Slashdot Mirror
Debian Project Rejects Sender-ID
NW writes "Following on the heels of Apache Foundation taking a stance against Sender-ID, the Debian Project announced today their rejection of Sender-ID as well."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
A list of SPF-enabled registrars and DNS providers is at http://www.spf.idimo.com/
it's patent-encumbered, which means that reverse-engineering won't help: regardless of the implementation, they would still need to abide to whatever ms is telling them.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
Description of the Sender ID Framework from Microsoft.
It would be so much nicer if people writing/editing these stories would link to stuff that isn't blindingly obvious to everyone.
p
In Korea, long hair is for old people!
Of course, if you have a DNS provider who won't let you make such changes, you probably need a different DNS provider!
I have to admit, I'm in two minds about this. On the one hand it's long overdue for Microsoft to be seriously given the finger by a collective group that it is unlikely to be able to bully or "embrace and extend" around. On the other, Sender-ID does seem to be the most sophisticated of the sender validation technologies proposed to the MARID group at the IETF, it would be a shame to lose it to corporate greed if Microsoft doesn't resolve the patent issues soon.
UNIX? They're not even circumcised! Savages!
Sender ID adds checking of the header FROM field to SPF. SPF just checks the domains mentioned in the SMTP protocol exchange (HELO/EHLO, MAIL FROM), while Sender/Caller ID check the optional FROM header found in the DATA portion.
Not very likely, for this would break large part of the e-mail infrastructure. There are many virtual hosters whose reverse DNS does not match the domain they are hosting. Or in my case with static IP home DNS that does resolves to something, but my domain name. And I suppose we can say bye, bye to many backup MX servers as well.
What AOL sensibly require is :
(emphasis added)
Sendmail's licence is a hybrid between the GPL and the BSD licences. I think it lets you get away from the patent issue though (ask a lawyer to be certain).
I appear to have a blog. Odd.
The sendmail support is from Sendmail, Inc. not from the open-source sendmail at sendmail.org
Here is the deal with Sender ID. Caller ID is patented (Sender ID = SPF + Caller ID), and thus everyone who uses in must get a patent from MS. If something is patented, you must license it to use it. It doesn't matter if you got the ideas from copying, white-room reverse engineering, or if you independently discovered the idea - the patent holder still has a monopoly on the use of the ideas and you must license them. As far as I know ASP and SMB are not patent encumbered. MS didn't have a policy of patenting their software until several years ago (about the same time as the Halloween papers were written, IIRC).
MS has licensed the Caller ID patent(s?) under what, on the surface, appears to be a very fair and open royalty free license. You don't have to pay any fees to MS to get a license to include Caller ID in your software. You can distribute the software to anyone you want, and your users are also free to redistribute this software. You can even distribute the source. For more information, read this article. However there is one issue that makes it incompatible with open source software - the patent license is non-transferable and non-sublicenseable.
What that means is that each developer who creates or modifies Caller ID code must sign and mail their own license from MS. The OSI definition of Open Source Software, and FSF definition of Free Software both state that the user must be free to modify and redistribute the software. This puts FLOSS licenses at odds with the Caller-ID license. If your software license meet the terms of the Caller-ID license then the software isn't FLOSS, and if you use a FLOSS license, then you are not meeting the terms of the Caller-ID license. The best lawyers on the subject agree that it is impossible to make these two agree. They also do a good job of explaining why redistribute of modified works is critical to FLOSS software, and why we should refuse to use a license that would be compatible.
So thats where things stand. It would be possible to write a non-FLOSS plugin for FLOSS software, but it is impossible to write a FLOSS implementation. Debian has a long history of not accepting non-free software into their main branch. But even among those that are more tolerant of combining proprietary software with FLOSS, there are many who disagree with proprietary standards and are thus opposed to the Caller ID license.
Actually, Sender-ID is a standard for MTAs (Message Transfer Agents) and here open-source sofware /does/ dominate the market. The four large names are Sendmail, Qmail, Postfix, and Exim.
d s.html
For more info see the IETF sender-id mailinglist at http://www.imc.org/ietf-mxcomp/mail-archive/threa
Living is a horizontal fall
Too bad. Get an account with a decent provider that will give you a proper reverse DNS, or accept the fact that you are a second class netizen and relay your mail through your ISP.
Preferably the former, as it may force more ISPs to offer the service.
Opportunity knocks. Karma hunts you down.