nice day.

Are they purposely shooting their foot?

[chrispyman]

Seriously, does Microsoft think that highly of themselves that they can dictate a standard that requires a license from them? Sure they have a majority of the OS and E-mail clients, but I doubt they have a majority of the Mail Servers out there.

Re:Are they purposely shooting their foot?

[SilentChris]

Well...

Outlook is the most popular email client out there, bar none (think how many worms targetted it). Most people who use Outlook use Exchange, at least on a frontend level (my company uses Exchange popping off a more secure backend).

Even if Exchange wasn't being used in the majority of servers, the mere fact that so many people use Outlook as a frontend will dictate whether or not this will be accepted (and, knowing MS, they'll find a way to tie this into Outlook). Think IE, and how many sites are custom crafted to it.

Re:Are they purposely shooting their foot?

[grasshoppa]

No, actually, it won't.

If your front end servers are not exchange, I can't see a reason why you'd want this, as licensed. The objective of spam is to be delivered. That's it. Once it hits your server, the objective has been completed, whether or not it's filtered by a second stage server is irrelevant.

Re:Are they purposely shooting their foot?

[damiangerous]

Seriously, does Microsoft think that highly of themselves that they can dictate a standard that requires a license from them

You mean like Windows?

Re:Are they purposely shooting their foot?

[jgardn]

Yes, they probably think they have some control in the email arena. Unfortunately, they don't. All you have to do is look at the competing SPF-classic (spf.pobox.com) and you'll see that even Sender ID - a compromise between SPF and Caller ID - is failing.

People are wondering if Microsoft has any measurable quantity of email servers facing the real internet. Best practice is to put sendmail (or postfix or qmail or whatnot) between your exchange servers and the internet. Even now, people are proposing standards and practices that totally ignore how the exchange server functions, and the community for the most part doesn't seem to mind.

I think this is the "age of irrelevance" for Microsoft. The "real" internet doesn't even come into contact with Microsoft anymore. Companies don't have internet-facing Microsoft servers anywhere that I can tell. Those who do obviously aren't going to have much uptime. (Would you run a Microsoft server without a firewall between it and the internet?)

Re:Are they purposely shooting their foot?

What I fear that they will do is at some point make Outlook and/or Exchange either outright refuse to interoperate with mail servers that don't use their proprietary and patented technology, or at very least make their default configuration work that way knowing that most people are too lazy and/or unknowledgable to override that. That will effectively force everyone who develops or uses alternative email software to comply or else not be able to send/receive mail with the large number of Outlook/Exchange users out there. As you note, it doesn't have to be a majority, just a big enough minority for it to be inconvenient for people to ignore.

Once they've tied up the whole market with their IP, then they can yank the rug out from under competing email software by either refusing to license their patent or charging outrageous royalties. They might only do it for open source (or perhaps even only for GPLed packages), but it would still have an immensely chilling effect on the internet.

Their license does nothing to prevent them from changing it in the future, so their claims that they will license their patent out reasonably and without royalty are totally dependant on their honesty and integrity. Given their history, I am highly skeptical.

Re:Are they purposely shooting their foot?

[ePhil_One]

The objective of spam is to be delivered. That's it. Once it hits your server, the objective has been completed, whether or not it's filtered by a second stage server is irrelevant.

Thats the worst theory I've ever heard. Did you dump you newspapers in the trash and call them delivered? Spam isn't delivered until it gets in front of you. If it manages to get into my inbox where I can delete it after reading the subject, thats victory, +5 points; if I am tricked into opening it, +50 points. If it gets delivered to my spam folder without any imput from me and its one of 2 thousand messages I delete twice weekly without even noticing it, the most the spammer would get is some incremental thousandth of a cent because some fool paid him to deliver a million messages to /dev/null.

Speaking of which, I can deliver to a million+ distinct email addresses for you, and I'll guarantee at least 50% will trigger whatever tracking link you choose to embed in that email. All for the low low price of $5,000. Just send me a mail at FatTony@Gmail.com

Re:Are they purposely shooting their foot?

[A+nonymous+Coward]

Like Windows being the most common platform for mail transport agents, the platform upon which the vast majority of mail transport agents run, the platform which exerts so much total control over mail delivery that it can dictate terms to that puny leftover remnant of the nonconforming world.

NOT!

Re:Are they purposely shooting their foot?

[tonyr60]

Microsoft are the largest provider of email client (Outlook) and server (Exchange) but they have no where near the dominance of IE.

This survey http://www.theregister.co.uk/2004/06/21/email_busi ness_or_pleasure_pdf.pdf/
shows Exhange just over 40% of the business market and Outlook around 50% of the same market. A limited survey of home use I did showed Outlook about 40% with about the same number using Outlook (mostly express).

These numbers are way under the 80%+ of IE, office and Windows OS. So Microsoft does not have the same ability to manipulate the market.

Re:Are they purposely shooting their foot?

[T-Ranger]

The spammers may not have won if they havent gotten their mail to eyeballs. But sysadmins, people who pay for hardware, bandwidth, have lost as soon as it hits the server.

Re:Are they purposely shooting their foot?

[RzUpAnmsCwrds]

"I think this is the "age of irrelevance" for Microsoft. The "real" internet doesn't even come into contact with Microsoft anymore. Companies don't have internet-facing Microsoft servers anywhere that I can tell. Those who do obviously aren't going to have much uptime. (Would you run a Microsoft server without a firewall between it and the internet?)"

Apparently, the 2nd, 4th and 6th largest websites in the US aren't part of the "real" internet.

Re:Are they purposely shooting their foot?

[zrail]

Care to list those sites? I'm getting, as the most requested sites by Netcraft, these sites running Windows/IIS:

• https://www.microsoft.com
• http://www.swlstg-tr.nhs.uk
• http://www.linuxworldexpo.com

All of the rest in the top 10 are running Linux, FreeBSD, or in the case of Google, something custom.

Re:Are they purposely shooting their foot?

[Drakon]

See alexa for the list of the highest hit sites.
currently, the top 10:
1) Yahoo! (FreeBSD)
2) MSN (Windows/FreeBSD)
3) Google (Linux/Unknown)
4) Microsoft (Windows)
5) Passport (Windows)
6) Ebay (Windows)
7) Amazon (Linux/Unknown)
8) OfferOptimizer (Linux/Unknown)
9) Fastclick (Linux)
10) Doubleclick (Windows)

This is only a representation of web servers, However, since 80% of mail is spam (according to a previous slashdot story) and 80% of spam comes from hijjacked windows computers, it stands to reason that a good number (probably a majority) of the mail in the world originates at a windows MTA.

Re:Are they purposely shooting their foot?

But sysadmins, people who pay for hardware, bandwidth, have lost

Those things are paid for by customers or if you have a dot b/com/b then the VC's paid for it.

Re:Are they purposely shooting their foot?

[Breakerofthings]

You're kidding, right?
Where have you been the last 10 years?
That is one of the things that M$ is (in)famous for ...
'embrace and extend', and the general bastardization and proprietization (yeah, I made that word up ... sue me :) of internet standards, all in the name of incompatibility.
For Microsoft, 'compete' != create a better product and/or sell it cheaper,
'compete' == drive everyone else out of business/out of the market, so that they are free to fuck the consumers to their heart's content
By corrupting standards, they make non M$ products incabable of working smoothly with M$ products ... and due to their market penetration, it gives the illusion that the incompability is due to the non-M$ software being crappy. They don't compete by improving their own products, they compete by sabotageing their competitors' products ... the clearest, most blatant abuse of monopoly power I am aware of.
That is why M$ is 'evil' ... and so reviled, not because their products suck.

Microsoft is afraid to compete on merit, because they know that they cannot.
That is what the GNU/Linux 'movement' is all about ... it will continue to erode M$ market share, it will continue to gain momentum, because it is a product of vastly superior quality. (it lacks some bells and whistles, sure, but that's not really the same thing now, is it?).
Free OSes, like GNU/Linux, (Free|Open|Net)BSD will continue to increase in popularity, if gradually, until (if ever) M$ accepts this, and focuses on product quality.

Now, I believe, and hope, that many of the other posters are correct; that M$ does NOT have the clout in the email market to pull this off ... But the question was, do they Think that they can ... You're damn right they do. That tactic has worked wonderfully for them in the past, why not now?

Current Climate...

[Manip]

In the current climate you could never produce a HTTP/SMTP type protocol because everyone is out to make money and gain power. What Microsoft has done is take a relatively open protocol and slapped a 'Microsoft Property' sticker on it, this will effectively limit its usefulness even if they are not charging a penny.

What is stopping them from letting it catch on and then asking for $1 from each project?

Re:Current Climate...

[abramsh]

"What is stopping them from letting it catch on and then asking for $1 from each project? "

The license agreement they make you sign.

Re:Current Climate...

[yamla]

Read the article. Section 2.4 "possibly fails Tentacles of Evil test".

Re:Current Climate...

[perlchild]

Their word, it's not worth much, but it's there.

In the future, I'd recommend the IETF just make sure any standards it endorses includes a poison pill for would-be patenters contributing to standards, that if it changes the rights of patentees in the future, after it's become a standard, to restrict them in any discriminatory way, that it must pay the cost of developing the next, non-compatible(yet non-infringing on the patent) standard.

Let's face it, IBM wouldn't write compatible technology, because they'd have to cross-license their patents to Microsoft in order to get it, but neither can IBM afford to have a product that's incompatible with an IETF standard.

I'm all for rewarding the developer of a technology for doing useful work, I'm all against technologies being discovered useful only once the dollar signs come in. I'm pretty sure the IETF's stance on patents is due to the fact that it has to standardize what are often de-facto standards, picked by market effects to be the best technology. Now Microsoft is abusing the process, in order to use the IETF as a marketing weapon against its competitors.

Now my opinion is that patents and standards are exact opposites, and if you want a patent, you should just stay away from standard bodies until your patent runs out, and they should stay away from you. The patent owner and the standards body just have opposite goals:

The standards body wants to reduce the work and costs involved in increasing the number and likely hood of people using best practices and technologies, by agreeing on them and publicising them. In the knowledge fields, a standard has the force of law, simply because knowledge of a best practice being a best practice, means any other way of doing things has to be justified. The best practice is simply, better. The patent owner wants to make a maximal profit out of whatever use of his technology. That means those who compete with the patent owner cannot use the technology without the patent owner not having what he wants. The difference is fundamental, and a conciliatory position by Microsoft, as generous as it may be, is suspicious, simply because it's against their own interest

Well with the possible exception of removing "random" spam would allow them to become the only source of email advertising for their hotmail users, but in this case, their interest it would be magnified if they can deny it to _someone_, say aol, who would be denied from licensing the patent without some counterpart being presented to Microsoft. Can they exclude AOL reasonably without being discriminatory, I wonder, since IANAL, but I can certainly see their advantage in doing so.

Re:Current Climate...

[SillyNickName4me]

I am not so sure that IBM would be unwilling to cross-license with them.. they have done a fair share of it in the past (also after the OS/2 fallout)

Re:Current Climate...

[grahamm]

Now my opinion is that patents and standards are exact opposites, and if you want a patent, you should just stay away from standard bodies until your patent runs out, and they should stay away from you. The patent owner and the standards body just have opposite goals:

Especially considering that the (original) objective of patents was to provide an incentive for inventors to publish details of their inventions rather than keep them as trade secrets. Surely a standard serves the same purpose, if the invention is incorporated in a standard then it it published.

Re:Current Climate...

[goldfndr]

In the future, I'd recommend the IETF just make sure any standards it endorses includes a poison pill for would-be patenters contributing to standards, that if it changes the rights of patentees in the future, after it's become a standard, to restrict them in any discriminatory way, that it must pay the cost of developing the next, non-compatible(yet non-infringing on the patent) standard.

To avoid them spinning off a company for a couple of months to license royalty-free only to pass the patent to someone else later that might discriminate, the poison pill should include that whoever inherits/owns the patent also inherits the liability of funding future development.

Re:Current Climate...

[youritadvisor.com]

What is stopping them from letting it catch on and then asking for $1 from each project?

The licience that they are currently offering

Re:Current Climate...

[Thundersnatch]

Their word, it's not worth much, but it's there.

How about a legally binding contract. That's what the license agreement is. Is that worth "much"?

The license is free (as in cost), and only revocable by either party under very specific circumstances (like you selling software contraining the PRA alogrithm without getting a commercial license).

IF MS were to attempt to charge for the use of the PRA algorithm after you agree to the initial license, you could sue them for breach.

It's all detailed there. RTFA, RTFL, and take off your tinfoil hat...

Why the hatred?

First MS decides to take on Linux and now they want to stomp out spam. Why do they have such a problem with meat-like products in a can?

Signed agreement

[burgburgburg]

Lock of hair
Three drops of blood
Other fluids (defined in separate document)
Provide access for nanoprobes (Resistance is futile, after all.)

I'm in!

Re:Signed agreement

[Briareos]

Resistance is futile, after all.

I know you'll be shocked by it, but over here resistance still is voltage divided by current.

np: Guitar - House Full Of Time (Blue Skied An' Clear comp.)

First!

First I Did Coke With Quincy Carter post!

cheeky sods

you have to laugh at their cheek, well its license free or you can forget it microsoft, its not open to debate , email is not for sale at ANY price
because its patented and i have to enter a non-negotiable deal i shall continue with regular smtp until the FOSS community can suggest something else

Invalid Origin

How about a registry?

You are not allowed to send email because the sender IP address or domain is not registered for this address.

Re:Invalid Origin

What do you think SPF does, dipshit?

Rediculous

it's 'compatibility'.

What a rediculous error

Just thought I'd do my part to halt the spread of bad spelling.

It's a priviledge to meet one such as you.

Why not create another solution?

[Flower]

Note: I have not gone into all the gory details of this issue but I did RTFA. So here goes:

OpenBSD did it when they made CARP. Cisco wouldn't play so not only did the OBSD team create a new solution but they created a superior solution. Is there any reason why the FOSS community could not come up with an alternative and try submitting it to the IETF? (I do know that the OBSD developers got stuffed when they tried this but maybe it might work here.)

Re:Why not create another solution?

[eln]

Microsoft has a whole lot more leverage to push their own solution. If Microsoft decides that their way is the way to go, they can implement it in all of their product offerings, thus forcing others to follow suit or risk being cut off from the vast majority of the Internet using public.

The Open Source community can, and has, come up with competing standards, but bringing enough pressure down on Microsoft to force them to comply is a whole lot harder, since they hold all the cards.

The only hope, then, for an open source competing standard to succeed, is to make the open source solution so obviously superior that even Microsoft users can see its superiority, and bring pressure to bear themselves to force Microsoft to support that standard.

Re:Why not create another solution?

[SilentChris]

... and MS holds 95% of the desktop market along with an ever-increasing server market (a lot of places are dumping Groupwise for Exchange).

The reason why FOSS solutions dominated in the architecture of email was because no big company created a serious alternative. MS has created a new standards to compete with other standards for id'ing mail. FOSS isn't even out of the gate with a 1.0 solution yet. Guess who's going to win?

Re:Why not create another solution?

[Arcturax]

If Microsoft decides that their way is the way to go, they can implement it in all of their product offerings, thus forcing others to follow suit or risk being cut off from the vast majority of the Internet using public.

Where do I sign?

Re:Why not create another solution?

[SoSueMe]

or risk being cut off from the vast majority of the Internet using public.

Cripes! Where do I sign on for this? (or not, for that matter)

Re:Why not create another solution?

Is there any reason why the FOSS community could not come up with an alternative and try submitting it to the IETF?

No need to come up with an alternative; the FOSS community came up with the first thing. Only they called it SPF (Sender Policy Framework), not Caller ID for E-Mail. I'm not sure what the patents in question are; it wasn't clear to me from the FAQ.

Re:Why not create another solution?

"FOSS" as you call us (not that we're really a coherent whole, unlike the nazi army of microsoft), actually DID come up with a solution - SPF. Then microsoft tried to worm its way in, embracing SPF and then extending it (sound familiar?) with their "Caller ID" to make "Sender ID".

Fact of the matter is, Microsoft just can't be trusted. They're perfect psychopaths. And people keep saying lets give them one more chance. Then (and rather unsurprisingly at this stage), microsoft metaphorically strips their victims skin and makes a fetching little black leather number. Or something like that.

Re:Why not create another solution?

[kindbud]

Microsoft has a whole lot more leverage to push their own solution.

No they don't, not in this case. If Sender-ID client code is only deployed among Microsoft products, then communicating with Microsoft products may require an administrator to put some records in their domain zone file. Microsoft cannot yet prevent me from putting the DNS records in my zone that their software is looking for. I wouldn't put it past them to try, but it doesn't seem like they can have any IP claim over a string in a TXT record.

But I don't have to use or deploy any software that uses any Sender-ID patented algorithms. Email for my users will still be delivered as usual, whether my MTA checks Sender-ID records or not.

The worst that can happen is that people will face a choice of whether or not to put Sender-ID records in their DNS, if they wish to communicate with Microsoft products that enforce Sender-ID protocol.

Re:Why not create another solution?

At one point IBM had a bad reputation as the abusive monopoly. It took years and loss of market share for them to turn into a service company that listened to their customers.

Microsoft is apparently trying to change their reputation and play nice with others. If they are serious about it then it will take years. The scars are too fresh from all the damage they have done to heal quickly.

MS Hypocrisy

[Mike+deVice]

So... Microsoft claims to be fighting the good fight on spam. But they then require a license to use Sender ID. It's my hope that people will have the sense to use regular SPF, and let Sender-ID die.

Re:MS Hypocrisy

Microsoft crash the party and trash the standard. It's their modus operandi, film at 10 years ago!

Re:MS Hypocrisy

I think /. should have a rule that SPF cannot be brought up during _any_ discussion of spam and vice-versa.

The pobo's FAQ says SPF not for stopping spam or reducing the level of spam but all the SPF supporters act like it will, and everyone who is anti-SPF (for good reasons) are pro-spam. I am tired of it.

This is great news

Everytime someone submits the licensing paperwork to Microsoft, someone at Microsoft must spend time (and therefore money) to process it.

Let the slashdotting begin!

Re:This is great news

[iceknife]

Everytime someone submits the licensing paperwork to Microsoft, someone at Microsoft must spend time (and therefore money) to process it.

Let the slashdotting begin!

"Business at the Speed of Thought" by Bill Gates devotes a lot of pages to having all business processes automated.

All slashdotting will do is help test the scalability of their systems :-)

Athens Olympics' idiotic linking policy

[ArsenneLupin]

In order to place a link embedded in copy interested parties should: a) Use the term ATHENS 2004 only, and no other term as the text referent; b) Not associate the link with any image, esp. the ATHENS 2004 Emblem (see paragraph below); c) Send a request letter to the Internet Department stating: Short description of site; Reason for linking; Unique URL containing the link (if no unique URL than just the main URL); Publishing period; Contact point (e-mail address).

This small blurb was sponsored by your favorite running shoes

prefer DomainKeys

I like Yahoo's DomainKeys solution more; it's open and Sendmail already supports it.

see http://antispam.yahoo.com/domainkeys

Sadly, what I like usually loses the battle. I am sure that all the MS-sexchange-servers out there will start using/insisting on SenderID... :(

Re:prefer DomainKeys

[WD_40]

You raise a good point. MS will use it's Exchange server base as a launch pad to make everyone else play their game. Open source servers can easily be modified to support MS's BS, but I'm sure Exchange won't play nice with other open standards. *Sigh.* Here we go again.

Re:prefer DomainKeys

Microsoft keeps bullying the rest of the world because they control the client side. FOSS controls the server side, we can
effectively bully microsoft this time, just imagine if all open source servers refused to deliver email to exchange servers

Re:prefer DomainKeys

And that will be another reason for people to move away from exchange if it doesn't support the prevailing anti-spam standard...

The people affected (getting more spam) will be the ones not using the standard...

Re:prefer DomainKeys

[imroy]

Even better, SPF doesn't necessarily compete with DomainKeys.

SPF enumerates which servers are allowed to send email for a certain domain.
DomainKeys authenticates individual email messages as having come from a certain domain.

Together they could be quite effective against spam. In particular, Yahoo also talks about building a reputation system on top of DomainKeys. The idea is that a spammer would quickly find the 'reputation' of their domain going down and soon no email server would accept their email.

Re:prefer DomainKeys

[miley]

I'm not so sure it will lose. AOL and Earthlink have both publically said they will be supporting DomainKeys in the very near future. Add Yahoo (which hosts SBC and British Telecom's mail) to the mix, with a more elegant and open solution, and I think there is a chance...

Re:prefer DomainKeys

[macdaddy]

Enter anti-trust/monopoly litigators stage left...

Re:prefer DomainKeys

Right except the spec may be open but they want everyone with a freaking SMTP server to donate money to verisign - I don't count that as "Open" they could have created a true open spec by separating the verification that a msg came from a given server and the level of trust that should be afforded to that server by your server - there is a natural break there since not every trusts the same "root" cert issuers.

So if I spin a 4096 bit cert for my super secret club mailing list, my list members can assign it a high level of trust, if they want but that is completely separate from the check that they can be damn sure that it really can from my super secret SMTP server.

Screw Yahoo and Verisign.

Jeez

[The+Bungi]

I know this is yet-another-example-of-MS-is-teh-evil and all that, but this

Compatability with the Open Source Definition, the Free Software Definition, the Debian Free Software Guidelines, and the GPL/LGPL licenses is already in question.

Is just ridiculous. How many things must something be "compatible" (whatever that means in each context) with before it can be considered "good" considering most of you can't make up your minds about them to begin with?

If you guys spent less time arguing who has the better license or "teh freest stuff" or fighting in GNOME vs. KDE and is it GNU/Linux or GNU/Not flamewars and more time building software that is easy to use and doesn't require an IQ of 160 to configure (end user testing would also be good) you'd be giving Microsoft a run for their money by now.

Re:Jeez

[maxpublic]

And if we didn't have to wade through the crap that trolls like you post on a regular basis, the overall IQ of Slashdot would jump high enough to qualify everyone here for Mensa.

Max

Re:Jeez

[Soko]

Is just ridiculous. How many things must something be "compatible" (whatever that means in each context) with before it can be considered "good" considering most of you can't make up your minds about them to begin with?

It's considered good when anyone can play the game under the exact same rules, regardless of how much money, prestige and lawyers they have. That's what an "Open Standard" is defined as - an agreement on a set of rules that is there for all to see and use. Microsoft still doesn't get the "Open" part, it seems.

...blatent troll snipped...

Sigh.

Soko

Re:Jeez

[DunbarTheInept]

If the license they use is not compatable with use in an open source tool, and their system ends up taking off, then the end result is that all people using open source e-mail clients will be misidentified as "spammers" and thus unable to send e-mail to people who do participate in this system.

Are you unable to see what's bad about that - cutting all open source out of the use of e-mail - so that this once open standard gets nicely hijacked and "owned" by MS?

Re:Jeez

[Vicegrip]

I know this is yet-another-example-of-MS-is-teh-evil ... blah blah .... Is just ridiculous. How many things must something be "compatible" ...

When you are talking about email protocols, you are darned tooting right that nobody wants to have to 'ask nicely to Microsoft' for the permission to implement the standard.

Simplified for our trolling friend here: if you want people to play by certain rules you don't first tell them they need to ask you first if it's ok for them to obey those rules.

Re:Jeez

[The+Bungi]

That's nice. However, what you and your friends think about Microsoft is one thing - what the world at large thinks about you when you claim that some standard or license or patent isn't compatible with your five slightly different interpretations of the words "open" and "free" is another.

Re:Jeez

[The+Bungi]

Awww, look - maxpubic. After all this time, he's back and more retarded than ever.

Re:Jeez

The DFSG/OSI definition is sufficient, and you're a known microsoft astroturfer. Why do you even bother?

And M$ isn't supposed to be funny - it's a commentary on Micro$oft's rapacious greed. The $ symbolises evil in most places outside the U$A now.

Re:Jeez

[Flower]

"You guys"? WTF? Are you actually so misguided as to think everybody posting here is holding up FOSS development with our little /. debates?

From what I've seen looking at the major FOSS development communities you listed they code and just keep moving on. Nobody is really wasting tons of time going on COLA and spending hours debating whether it should be GNU/Linux or just Linux.

Now the people that are debating this in the IETF? Well that's their job. This stuff needs to get sorted out so the proposed standard can be applied as widely as possible. Considering how deep FOSS is in the email infrastructure I, as a user and administrator, want this debate on whether the proposed changes are compatible or not.

Re:Jeez

[The+Bungi]

When you are talking about email protocols

Read my post again dumbass. I'm not even saying that it's good or bad for this thing to be beholden to a "standard" or an interpretation of what's "free" or "open" or what's at stake if that's not the case - it's the fact that you have five different ones to pick from, all slightly different and all claiming to be the The One True Way (TM) to open nirvana.

Simplified for our trolling friend here

Thanks. And fuck you, too.

Re:Jeez

I know, prison wasn't kind to Max. Too many guys he had to "dance" with.

Stay away from the kids next time Max

Re:Jeez

sez the AC.

Re:Jeez

[kfg]

. . . software that is easy to use and doesn't require an IQ of 160 to configure (end user testing would also be good)

I agree that end user testing would be good, but frankly I like software targeted at users with an IQ of 160. There's a real place for software you don't have to be that bright just to get something done.

KFG

Re:Jeez

[Vicegrip]

...fuck you, too

No thanks. But feel free to try yourself on a dry splintered piece of drift wood anytime.

Re:Jeez

[maxpublic]

What wit the two of you possess. It seems all that time in your parents' basement has honed your sense of humor to a razors edge.

Max

Re:Jeez

[dekeji]

How many things must something be "compatible" (whatever that means in each context) with before it can be considered "good" considering most of you can't make up your minds about them to begin with?

This isn't a question of "good" or "making up one's mind" or "arguing". The patent licensing requirements are just incompatible with the GPL and other OSS licenses--that's a legal fact. Therefore, IETF SPF can't be fully implemented by OSS--there is nothing to debate or negotiate or decide.

Now, there are two possible consequences: either hundreds of thousands of OSS developers throw away all their existing code (whose licenses they can't change) and start over, or they just don't implement IETF SPF. Which one do you think is more likely to happen?

you'd be giving Microsoft a run for their money by now.

OSS developers generally don't care about Microsoft's money; the only thing they care about is when Microsoft interferes with their ability to develop and use software.

Re:Jeez

i'm not sure if it's a client issue or a server issue (SPF confines itself to server concerns from what i can tell, leaving the clients to be lightweight/stupid, but Sender-ID may be entirely different, for all i know), but, either way, if the e-mail world "forks" and there is a world for MS clients and servers and a world for everybody else, MS does nothing but monopolize the SPAM-afflicted e-mail world of its making unto itself, leaving the unfortunate incompatibles in a world without Windows clients and servers to be hijacked and used as SPAM sources, and the presence of Sender-ID will become nothing more than a tip-off to drop a SPAM-bearing connection/message/whatever bears its hallmark, just as

Server: Microsoft-IIS/xxx

currently serves notice that you're entering the world of trustworthy web servers keeping the world ``safe for scripting'' for those with a cooperative and feature-rich web browser that can help automate mundane tasks like installing spyware and opening helpful chm files

so, yeah, good riddance to MS stuff in standards-based e-mail space. if they will fully retrench to their selling-everybody-on-MSN scheme, all the better

Re:Jeez

[maxpublic]

And just because I can, and I love pissing off Mensa members and the Billy-G Blowjob Team:

"And if we didn't have to wade through the crap that trolls like you post on a regular basis, the overall IQ of Slashdot would jump high enough to qualify everyone here for Mensa."

Max

Re:Jeez

[jhereg]

> The patent licensing requirements are just incompatible with >the GPL and other OSS licenses--that's a legal fact. Therefore, >IETF SPF can't be fully implemented by OSS--there is nothing >to debate or negotiate or decide.

Having read thru the thread on the madrid mailing list this
is a patently false statement. There is disagreement about
wether or not there is a problem. The IETF Legal counsel
has not to the best of my knowledge published a finding one
way or the other.

As most people on the Net are not lawyers it might actaully be
more useful to look at this license in terms of how it compares
to other licenses granted the IETF. Is it more or less restrictive?
Even if it does pass the sniff test it may be that it takes a step
down the road to being more restictive then we would like.
On the otherh and if it looks like all the legalese from all
the other companies then maybe it'll be ok.

Re:Jeez

[dekeji]

Having read thru the thread on the madrid mailing list this is a patently false statement.

The Open Source definition states clearly:

7. Distribution of License

The rights attached to the program must apply to all to whom the program is redistributed without the need for execution of an additional license by those parties.

Clearly, this would be violated if using the source would require execution of a license with Microsoft. That the MARID people don't understand this is just a testament to how naive they are.

The IETF Legal counsel has not to the best of my knowledge published a finding one way or the other.

Well, another example of how out of touch the IETF is; this is something that IETF Legal counsel should have checked during negotiations with Microsoft and before much work was expended on the standard.

As most people on the Net are not lawyers it might actaully be
more useful to look at this license in terms of how it compares
to other licenses granted the IETF. Is it more or less restrictive?

You're missing the point. The point is that the question of whether the IETF standard will be adopted by OSS is not something that OSS developers have the power to decide or negotiate over (as the parent poster suggested), it doesn't depend on whether the license is "good" or "more restrictive" or "less restrictive", and it doesn't depend on whether Microsoft is making an honest effort or trying to control the world. Whether the IETF standard will be adopted by OSS simply depends on whether the licenses required for the IETF standard are compatible with the definition of OSS. If they aren't, then, by definition, OSS software can't implement it.

Re:Jeez

[doctormetal]

If the license they use is not compatable with use in an open source tool, and their system ends up taking off, then the end result is that all people using open source e-mail clients will be misidentified as "spammers" and thus unable to send e-mail to people who do participate in this system.

That only will happen if say at least 95% of all smtp servers are run by microsoft software and this isn't the case. The rejection rate of e-mail will be too high. If this happens, email will be dying slowly.

Re:Jeez

[youritadvisor.com]

If the license they use is not compatable with use in an open source tool, and their system ends up taking off, then the end result is that all people using open source e-mail clients will be misidentified as "spammers" and thus unable to send e-mail to people who do participate in this system

distributing it as binary does not have the patent requirements, all an open source email client needs to do is have a plug in interface for the BINARY add ons that will support this functionality and THIS WILL NEVER HAPPEN

Re:Jeez

[jhereg]

Really well how naive is Eben Moglen? Because he is not saying
its a "legal fact" thats its incompatible with all Open Source
licenses. When he was shown the section on relicensing
he did not say "it violates the GPL" HOWEVER after getting
a copy of the whole license he has now said:

"it may prohibit use under the GPL"

I encourage pleople to read:
http://www.newsforge.com/article.pl?sid=04/ 02/26/1 448253

This seems to be almost identical to the issue that came up with
the MS XML Schema patents and the W3C thought their license
was ok.

The IETF uses RFC3668 for patent issues and MS may well
have met all their requirements.

As far as your last point please I'm not concerned with wether
it meet your definition of OSS (Or anyone elses) I am concerned
with is it better or worse then license that have already been
accepted and are in use in software and protocols around
the world.

I am not saying I think this license is a Good Thing.
I'm not thrilled with it and if there is a solution that
is just as good but unencumbered then I think thats the right
direction.

Re:Jeez

[The+Bungi]

The two of you? Huh? Are the voices in your head bothering you again maxpubic?

Re:Jeez

[The+Bungi]

Yes I do, actually. Maybe it's tunnel vision - the same way "you guys" apparently think Microsoft is the only company in the planet that charges money for software.

Perhaps it's rubbing off, mmmm?

Re:Jeez

[The+Bungi]

Ah, Bashdork. Gotta love it.

Jeez, posted to MS Releases License For Sender-ID, has been moderated Flamebait (-1).

It is currently scored Flamebait (0).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Insightful (+1).

It is currently scored Insightful (1).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Insightful (+1).

It is currently scored Insightful (2).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Troll (-1).

It is currently scored Insightful (1).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Insightful (+1).

It is currently scored Insightful (2).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Flamebait (-1).

It is currently scored Insightful (1).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Insightful (+1).

It is currently scored Insightful (2).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Troll (-1).

It is currently scored Insightful (1).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Overrated (-1).

It is currently scored Flamebait (0).

------
Jeez, posted to MS Releases License For Sender-ID, has been moderated Flamebait (-1).

It is currently scored Flamebait (-1).

Re:Jeez

[dekeji]

As far as your last point please I'm not concerned with wether it meet your definition of OSS (Or anyone elses) I am concerned with is it better or worse then license that have already been accepted and are in use in software and protocols around the world.

Well, then you are missing the point. The point is that there is lots of software distributed under OSS licenses, licenses that conform to the official OSS definition. Since Microsoft's licensing terms for this patent are incompatible with the OSS definition, that means that packages that incorporate Microsoft's patented invention cannot be distributed under an OSS license anymore.

So, that means that there are several things that can happen: (1) OSS developers change their licenses to make them compatible with Microsoft's terms, (2) OSS developers challenge or ignore the patent, (3) OSS developers don't use Microsoft's patented invention (they come up with their own system), or (4) OSS developers ignore Microsoft's sub-licensing restrictions and just redistribute the software in source form without executing license agreements.

You seem to think that (1) will happen because Microsoft's terms seem pretty benign to you. I'm telling you, hell will freeze over before people change their OSS licenses to accomodate such licenses--not because they are stubborn, but because it's impractical. (2) would be an option in this case, but it isn't worth it, since the feature that Microsoft patented isn't all that important and since there are non-patented alternatives around.

(4) is a real worry because it would give Microsoft grounds for making claims on OSS projects. But the community is mature and smart enough not to let that happen and all major OSS development portals and organizations are going to see to it that that doesn't happen with software under their control.

So, it will come down to (3): OSS developers will do their own thing and Microsoft will have yet another proprietary feature that works only among a few products in the Microsoft universe. Of course, that's nothing new.

The major effect of this is that people will take the IETF even less seriously than they already do.

Re:Jeez

[DunbarTheInept]

Why do you think it requires such a high percentage? All it requires is that MS doesn't play nice and the others do - then you have the situation where using MS gets you access to e-mail with the whole world, (since they aren't going to cut MS out), and using open-source gets you access to a subset of the world. Even if the difference is only 20% or 30%, that's enough to matter.

Re:Jeez

[DunbarTheInept]

all an open source email client needs to do is have a plug in interface for the BINARY add ons that will ...
...that will make it stop being open source at that point.

Re:Jeez

[jhereg]

There are other licenses besides FSF. People already
appear to be saying that there are license that would be fine
Sendmail Open Source License,BSD license,IBM Common Public License amoung them.

"The major effect of this is that people will take the IETF even less seriously than they already do."

Which will still be way more seriously then they take the FSF folks.

It'd be nice if you consider the whole of what I actually wrote,
I already said that I think its likely its not the best idea
but I won't dismiss it out of hand on purely religious reasons.
I never said that they I think the terms are begin or that OSS
folks will change their license. I said:

1) An FSF lawyer has not said with certainity there is a conflict
(unlike your legal fact rhetoric) It appears they may vert
well come down on that side

2) There is more then one type of license for freely distributed
software.

3) It always makes sense to look up to see if the world is
passing you by; IE if this type of license is being accepted
by the IETF and W3C maybe things are changing and the
OSS community should be aware of that.

Re:Jeez

[dekeji]

There are other licenses besides FSF. People already appear to be saying that there are license that would be fine Sendmail Open Source License,BSD license,IBM Common Public License amoung them.

Those licenses may be compatible with Microsoft's patent licensing requirement, in the sense that you can put those licenses on a piece of software and also impose a patent licensing requirement. But once you incorporate the patented invention into, say, a piece of BSD-licensed software, the end product is not BSD-licensed anymore, it is covered by a "BSD-license with additional restrictions".

And that's not an academic or semantic distinction: those additional restrictions seriously interfere with day-to-day open source software development.

but I won't dismiss it out of hand on purely religious reasons.

And that's your problem: you dismiss the FSF's concerns as "purely religious reasons". They aren't. The FSF and other OSS community members are concerned about the costs that such license changes impose on their projects and operations, and those costs are high.

It always makes sense to look up to see if the world is passing you by; IE if this type of license is being accepted by the IETF and W3C maybe things are changing and the OSS community should be aware of that.

The OSS community is fully aware of what is happening and that some institutions are trying to go in that direction. Whether that's a good thing for the industry is one question.

But one thing is absolutely clear: software that comes with such restrictions does not meet the definition of open source software and it means that software falling under such restrictions cannot be developed under an open source model anymore. So, if the IETF and the W3C are releasing standards with such licensing requirements, they are saying that they are not interested in open source implementations.

The problem with people like you is that you lack the courage of your own convictions: you think that OSS developers are just a bunch of religious morons that complain too much, yet you are afraid to come out and say that we don't need OSS development. You want the buzz-word value of OSS licenses while imposing non-OSS licenses on developers.

Re:Jeez

[jhereg]

"And that's not an academic or semantic distinction: those additional restrictions seriously interfere with day-to-day open source software development."

They do interfere and I think thats a bad thing. Is it a lethal
thing, maybe I'm not done investigating yet. Some people
seem to think it might be work. It is clearly not a good
thing but perhaps it will end up acceptable.

"And that's your problem: you dismiss the FSF's concerns as "purely religious reasons"

No its not thank you very much. If it were I wouldn't be interested in what their lawyer had to say. I don't dismiss
anything out of hand. Your post was well in advance of any
comment by them.

"The problem with people like you is that you lack the courage of your own convictions: you think that OSS developers are just a bunch of religious morons that complain too much, yet you are afraid to come out and say that we don't need OSS development. You want the buzz-word value of OSS licenses while imposing non-OSS licenses on developers."

Could you try to argue the facts or at least logical inferences
that might be drawn from what I've said. Did I ever say OSS
developers should implement it, no - I've said some
might be able to under the licenses they use. I've said
given equal alternatives that are less encumbered one
should chose those alterntives.

I don't want nor can I impose anything on OSS developers.
I'm not afraid to come out and say anything I believe I just
don't happen to believe the words you are trying to
stick into my mouth.

I do believe *SOME* OSS developers are religious morons
who whine incessitantly, I also know some I like and
respect, as for the rest I can't say one way or the other.

Re:Jeez

[doctormetal]

Why do you think it requires such a high percentage? All it requires is that MS doesn't play nice and the others do - then you have the situation where using MS gets you access to e-mail with the whole world, (since they aren't going to cut MS out), and using open-source gets you access to a subset of the world. Even if the difference is only 20% or 30%, that's enough to matter.

You are missing the point: if oss mail servers are unable to implement the sender-id and microsoft servers do use it. Then you have the problem that ms server can send e-mail to everybody, but cannot receive a lot of email (no sernder-id). In this case ms servers are considered to be unreliable for receiving e-mail. Most email users don't care about sender-id of spf; they want their email to be delivered.

Re:Jeez

[dekeji]

Could you try to argue the facts or at least logical inferences that might be drawn from what I've said. Did I ever say OSS developers should implement it, no - I've said some might be able to under the licenses they use.

But that isn't true--you cannot have a piece of open source software (i.e., something that meets the definition of open source) that incorporates patented technology that requires developers to execute individual patent licensing agreements with Microsoft.

I don't want nor can I impose anything on OSS developers. I'm not afraid to come out and say anything I believe I just don't happen to believe the words you are trying to stick into my mouth.

It's clear that you feel uncomfortable with when I restate your position in the way I did. What I am saying is that I think your position amounts to that: you think OSS developers should consider incorporating such licenseable technology into their software. You just don't recognize that such a suggestion is pretty much the same as if you said "guys, why don't you consider giving up on this OSS stuff altogether and just develop proprietary software". Your intention may not be to say something so obviously controversial to OSS developers, but that's what it amounts to.

And I believe you when you say that you personally are in a position to impose anything on OSS developers (that's why I said "people like you"). But your view reflects the views that the IETF committee members have stated regarding these kind of licenses, and the IETF is indeed trying to use its clout as a standards body to change the way OSS developers develop software. But, like you, the IETF is apparently unwilling to state clearly that their position is the same as basically telling OSS developers "we don't want you to implement our standards under OSS licenses".

Re:Jeez

[DunbarTheInept]

You're forgetting the powerful FUD factor. The misleading idea the public would get would not be "MS servers are unreliable". The idea they will get is "OSS servers are unreliable because people keep using them for spam, and that's why MS has to cut them off." It's not true, but it's the perception people would have because that's precisely what the MS software would be telling them.

Re:Jeez

[jhereg]

"But that isn't true--you cannot have a piece of open source software (i.e., something that meets the definition of open source) "

Hmm this maybe a semantic issue and as I am not up on
all the correct definitions I'll concede as stated you maybe right.

How about even with this license some people may produce
freely availalbe code that may be used folks on the Net.

"It's clear that you feel uncomfortable with when I restate your position in the way I did"

Well as it does not come close to reflecting what I feel my postions is I do have some issues with it. Particularly
calling my conviction into question and stating I believe
as OSS developers are relgious zealot whose opinions
I reject out of hand.

"You just don't recognize that such a suggestion is pretty much the same as if you said "guys, why don't you consider giving up on this OSS stuff altogether and just develop proprietary software"

Wow an excellent use of the logical fallacy of the false delimma allow me to compliment you.

The IETF also has rules/guiding principle and such, so you
are saying OSS's rules should trump those?

I'm not saying they are correct or that your principles are
any less worthy just that you entire argument could
be turned on its head and used to support an IETF postion.

Please note I have never said OSS developer should write
this software using this license just that they should examine
the whole pciture before rejecting it. Your argument
was this the licenses are complety incompatible and thats a
legal fact. Maybe you are the worlds greatest IP lawyer
I don't know but I found that claimto be an exaggeration.

I seriously doubt the IETF is trying to tell OSS developers
anything. They are trying to navigate amoung a disperate
set of vendors and interest to create an Internet that works.
In additon they have all the political BS and stupidity that
happens anytime you get a group of people together.
I am sure they are aware there is a cost to not having OSS
folks working on software that supports their protocols.

Your signed agreement

You mean you haven't signed your agreement yet? Maybe that's why your email to me bounced.

Yeah, funny and all

[Mr+44]

But did anyone actually read the article? You don't need to sign the agreement to implement sender ID. They are just pre-emptively giving out the agreement that would be necessary if their pending patent is granted.

Re:Yeah, funny and all

[Inf0phreak]

And you think that the patent won't be granted?! You hold the USPTO in much too high regard.

Prior art may exist (I know absolutely nothing of that), but who wants to go to court with Microsoft?! Especially when they have admitted (q.v. Halloween memos) that patents are potentially useful to combat open source software.

Re:Yeah, funny and all

Yea, and what do you think the chances are that any patent applied for will not be granted given the pay the USPTO works? And specifically, what chance a patent applied for by someone with big $$$ and influence like Microsoft has of not being granted? Virtually zero in both cases. I've read that very few patents applied for are rejected. Anyone know whether any of Microsoft's patent applications has ever been denied?

Re:Yeah, funny and all

[Zeinfeld]

And you think that the patent won't be granted?! You hold the USPTO in much too high regard.

Lets imagine the patent filing was Jan 2003. If Microsoft is lucky the examiner might start the exam by Jan 2005, but at the current load quite likely it would be 2006. By the time the prosecution is complete it could easily be 2008 or even 2009.

Chances that the USPTO is still being run by idiots then?

OK still high but there is a chance that Microsoft has created enough paranoia by then for Congress to be serious about reform.

The First Shot in the Standards Wars

[maximino]

This is it! Of course we've seen things like this before, but Microsoft is preparing to ensure its eternal monopoly by making sure no one can leave its systems. It would be just fine by Redmond if no one could send e-mail without proper authorization. But now that we've got patented standards, expect to see locked-in Office files, network protocols, the works. Most people and companies really couldn't switch from Windows if they could no longer open their files or network with a Windows machine. The fact that Microsoft is willing to pull this now when some high-level spam solution is required is just reprehensible. In light of their withdrawal from the UN standards committee today I think we're seeing how the next 5 years is going to go.

Where Sender ID fits into the picture

[jgardn]

Just to get everyone up to speed:

- SPF (http://spf.pobox.com) is the current email authentication protocol that is dominating the world.

- Microsoft proposed Caller ID which was never accepted by the community.

- Microsoft and SPF advocate Meng Weng Wong brokered a deal and formed Sender ID. Basically, SPF is intact, but some features of Caller ID are preserved as an optional extension.

The part of Caller ID that remains is the PRA or "Purported Responsible Authority". The PRA is deteremined by a complicated algorithm that I personally don't believe would work. The algorithm is intentionally vague in some areas, and the results are ultimately subjective. The intention of the PRA algorithm is to determine who wrote the email based on the email headers. As everyone knows, the email headers are spoofable. But the idea goes, if you can track down the PRA, then you can authenticate this email based on that, rather than just the last hop like SPF does.

The problem from day one has been the patent issue. Microsoft is in the process of patenting the PRA algorithm. This isn't a problem. The problem is that Microsoft refuses to put the patent in the public domain or license the patent such that anyone can use it except those who use patents against Microsoft. Both of those strategies are perfectly reasonable, and are pretty much what IBM does for most of its patents.

Microsoft originally wanted to get a copy of the software and a signature before they would grant a license. Well, that doesn't work for F/OSS. The MARID working group who is investigating various solutions to the email authentication protocol for the IETF has been petitioning Microsoft to revise or clarify their licensing procedure. Well, they finally have, and in so doing they have not made it F/OSS compatible.

Microsoft thinks they can bully us around, but they don't realize they are the small kid on the email block. Their Caller ID failed. Now Sender ID is going to fail because Microsoft refuses to participate.

But that's okay. The PRA algorithm isn't anything we'll need to solve the email authentication problem.

Re:Where Sender ID fits into the picture

[bigberk]

SPF (http://spf.pobox.com) is the current email authentication protocol that is dominating the world.

SPF is dominating nothing. It's a neat idea, but the way the SPF people are pushing it is purely ludicrous. The email experts of the world are not onside, I'm sorry to say. Reasons? SPF champions are making fools of themselves by saying that everyone should adopt SPF, and non-adopters are also the kinds of people who support spam and open relays. Totally wrong. The SPF people are also pushing a crazy solution to envelop path rewriting, that will never work due to overcomplexity. The SPF community has to understand that SPF is (1) not a solution to spam, (2) can offer limited protection of domain use but only if it is purely optional - not pushed on everyone. SPF just won't work with some domains.

Re:Where Sender ID fits into the picture

[Zeinfeld]

The email experts of the world are not onside, I'm sorry to say.

I have yet to see Vernon contribute anything positive in the IETF anti spam efforts. His approach has basically been to attack all ideas other than his own and troll for flamewars. At one point he was automatically reporting all posts made to the ASRG list from people he disagreed with to DCC as spam.

The only people Vernon was helping was the spammers. We have no need of his type of help.

It appears that the other person you are quoting as an expert is yourself or a relation.

The SPF/SenderID group understands exactly what it is doing. It is not making the claims you are asserting.

Re:Where Sender ID fits into the picture

[bigberk]

The SPF/SenderID group understands exactly what it is doing. It is not making the claims you are asserting

I was an SPF supporter (had TXT records for my domains, even) until I took a look at their objections page. Take a look at it yourself.

• "Second, to handle bounces, I propose a rewriting scheme as follows" -- as Vernon points out, this scheme is terribly broken. It is not a generic solution, and is definitely not going to work globally.
• "Domains that refuse to publish SPF or publish global-allow SPF out of political principle, malice, or incompetence will simply have to accept the penalty of a higher spam score." -- but many domains are simply unsuitable for using with SPF! What about a provider who provides a mail forwarding service, even universities, etc. They want their addresses to be used as return paths outside their own systems. The SPF people are saying that these domains must be punished for their unwillingness to adopt SPF. Internet email is a flexible thing, and there are a zillion instances in which SPF is unworkable.
• "What do the customers want? They want to communicate with their friends and family; and they want to not get spam. They do not particularly care if a few eggs are broken along the way." -- this shows a severe misunderstanding of their own system. SPF does not prevent spam, but rather provides a domain owner with the power to prevent their return paths from being forged. This is very different from addressing a spam issue. It's not a bad goal, but it's not addressing spam.

Those quotes are directly taken from the SPF proponents at pobox.com; you can see the major flaws in their thinking. Especially unfortunate is their expectation that everyone must adopt SPF. There is no way SPF will be adopted by all domains, and penalizing domains for refusing to participate in the scheme is senseless. This is why I have lost faith in SPF.

Re:Where Sender ID fits into the picture

[0x0d0a]

I don't know about other people, but I have, for *months*, been posting things to Slashdot pointing out holes in SPF and misdesign in every SPF discussion. SPF proponents seem to generally skip over my lists of problems and make lengthy posts about how "SPF is better than nothing", which I disagree with. I've just about had it with the SPF people, who I'm generally now seeing as not capable of decent design.

Just because I intensely dislike Microsoft's system does not mean that SPF should instead be deployed.

I'd like to see a very specific example of a problem to end users that SPF is intended to solve, that all the deployment issues involved will be paid for with. It is not, as I've pointed out, capable of stopping spam, nor is it capable of avoiding Joe jobs. It is a very weak (and known breakable in a number of ways) authentication system that is heavily tied to the existing mail transport system and does not appear to be easily extensible. There are better existing systems.

Wow

You really sprung off the handle there. Where in that text did the editors say that the license isn't good?

Guh, what do you want them to say to please you? "Microsoft RULEZ!!!"???

Please, take a moment and think before you post. Are you contributing anything worthwhile to this dicussion?

Re:Wow

he didn't say anything about the licenses being good or bad, just how dumb it is that we have to have nine sticks to measure everything.

Easily understandable example for EU-Parl

We can just point to this and say "look, if you pass software patents, Microsoft owns usable email in Europe, not just the American Reich. Do you want that to happen?".

Many of the corrupt fuckers will say "yes", of course, but that just makes it easier to shoot the bastards in the nigh-on inevitable bloody revolution...

IETF Global Perspective

[toxic666]

As long as the IETF maintains a global perspective, it can not accept standards encumbered by IP more restrictive than the GPL. It seems obvious -- we've all benefited by open standards on the Internet. But who knows, stranger things have happened.

This could be a good test case. MS may continue to pursue its IP Holy Grail business model, but if the IETF can stand firm and refuse restrictive licensing, they will not be able to force it down the world's throat. On the other hand, if the IETF does accept these kinds of IP restrictions, MS may have a path forward in pursuing its new business model of patents and copyrights for obvious and trivial ideas.

Re:IETF Global Perspective

[DeepRedux]

The MS proposal does not seem too different from what IETF already accepts. To take a global perspective, consider the the statement from France Telecom:

If part(s) of a contribution by France Telecom SA employees is(are) included in an IETF standard and France Telecom SA has patents and/or pending applications that are essential to implementation of such included part(s), France Telecom is prepared to grant, on the basis of reciprocity (grant-back) whenever applicable, a license on such included part(s) on reasonable, non-discriminatory terms and conditions.

Such license shall be subject to a written license agreement before using such patents and/or patent applications.

I do not think this is GPL-compatible. Note that "reasonable" does not mean free and also note that they require a written license.

Just an attempt

[JohnnyGTO]

to 0wn email.

Almost . . .

[Slavinski]

Whew.. I almost thought I saw Microsoft and standard
used in the same sentence. That was a close one.

Re:Almost . . .

[Slavinski]

Bah, my makeshift cynic tags didn't work. :(

Signed agreement my ass!

This is to inform you of the really quite shocking actions being
perpetuated by the UK cinema chain Odeon against a disabled Scottish
boy Matthew Somerville.

9 year old Matthew suffers from the rare, medically unknown condition
of "Shatner's Palsy" which corrodes un-oxygenated body tissue. Doctors
work hard on a cure, but admit to the possibility of a fatal remission
within 70 years. Despite this, Matthew continues to brighten the lives
of everyone he meets.

Incredibly, despite having weak arms, he is still able to operate a
computer using a deviously constructed input device, consisting of a
covered spherical ball and a pair of single-pole-single-throw latches.
Resting his scrawny hand on the tool, any small movements are converted
to gigabyte digital input signals.

The disabled boy constructed a special film portal for the disabled.
It was very popular, receiving over 20 "hits" a month. Webmaster
experts based at Durham University examined his JavaScript code using
remote debugging techniques and proclaimed it "fully polymorphic,
slightly recursive and 100% XML ready".

Despite this, Odeon cinemas have ordered him to "cease and desist"
using the recently enacted European Millennium Copyright Act (EMCA) to
copyright the notion of "film discussion" by a person and/or persons
"without full limb mobility". They have demanded his website is put in
the Windows XP recycle bin, and insisted "it should then be emptied".

This cannot be allowed to happen. The disabled should have almost as
many rights as normal people, at least with regard to discussing films.
Luckily for us, people power works, and that's where you come in.

How can you help disabled boy Matthew Somerville?
a) Email Odeon customer support (info@odeonuk.com) and tell them you are
boycotting their chain (Rocky 6 excepted) while they continue
their legal actions against disabled boys.
b) Email Odeon UK chairman Luke Vetere (lvetere@odeonuk.com) and insist
that the website be retrieved from the recycle bin, wiped clean, and
uploaded back onto the UK internet web system using FTP packet protocols.
c) Email and post this message to everybody you know (several times), and
on every "blog" site you can find.

In addition, why not join Matthew in his separate quest to enter the
"Guinness Book of Records" with the record of "largest collection of
used cinema ticket stubs". Matthew is aiming for over a thousand.
Send them, perhaps with a letter of encouragement to

Matthew Somerville
Guinness Record Attempt
109 Eastern Drive
Edinburgh
EH7 1DA

Remember, only by working together can we can beat an evil law, and
brighten the failing heart of a young disabled angel.

Re:Signed agreement my ass!

Good grief, the trolls around here really have too much time on their hands.

Senmail's Position

[Mike+deVice]

There are two quotes from this message by Eric Allman of Sendmail, Inc. that are pretty interesting...

On the open source side, the sendmail MTA is routinely bundled into other larger systems, notably open source operating system releases such as Linux and BSD distributions as well as commercial closed-source systems such as Solaris and AIX. Bundlers would need to execute their own copy of the RFSIPL. Those systems are in turn sometimes incorporated into other products, which would seemingly require another layer of patent licenses, and so on down the tree. As a practical matter, this makes the decision to include sendmail with Sender ID into their release more problematic. This is obviously not desirable from our point of view.

And...

While these are pragmatic rather than legal reasons, our likely decision at Sendmail will be to distribute our Sender ID implementation as a separate package that is not required to run the sendmail MTA under a distinct (possibly modified) Sendmail Open Source license. Open source users will have the option of downloading and installing the Sender ID package should they want the additional functionality. Bundlers will be able to choose whether they want to include the Sender ID technology or not, but will still be able to use the base sendmail MTA without additional IPR issues.

I'll be really interested to find out what the take of some Linux Distros will be on this.

Re:Senmail's Position

[reynaert]

I'll be really interested to find out what the take of some Linux Distros will be on this.

Debian at least will never include anything that requires them to sign a patent license.

Re:Senmail's Position

[tacocat]

postfix

GPL problem.

However, if you disclose or distribute your implementation in source code form, we think it is important for you to include a patent attribution (from sec. 2.2 of our royalty-free patent license) in your source code and in close proximity to the license under which you make your source code available.

This is specifically going to cause problems for the GPL.

Re:GPL problem.

[Rick+the+Red]

I'm sorry, I don't follow. How does MS asking you to mention their patent in your source cause any problem for the GPL? The GPL is quite clear that individual users must not need to apply for a patent license; that license must be royalty-free and transferable to anyone who uses the GPL'd code. Period. Microsoft's patent license appears to be royalty-free and transferable. They want their patent license in close proximity to your software license -- that's OK by the GPL, just bundle the two text files with your source, as you today bundle the GPL text file with your source.

Seriously, what's the problem?

Re:GPL problem.

[Rick+the+Red]

It may be poor form to reply to your own post, but I feel I must clarify this business of "non-transferable." OK, so IANAL, but as I read it, Microsoft is saying that if you create product X then you cannot transfer your license to Microsoft's patents to the author of product Y. It does say you can transfer the patent license to users of your code. Specifically [section 2.5]:

By way of clarification, in order for a third party to distribute a Licensed Implementation as part of its third party branded products, such party must be authorized to do so by You and must also execute this license and comply with its terms.

As I read that, if someone takes your product X and makes their product Y, they must have your permission (the GPL gives them this permission), and they must follow the terms of Microsoft's patent license (and I see nothing in the GPL that prevents this).

EMBRASE AND EXTEND

I mean hello??? Microsoft *can* withdraw their patent at any point in the future - or start to charge for it. Even if one open source author implements it MS win. This is merely an attempt to embrase and extend open source. The sad thing is before Microsoft end up being replaced largely by Open Source (and they will even if it takes 100 years) they are going to start fighting more and more ugly.

Also, surely patents, particularly software patents, are an infringement of freedom of speech?

Compatability? COMPATABILITY?!?

Pathetic...

Outlook has enough users to set new standards

[Kurt+Gray]

For the majority of Windows users, Outlook is the default email client they end up using. All Microsoft has to do is annoy/frighten/nag Outlook users everytime they recieve a non-Sender-ID email. "WARNING: This email message came come an unverified location. Would you like to file this email in safe folder and view it later?" or words to that affect is all it takes. Eventually users complain to their networks ops about these vague warning errors and lost emails then the annoyed network ops eventually patch their email servers to comply with Microsoft Sender-ID just to appease Outlook users. The standard is adopted.

Re:Outlook has enough users to set new standards

Perhaps. But these days, as far as I can tell, the majority of windows users are using webmail, so it might not be as important as you think.

Re:Outlook has enough users to set new standards

[DA-MAN]

Most corp. users don't configure their e-mail personally, it is done by a sysadmin or pre-configured when they arrive to work. A vast majority of home users use webmail's such as gmail, etc.

If word got around that MS was going to change the behaviour of Outlook to this, I doubt a great many corps will change over to this new Outlook. Many companies are still out there using NT4/Office97. Even if they did upgrade, it wouldn't be without first disabling this via a policy. Sure home users will get spooked, but nothing is changed at Microsoft without first considering how major corps will react.

MS are hoarding patents?

[Halcyon-X]

In order to promote Sender ID, Microsoft is pleased to offer its necessary Sender ID patent rights on a royalty-free basis but only to those who are also willing to make their Sender ID patents available on a reciprocal royalty-free basis.

So everyone shares their patents with MS, but not with each other, MS gets all patent rights, and everyone else has to fend for themselves? Where is the strategic advantage for everyone to jump on board exactly?

Re:MS are hoarding patents?

[Donny+Smith]

>Where is the strategic advantage for everyone to jump on board exactly?

The advantage is that deadbeats who created and contributed nothing at all can use a ready-made anti-spam technique at no cost whatsoever.

Is that so hard to understand?

Re:MS are hoarding patents?

The advantage is that deadbeats who created and contributed nothing at all can use a ready-made anti-spam technique at no cost whatsoever.

like Microsoft and SPF? Or does suggesting XML in DNS and bringing PRA and patents to the table in an attempt to derail an emerging standard count as a contribution?

Re:MS are hoarding patents?

[Pharmboy]

The advantage is that deadbeats who created and contributed nothing at all can use a ready-made anti-spam technique at no cost whatsoever.

Is that so hard to understand?

Maybe some teen sitting in his bedroom things of "free as in beer" is more important than "free as in speech", but not all of us do. One of the main advantages of "free as in speech" is the ability to change and modify the software in any way I want, without spending $1 in time worrying if I am violating some license.

WHY the MS appologists do not understand that the price of the software is trivial, is beyond me. I don't use Linux because it costs $0 vs. $800 for a copy of MS 2003 server. Screw $800. The freedom (as in speech) allows me to innovate without restriction. This helps me generate hundreds of thousands in profits. The labor to install, upgrade and maintain any server FAR outweighs the cost of the freaking software. Again, screw $800, its trivial.

Those of us that run servers are interested in the freedom to USE the software as we please, and happy to share changes. I am not interested in "free as in beer" software that is not "free as in speech". We are NOT the cheap, short-sited bastards you seem to think we are.

Beware any time Microsoft is offering *ANYTHING* for "free".

Re:MS are hoarding patents?

[HiThere]

To be fair, many of use are also the cheap, short sighted bastards that you expect. But most of us are only also cheap. Primarily we want to be able to do as we choose with the software we acquire without being second guessed by some bean counter or control-freak with a loaded lawyer.

Re:MS are hoarding patents?

[Donny+Smith]

I didn't specifically refer to OSS users (still, my original post was modded flaimbait, which is testimonial to stupidity of moderators who did that) - what is annoying is that it's usually people who've never done anything that compain about these things.
Or folks who can't compile kernel from source complaining how they like the freedom to tinker with source code.

Several posts mentioned the following:
a) the license is very standard
b) many other RFC and standards are based on patented technologies

I don't know if specs of Linux implementation can be freely modified and still maintain compatibility with the standard.

And of course anyone is free to offer their own proposal and their own code, GPL or not, and create a new/different standard. Or even just use it informally, without making it standard.

I don't understand why this is a big deal - people use Ximian, Adobe and Java - all these are probably licensed similarly to this MS's thing and they haven't ever had to talk to a lawyer or bean counter. Specifically Ximian, if I remember well, now has certain clauses similar to this Microsoft's license - whatever people change in Ximian, Novell can patent it and choose to keep it open or closed. (Of course, some zealots went nuts but most people don't give a shit, which is only natural).

Re:MS are hoarding patents?

[HiThere]

Actually, I rarely use Ximian, I avoid Adobe, and I won't agree to the Java SDK license. (Well, I did a few years ago, back around Java 1.1, but I started thinking about what I'd just agreed to, and I haven't agreed to any of their licenses since then.)

To be totally fair, I don't particularlly like the Java language. I much prefer Ruby, Python, D (Digital Mars D), and, very occasionally, C...usually as an interface layer. O, and PyRex to link between Python and C. (Swig is just too much bother.) So it wasn't much of a sacrifice to give up Java. And I still use Acroread...I only refuse to purchase any NEW products from Adobe. The one's I've already agreed to the license of I continue to use. (In fact, I've still got a MSWin95 system, though I never attach it to the net, or even the LAN.)

To me licenses are very important. If I can't understand it, I presume that this is intentional on the part of the issuing party. Usually I can understand them, if I put some work into it. IANAL, so I don't totally trust my interpretations, so I tend to be conservative. I also tend to consider the company history when considering how I'll interpret the language. And the company history contains press releases where the say things like (to quote a forgotten MS VP about .NET) "That contains our intellectual property, and we will defend it vigorously!", which I interpret to mean "Keep your hands off it". So I do. But **** if I'm going to pay for something I can't use.

Stalemate

[Performer+Guy]

So now nobody will implement this, and Microsoft, through patenting something obvious and trying to license it has scared everyone away from some pretty good ideas that would have been implemented otherwise, with or without Microsoft's help.

This is just the latest chapter in IP stupidity.

This stuff has been discussed for years, if this had been treated like most other W3C standards we'd be in the clear by now waiting for implementations, instead everyone's scared. Does anyone realistically think that there aren't patents that W3C standards already infringe? Finally we actually get rights to something and we're inspecting the teeth, simply because the subject has been raised.

The crazy part of this whole deal is that most software is riddled with potential patent violations, including Microsoft's and including projects like Mozilla, Gimp and Open Office. That's why MS are trying to retain *defensive* rights, because they know it would be dangerous to give this IP away, anyone could stand on their shoulders, and a widget and then sue them (and that has happened already) and Microsoft would have no way of countering. If they adopted a more GPL oriented license with the rights being rescinded in the event of any patent suit against M$ it would be golden. They could just do to the protagonists what IBM has just done to SCO, infact that wording is almost already in the GPL.

I think this situation can be salvaged with another revision of the license. We should not give up on this or go for the second best option on such an improtant proposal.

We're getting to witness what the beginning of the web would have been like had Tim Bernards Lee patented some of his ideas. It ain't going to be pretty.

Re:Stalemate

So now nobody will implement this

sendmail is.

How does this incorrect tripe get modded up?

Re:Stalemate

It wasn't modded up you dimbulb but by the same token there was much more to the post that the one non definitive statement you extracted, why don't yu try reading the darned post. Anonymous passive agressive trolls, great!

Re:Stalemate

And if you'd read the Sendmail statement, you'd see:

1) sendmail is implementing it as a separate package, which means

2) distros might or might not include it, which means

3) users might or might not use it.

absent, not in question

[midgley]

" Compatability with the Open Source Definition, the Free Software Definition, the Debian Free Software Guidelines, and the GPL/LGPL licenses is already in question."

Congradulations!

[Tandoori+Haggis]

on the birth of your child. We know that bringing an infant up in the 21st century is a daunting business. Thats why we have designed especially for you a completely free licensing policy agreement that will safeguard young (enter name) from the burden of facing a bleak future without a licensed, activated copy of our latest (enter name) operating system or proprietary value added software.

As a further benefit, our intellectual protection package will ensure that your young tit sucker's ideas will never fall into the hands of enscrupulous (note the en..) parties and will be safe in our creativity vault.

Just sign the punch out card below with (name)'s new citizen number and we will do the rest. Just think how (name) will thank you. (snicker snicker..)

(small print: nyk nyk nyk! All your intellect is belong to us! Wahhhah hah!)

michael screwed up the story...

and omitted any info about sendmail's participation in this. Interestingly, Newsforge has a slightly better (though still flawed) story on the whole isue that includes sendmail.

Leave it to Michael to post some flame in an instance where Eric Allman argues that Microsoft has made signficant changes in the license in an effort to work closely with open-source vendors.

it really is amazing...

[maxpublic]

...just how evil a single company can be. Microsoft seems to be completely committed to the singular goal of destroying everyone and everything that might ever compete with it, using whatever tactics (legal or not) it can come up with. The quirky thing about MS's antics are that unlike IBM making money doesn't seem to be the primary goal, but rather establishing control dominance. MS acts more like a government yearning for dictatorship than a for-profit institution.

It's crap like this that makes me think a well-placed nuke is going to be the only way to stop MS from acting like a cheap cyber version of Ghenghis Khan.

Max

Re:it really is amazing...

> a well-placed nuke...
Heh, that's good. Please let me pull the trigger, PLEASE! I've wanted, for a while now, to see MS get blown off the planet. Hm.. I wonder where I can find an organization who would do this for us.

Re:it really is amazing...

Yes. It is evil for a license (e.g., the GPL) to be designed to kill off competition (e.g., closed-source software).

Re:it really is amazing...

[Tough+Love]

it really is amazing just how evil a single company can be. Microsoft seems to be completely committed to the singular goal of destroying everyone and everything that might ever compete with it, using whatever tactics (legal or not) it can come up with. The quirky thing about MS's antics are that unlike IBM making money doesn't seem to be the primary goal, but rather establishing control dominance. MS acts more like a government yearning for dictatorship than a for-profit institution.

It's not that amazing, Bill Gates thinks he is Napoleon. Fact: Bill Gates bought up Napoleon's original memoires. Speculation: they are are now nearly entirely covered in spunk.

Sender-ID adds very little if anything

[barcodez]

SPF works, it does exactly what it is designed to do what reason would there be to use Sender-ID?

SPF works today with existing software - I'm at a loss to why anyone would want Sender-ID apart from Microsoft.

I'm sure Microsoft people will install it all blindly (no change there) but if a significant number of mail servers don't implement and or deploy it then it has failed anyway.

Re:Sender-ID adds very little if anything

Bingo! If only Meng and the IETF chairs would come back into the light.

Re:Sender-ID adds very little if anything

[hacknslashdot]

It seems to me that "Sender-ID" is pretty much just spf with flaws introduced.
They have some complex algorithm to read email headers .. why would anyone in their right mind even bother looking at email headers when trying to deal with spam? If an opening is there, it won't take long before the spam come gushing through it.

Re:Sender-ID adds very little if anything

[grahamm]

Currently there are lots of posters to the MARID mail list who oppose Sender-ID as stands, but very few who are defending it. So it looks as though the consensus might be that Sender-ID is not acceptable. Though whether that will make any difference to the final recomendation.........

Non-open Source license

[rjdohnert]

Personally I dont feel this is a big deal unless you make it one. You can access the source code, you can redistribute the only catch is you have to acknowledge the patent. Unless someone can give me specific examples of why this violates the GPL and other open source licenses other than "Its Microsoft and Microsoft is evil" I do plan to deliver a software application utilizing this technology for Linux. I may be contacted at:

robertojdohnert@msn.com

Re:Non-open Source license

[Corydon76]

Bzzzzzzzzzzzt.

You obviously didn't read the thread. Microsoft's patent license is explicitly non-sublicenseable, which means that you may not redistribute to anybody who has not already accepted Microsoft's license (and by accept, I mean, printed it out, signed it, and faxed it back to Microsoft).

While that may not seem like a big deal to you, keep in mind that that's an incredible burden to place on freely distributed software, which would otherwise circulate quickly and freely.

Re:Non-open Source license

[Homology]

Unless someone can give me specific examples of why this violates the GPL and other open source licenses other than "Its Microsoft and Microsoft is evil" I do plan to deliver a software application utilizing this technology for Linux

RTFA

Re:Non-open Source license

[kunudo]

I do plan to deliver a software application utilizing this technology for Linux

Then you, sir, are a fool. And further, what's with the 'here's my email, send me a signed letter where you personally take the time to spoonfeed me the information on why my foolishness is, in fact, foolish'?

Re:Non-open Source license

[ebyrob]

(and by accept, I mean, printed it out, signed it, and faxed it back to Microsoft).

Isn't that only necessary for those wishing to "clear the air" as to their IP rights? (Read folks with possible patent claims related to this particular standard)

Re:Non-open Source license

[Corydon76]

Nope. Again, read the article and/or the license. Section 6.3 specifically states that there are only two methods for accepting the license:

mailing a signed copy to Microsoft or,

faxing a signed copy to Microsoft.

Re:Non-open Source license

[ebyrob]

Q4: When do I need to execute a license with Microsoft?
A4: At this time Microsoft is only aware of pending patent application claims that cover its
submission of the Sender ID specification. Because Microsoft is not aware of any issued patent
claims, Microsoft does not require any one to sign a license with Microsoft to implement the
Sender ID specification or any part of it that is incorporated into IETF working drafts. In
conformance with the IETF IPR policy Microsoft has disclosed the existence of those pending
patent claims and has provided its assurance that if such claims are granted Microsoft will make
licenses available on reasonable and non-discriminatory terms. Microsoft has also gone beyond
the IETF's requirements by clarifying that its licenses will require no fees or other royalties, and
further, to make a license available to early adopters who wish at their option to clarify their rights
with Microsoft with respect to early implementations. Typically patent holders do not make their
license terms available until after the standard has been adopted and until after their patent
claims have been granted, leaving early implementers to speculate as to the ultimate terms of the
license.

I already read it. This appears to be saying only those intereseted in "clarifying their rights" need to sign it currently. (ie: No claims have even been granted yet.) As to the future, I guess anyone doing redistribution would have to sign it... (Though it wasn't entirely clear to me whether that was only for redistribution with modification or all redistribution)

Re:Non-open Source license

[rjdohnert]

You cannot redistribute the source code without the customer signing the license. But if I creat a product for Linux I can redistribute until the cows come home in binary form.

transparent terminals

[trybywrench]

I remember when transparent terminals came out in E ( called ETerms ). They were the coolest thing i'd ever seen.

Re:transparent terminals

I remember when transparent terminals came out in E ( called ETerms ). They were the coolest thing i'd ever seen.

Hi, I believe that you may not have unfolded your map completely. I think you are looking for the other side.

M$pam harvest

[Doc+Ruby]

1> Get desktop monopoly
2> Distribute insecure mail servers, websites
3> Wait for spam wave to create demand for "my Internet back"
4> Publish licensed antispam standard
5> Get email monopoly
6> Profit!

Re:M$pam harvest

1> Get desktop monopoly
2> Profit!
3> Distribute insecure mail servers, websites
4> Wait for spam wave to create demand for "my Internet back"
5> Profit!
6> Publish licensed antispam standard
7> Get email monopoly
8> Profit!

MS: What would entice you?

[imroy]

As reported yesterday:

Josh Ledgard: Would you have interest in working on these types of projects with Microsoft? If not, what could entice you?

Stop pulling stupid shit like this perhaps?

Re:MS: What would entice you?

Mod parent up!!

Re:IETF Global Perspective/IPR declarations page

[sff0ghead]

There are lots of other examples at http://ietf.org/ipr.html with
fairly similar "don't sue me and you can use it" terms. The IPR
terms being offered here almost look like a cut and paste job, to
be honest, and that may not be a bad thing. There actually
can be advantages to someone holding a defensive patent:

It means someone who wants to use a submarine patent to
control this technology has to fight Microsoft's lawyers.

Microsoft's grant is: 1) subject to any denial of claims by
the USPTO, 2) Royalty-free (as in beer), 3) Non-discriminatory
(anyone, anywhere, any time). Other submarine patents might
not be nearly so nice, and I'd rather have the next guy along
sue Microsoft than me.

There are some pain in the rump aspects; it is not:
sublicensable (everyone has to get their own free thing).
It does require you license back whatever you have claims on
that is needed for Sender-ID to get their thing needed
for Sender-ID (this is common in the IPR declarations given
to the IETF). That, in my humble not-a-lawyer opinion is
why you have to let them know your use is under the free,
global, yadda-yadda license rather than being an
infringement of the patent.

The good news: this does not require those deploying
Sender-ID records to do anything. It does not
require anyone using packaged binary software to do
anything. It does not require anyone distributing
packaged binary software to do anything.

It's a minor pain for implementors and a hassle for distributors
(who may, like Sendmail, have to put the Sender-ID code in a
different distribution). Not ideal, but not enough of a pita,
in my opinion, to go without the technology. Especially if
their claims cover things like "storing MTA authorization records
in the DNS" (and they could), rejecting this could mean rejecting
the whole ball of wax as an anti-forgery tool.

Who wins then?

Never agree to...

Never agree to any software license that isn't a "GPL-type" of license.

Screw Bill and Co. I will never stop using my Mandrakelinux the way I do and for how I use it. If that means I have to do it illegally, then, so be it. No one, and I do mean NO ONE will stop me from using my Mandrakelinux distro! I have never broken a law in my life. However, I am willing to break every single friggin' law known to man rather than be forced to stop using my Mandrakelinux. There isn't enough treasure in this universe to buy me out either.

Microsoft can just kiss my big white hairy pimply ass!

This is just a note from an extremely loyal GNU/Linux follower to let everyone know how some of us feel, regardless of what the future holds for Microsoft or GNU/Linux.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Is it just me.....

[nyseal]

...or does MS REALLY over-use the words "royalty free"? Sounds fishy from the git-go.

Mis-conceptions

[Wile_E_Peyote]

From what I can tell there are a few people here with some mis-conceptions. You don't need to sign a license to use a mail client utilizing this specification. You only need to sign this agreement if you plan to re-distribute an executable or the code to end-users. The only difference between this and your average open source agreement, is they want it in writing and the agreement is reciprocol. As far as the standard beeing worth anything, I'll leave that up to the more technically minded... W.E.P.

A great advantage

considering they will be rendered irrelevant, since they won't be able to make anythng anymore because MS will just sue them for violating a patent they have rights to and nobody else does? Pick one, MS will have many.

Oh, and by the way...

The people who do the modding of these comments always seem to mod mine down, even though tey're relevant.
So, just to let them know, they're wasting their time modding my comments down because I don't really give a flying rat's ass what they think of my comments. The modding people are of less value than a toilet bowl fecal matter.

As long as I can read my comments, that is all that matters.

Re:Oh, and by the way...

Why would one need to read their own comments? Seems a rather pointless exercise - barring one of ego - to me...

Just an observation :)

Re:Oh, and by the way...

[ArchAngel21x]

If you had left off the part about "modding people are of less value than a toilet bowl fecal matter" then I would have helped mod off the troll tag. People should not post just what they think the mods want to hear. However as a meta-moderator I do not appreciate that quip about mods, and therefore you deserve the troll tag. Wear it proudly. You earned it.

Using GPG to fix spam

[0x0d0a]

Because that requires changes to end-user behaviour.

In any case, a signature doesn't prove identity unless you or somebody in your web of trust has checked the fingerprint. This means that it's only a little more useful than a manual whitelist when it comes to avoiding spam.

Yeah, but it'd be just as easy to piggyback GPG onto DNS (have a GPG keypair for each domain, the public key of which is distributed via DNS, that is considered "trusted" for the purposes of verifying each email -- it would sign the user's key, which would sign the email). During transition, it would be possible to do the user signing on the server.

This would allow user-level granularity and fix a vast number of problems with the existing schemes -- frankly SPF and Caller ID are nothing more than fairly bad authentication schemes, whereas GPG is mature, well tested, and strong.

Piggybacking on the insecure DNS isn't good, but admins unaware of the security issues in doing so seem hell-bent on doing so, using this scheme in all of the existing mechanisms. And after the problems inevitably surface, after spammers start spoofing DNS, if GPG is used, it'll be easy to have registrars have their *own* keys that sign domain owner pubkeys, and include the .sig along with the domain owner key in a DNS record, fixing the security problems. (The advantage of using PGP for this is that, unlike web-style certs, there's no need to screw with a limited set of roots -- people naturally extend their web of trust.)

Re:Using GPG to fix spam

[Zeinfeld]

This would allow user-level granularity and fix a vast number of problems with the existing schemes -- frankly SPF and Caller ID are nothing more than fairly bad authentication schemes, whereas GPG is mature, well tested, and strong.

Jon Callas, CTO of PGP is actually quite definite that Domain Keys and PGP need keeping appart. You do not want to dilute PGP by applying it at the domain level.

Meanwhile the Principal Scientist of VeriSign is making a similar argument, S/MIME is waaay over built for ordinary users, let alone PGP.

At this point the objective is to arrive at a widely deployed authentication scheme that everyone can support.

Re:Using GPG to fix spam

[0x0d0a]

Jon Callas, CTO of PGP is actually quite definite that Domain Keys and PGP need keeping appart. You do not want to dilute PGP by applying it at the domain level.

(a) You can have multiple databases, if you find it necessary. I'd say that simply using the existing "level of trust" is sufficient -- have a "non-spam-authority" trust level, which is below just about anything.

(b) The use of domain-level PGP would *only* be used when calculating trust metrics for *spam*. Other stuff would not use them.

(c) "Dilute PGP by applying it at the domain level"? PGP is already used for all kinds of things at the domain level and above -- it is the de facto standard for decentralized trust management. Red Hat maintains a key for their organization that signs each of the keys used to sign packages in each of their distributions. PGP does not *have* to be used at the user level -- it just has the *ability* to be used at the user level -- which isn't really practical with DomainKeys.

(d) You can expect that not a single corporate player wants PGP used. That would mean a decentralized solution that doesn't really allow charging anyone any money.

(e) What about PGP is "difficult"? The existing client software might be complicated, but ultimately it's nothing more than an authentication system (well, and trust management). It is not broken in a number of ways that SPF, DomainKeys, and Caller-ID are. There is excellent pre-existing software support for use of PGP keys as an authorization mechanism in an easy-to-use system -- the user need see nothing more complicated than they would with SPF or DomainKeys or Caller ID, if admins would like to set up PGP in such a manner. I use apt to install the software on my system -- while PGP is actually being used, I never have to worry about what happens -- it's simply taken care of in the background. You're thinking of using some of the existing PGP clients, which suck and are not really appropriate for what is being talked about.

Re:Using GPG to fix spam

[Zeinfeld]

You can expect that not a single corporate player wants PGP used. That would mean a decentralized solution that doesn't really allow charging anyone any money.

At the IETF VeriSign argued for an email signature scheme which anyone could use for free.

CA services have value for a certain type of user, corporations, professionals etc. An individual does not get enough value out of them to make the cost of a cert worthwhile.

Better to have 5% of a market with a billion users than 100% of a market with a few million.

What about PGP is "difficult"?

its security for geeks, not real people. PGP was designed for use by people who were technically savy. Most people can't program their VCR.

Re:Using GPG to fix spam

[0x0d0a]

At the IETF VeriSign argued for an email signature scheme which anyone could use for free.

[shrug] I'm not familiar with this, so I'll take your word for it.

its security for geeks, not real people. PGP was designed for use by people who were technically savy. Most people can't program their VCR.

I reiterate -- GPG is nothing more than an authentication scheme. The user interface in the client to a GPG-based system can be *identical* to that of an SPF-based system -- it would, however, be significantly more powerful for those who choose to take advantage of it.

Re:Using GPG to fix spam

Meanwhile the Principal Scientist of VeriSign is making a similar argument, S/MIME is waaay over built for ordinary users, let alone PGP.

I think the Principal Scientist of VeriSign is having a personality disorder

Microsoft would lose that gamble

[dekeji]

Microsoft has a whole lot more leverage to push their own solution. If Microsoft decides that their way is the way to go, they can implement it in all of their product offerings, thus forcing others to follow suit or risk being cut off from the vast majority of the Internet using public.

SPF is not necessary for exchanging electronic mail. If Microsoft servers fail to exchange mail with any significant number of OSS mail servers, the result won't be that OSS gives up and everybody signs patent license agreements with Microsoft, but rather that SPF won't get used. The long term fall-out would be that people would take Microsoft even less seriously when they come to standards bodies, and to hurt IETF credibility even further (IETF is already largely irrelevant).

Microsoft doesn't get it

[dekeji]

Microsoft is apparently trying to play hard-ball with OSS developers, forcing them to accept some kind of licensing terms or forcing them to stop developing this kind of software. But OSS developers don't have a choice: there simply is no way under which OSS developers can give in to Microsoft's licensing terms, even if they wanted to, since the terms are just fundamentally incompatible with most OSS licenses.

Furthermore, going to IETF with such standards proposals is pointless: the only producers of software that count in this space are Microsoft and OSS. If IETF starts producing standards under terms that are not acceptable to OSS developers, then that just makes the IETF irrelevant but it won't help with adoption of a solution.

In this case, if IETF's SPF standard isn't 100% compatible with OSS licenses, OSS software will not incorporate it and Microsoft Exchange installations will be unable to use IETF SPF with a significant fraction of Internet hosts. If Microsoft were competing with a commercial vendor of mail server software, that vendor would be in deep trouble and it might induce that vendor to come crawling to Microsoft begging for a license. But OSS developers won't do that: OSS projects don't have the same kinds of short-term pressures on them as commercial software vendors, and even if they wanted to give in, OSS licenses make it impossible.

Microsoft's management just doesn't seem to understand that they are not dealing with another business anymore: the strategies that they have used against commercial competitors just don't work against OSS. All they are accomplishing with this sort of behavior is to taint their own credibility and the credibility of the standards bodies they get involved.

I just knew it...

Even if MS was to give away something, the slashdot hate-trolls would still cough up FUD and propaganda based on their own ignorence and fear of what they do not understand (seems they can't RTFM when it comes to MS, they only do that for linux...)

No Thanks

No Thanks pretty much sums it up. Not sure what else to add to that.

Royalty Free

[webzombie]

Ok all the stupid people in the world raise your patent glasses!

Just how flippin' stupid does MS like we are.

Royalty free MS licence... now theres a nice oxy-moron for you.

Embrace, Extend... Embrace, Extend... Embrace, Extend... Embrace, Extend... ANY QUESTIONS?!

Software patents f*** things up again.

[Dwonis]

Read the thread. It's clear that this is yet another example of software patents stalling or outright halting technology development.

Revert back to SPF only?

[IGnatius+T+Foobar]

Ok, so Microsoft seems to be trying to assert patent rights on Sender ID, in a fashion that makes open source difficult to implement.

Can anyone tell us what is stopping the Free world from simply reverting back to plain old SPF and ignoring Microsoft's extensions?

I told you so

[tacocat]

Look, I don't mean to be a wanker here, but all of you who are all gung-ho about SPF and happy-happy-happy about working with some whizz-bang IETF project to bring on board the likes of AOL and MSFT are ... gullible and naive. It's amazing how really smart people can do some really dumb things.

No one in the history of business has managed to engage in any kind of relationship what-so-ever with Microsoft Corporation and not gotten screwed in the end. No exceptions exist to date.

How many times do we have to go through this in order to understand this fact?

Any time that you do any business with Microsoft Corporation, either with the intention of cooperative standards development or for money, you will always, always, always get the short end of the stick.

Microsoft is very simple. They are a parasitic entity that will not have any engagement with other entities unless there is the distinct advantage that they will walk away with more than you do.

Now that you've reverted SPF so some Classic-SPF that has already been identified to have loop-holes in the technology to allow spammers to hit you again, what are you going to do? Sell your next of kin to Bill Gates?

I'm not surprised at all by MSFT's actions. But I'm postively disgusted that anyone would be some stupid as to think for one minute that it might work out OK.

Everytime you work with windows you hurt Open Source Development

Re:I told you so

[youritadvisor.com]

No one in the history of business has managed to engage in any kind of relationship what-so-ever with Microsoft Corporation and not gotten screwed in the end. No exceptions exist to date.

your right the guys who sold the money losing hotmail for $400 million sure got screwed by microsoft

Re:I told you so

[tacocat]

They did not attempt to do business with Microsoft. They only sold them their wares and walked away. That happens a lot, that's what Microsoft would prefer. Find me someone who has succeeded in a business partnership or any joint efforts who didn't get it in the end.

Why can’t we just all get along?

[MrJohnnyG]

Instead of focusing on the speculative theories on how Microsoft can use this in its attempt for work domination, let's look at the facts: 1. This is free. It's stated in the IETF draft and the licensing agreement. If Microsoft starts charging you, you can sue them for breach of contract. 2. Spam is a huge problem in many aspects. Microsoft is one of the most powerful forces in the software industry and is providing a way to help alleviate the spam problem. 3. It is compatible with open source applications (including sendmail). All they ask is for you to put a disclaimer if you distribute the source code that says "this part of the code is patented by Microsoft". When was attributing the author a major problem? If you just don't want to use a solution to a major problem just because it comes from Microsoft, even though it's quite obviously free to use and distribute as long as you put a small disclaimer in the source cord...you're a moron (imho). Scrutiny is good. Speculation in the process of scrutiny process is good. Speculation for the sake of moving your personal agenda (as opposed to the needs of the internet community) is moronic and selfish (imho). If everyone that reads this article can agree that there is a problem with spam, this a step forward and solving the problem (and is free to use and distribute), and pledges their support today...won't that be great and historic day for the internet community...even if your not a huge fan of Microsoft Corporation? MrJohnnyG

To be READ and to attract a RESPONSE

[Craig+Ringer]

The purpose of spam is to attract a response from a reader. This requires delivery and viewing. It also often requires a direct response, such as clicking on a link, though the response may simply be remembering the message if it's, say, an advertisment.

On the other hand, a spammer being paid to spam for someone else will have different goals. They will care more about deliveries, or web-bug hits, etc than real effects - because the chances are that's how their pay is calculated. For those people, I think you're at least partially right - the purpose is still to be read, but the goal and method of measuring success is deliveries or views.

apt name!

[zozzi]

MARID means sick in the Maltese language... someone must not have done his homework well :-)

IE less influential than some people think

[hopethishelps]

Think IE, and how many sites are custom crafted to it.

There are sites that are custom crafted to some version of IE, but actually there are not many, and they are not "leadership" sites. The sites that people look to for examples of what to do are all sites that are written to the standards, not to Microsoft's current bugs. I'm thinking of sites like A List Apart.

What MS says and does ?

[dago]

If you go to MARID meeting minutes of 18.08 (http://www.imc.org/ietf-mxcomp/mail-archive/msg03 200.html)

"And for the trademark, it is the opinion of Microsoft that "Sender ID" is too generic to be a valid trademark. He then solicited questions from the floor."

Yeah ... Windows ... Office ... are no too generic, eh ?

Except for...

[hummassa]

However, since 80% of mail is spam (according to a previous slashdot story) and 80% of spam comes from hijjacked windows computers, it stands to reason that a good number (probably a majority) of the mail in the world originates at a windows MTA.
Except for the fact that hijacked computers don't use Outlook or any other Windows MTA to send their email.

all that needs to be done to stop zombie spam:

[mattyrobinson69]

it would require a new mail propagation protocol and a whitelist of smtp servers, but hey, it will eliminate spam from zombies:

client sends email (after authenticating) through esmtp server sends an email to mail server. mail server then connects to esmtp server and says "did you send this message $HASH". smtp2 server then says yes or no. Any email which is verified by a whitelisted esmtp server is flagged as not spam by the mail server (pop3, httpmail, whatever), all other email could be flagged as spam and delivered, but with a spam flag in the header (could not be spoofed as it is placed there by the pop3 server. This way old servers would still beable to send email (although they would be marked as spam, the spam header could be removed by the client, if it is from a trusted address or whatever), and any emails sent using the new mail propagation protocol would automatically be flagged as not spam (woo!).

only problem is, who would maintain a whitelist? i suppose governments could do this, and the pop3 server could be configured to use any/many different whitelist servers.

Two way street ....

[gstoddart]

But I don't have to use or deploy any software that uses any Sender-ID patented algorithms. Email for my users will still be delivered as usual, whether my MTA checks Sender-ID records or not.

Much like you won't need to adhere to Microsoft's wishes, they'll ignore yours. And eventually you will end up with your end-users saying "Hey, I don't get e-mail from because we're not compatible with MS".

At that point you'll get blank stares as you tell your users that due to a moral stand against adhering to a Microsoft non-standard, they'll just have to accept not getting e-mail from those sources. That would be like one phone company refusing to accept long-distance calls from subscribers from another company. It won't go over well. Except in the case of phones, it would be illegal I suspect.

In a way, Microsoft indirectly has clout because huge amounts of companies will perform the switch without knowing or caring about everyone else and how it's not really a standard.

Re:Two way street ....

[kindbud]

I don't think you understand. I don't have to make my MTA check Sender-ID records if I don't wish to. That's where the encumbered part of Sender-ID lies. That Microsoft products are checking Sender-ID records has no effect whatsoever on my MTA that isn't checking them. I don't have to check Sender-ID to accept an email from anyone. The scenario you tried to use to refute my argument won't happen.

The worst that can happen is that I have to put a certain string in a TXT RR associated with my domain, if I want to be able to send mail to a Microsoft product that checks Sender-ID. Microsoft cannot force me or anyone else to check Sender-ID anymore than they can force me to run a spam filter.

[Offtopic]

But what the fuck is a "bungi"? What are you, a Teenage Mutant Ninja Turtle?

What is the patent number?

[yams]

Does anyone know the corresponding patent numbers held by microsoft?

SIG -- Re:Where Sender ID fits into the picture

[stu42j]

The 18.5 minutes of silence finally explained: Richard Nixon was reading "My Pet Goat".

Actually, he was listening to Arlo Guthrie's "Alice's Restaurant"

here is why GPL is a problem

[DM9290]

I'm sorry, I don't follow. How does MS asking you to mention their patent in your source cause any problem for the GPL? The GPL is quite clear that individual users must not need to apply for a patent license; that license must be royalty-free and transferable to anyone who uses the GPL'd code. Period. Microsoft's patent license appears to be royalty-free and transferable. They want their patent license in close proximity to your software license -- that's OK by the GPL, just bundle the two text files with your source, as you today bundle the GPL text file with your source.

You can't bundle GPL with your source and distribute it, unless you are distributing under the terms of the GPL and no other restrictions are imposed.

In order to derive software from Microsoft patent, Microsfot requires you to give them reciprocal rights on certain of your patents. You can not impose such a requirement on software if you are deriving it from other copyrighted material you are using under the GPL license.

The copyright holder expressly forbids it.

The GPL says:

You must cause any work that you distribute or publish, that in whole or in part contains or is derived from the Program or any part thereof, to be licensed as a whole at no charge to all third parties under the terms of this License.

The microsoft software is not transferable to all third parties with no charge under the terms of the GPL. Only to a subset of third parties, namely people who agree to abide by specific additional stipulations of the microsoft license. Consequently the GPL would would not enable them to use the software unless they agreed to the additional microsoft terms. The GPL specifically does not allow you to add additional restrictions to the use of the software. The fact that those restrictions are from microsoft is not at all relevant.

If you want to add additional restrictions you have exceeded the license granted to you by the GPL, and you must obtain permission to derive from the authors, just like you would need to obtain permission in the case of any copyrighted work.

You may not revoke from the recipients of your GPL derived work, any rights the GPL granted to you, because the GPL only gave you license to distribute if you license as a whole the entire work under the GPL. The requirements of Microsofts license do not give all the same rights as those of the GPL and thus you can't impose microsofts license onto GPL work, and then use a GPL license to justify, what would be, copyright infringment against the copyright holders of the GPL software you are deriving from.