Slashdot Mirror
Debian Project Rejects Sender-ID
NW writes "Following on the heels of Apache Foundation taking a stance against Sender-ID, the Debian Project announced today their rejection of Sender-ID as well."
← Back to Stories (view on slashdot.org)
← Back to Stories (view on slashdot.org)
Perhaps this is where closed source vendors (read: Microsoft) will lead the adoption of Sender-ID.
Of course patent-encumbered standards will never take. Why do companies even hope that it will? Do they remember what happened to IBM and MCA?
A NYC lawyer blogs. http://www.chuangblog.com/
We have many major players rejecting this proposal in public. Is it enough for critical mass?
Sendmail has a plugin available which allows for Sender ID compliance. Which other GPL software will be modified by third parties? This is the joy of GPL software, of course, to maintain it separately from the core. This is also the Achilles' Heel. If Microsoft wanted to do so it could produce the necessary changes for all of these dissenting software packages itself -- and distribute them itself -- and achieve dominance through this method.
The official group declaration would mean little if the availability of the encumbered proposal is enormous and well known.
Most importantly, why wasn't this type of public condemnation available for the various W3C proposals that had patents attached? We cannot pick and choose the fights we engage in - our opposition to patents and intellectual property in standards must be uniform and universal. Once a single standard is accepted despite being weighed down by IP concerns the floodgates will open.
My reality check bounced.
I'm assuming Microsoft will soon enough have mail servers that support (or worse, require!) sender ID, and will advertize heavily with this as a supposed extra security feature that OS cannot or will not offer. What I'm wondering: is this in any way a threat to OS and the infrastructure of the web?
I've read both statements and, while I agree they can do whatever they want with their software/distributions/etc., I've seen little analysis.
What makes Sender-ID so bad, in comparison to other technologies that both do support (say ASP and SMB). Is it because they reverse-engineered those and MS is trying to release this into the "open"? Are they waiting for a reverse-engineered version?
I know some about coding but little about law. What in particular about this license is causing so much trouble? Could MS change a few lines and it would be accepted?
A list of SPF-enabled registrars and DNS providers is at http://www.spf.idimo.com/
This should be a concern for all, no matter how you feel about MS, or even if this was another company, like IBM, HP, etc. The standards which hold the Internet together cannot "belong" to one company.
Everybody here is no doubt familiar with the "unofficial standard" that is Microsoft Word: meaning, they have been sent Word documents or asked to send documents in Word format as if everybody used Word. Microsoft has ensured that the clueless masses default to Word's format as an Internet standard (or as an example of "best practices" -- to use the latest buzzword).
You can find examples of this in business, education, and government.
It's possible that we're going to see e-mail "evolve" in the same way. Ninety percent of e-mail flying around the Internet will use the new Sender ID standard; those not using it will seem odd and likely be forced to use it more often than not in their various business dealings.
quiquid id est, timeo puellas et oscula dantes.
7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.
http://www.electricstate.com/articles/defuglify-sl ashdot. Drag the link to your Bookmarks toolbar. That's all there is to it.
Karma: Segmentation fault (tried to dereference a null post)
It's sad, but it seems that taking sometimes the most primitive steps to help secure one's mail server is over the heads of mail administrators. Even worse, the amount of resistance to having an MTA have proper reverse is incredible.
A short time ago the company I worked for started refusing inbound connections from MTA's that didn't have proper reverse DNS. By proper reverse dns I mean as per RFC 1912 section 2.1 . While the word must isn't used in the RFC, the word should is used, and the RFC even states "For every IP address, there should be a matching PTR record in the in-addr.arpa domain........Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all."
Imagine when I had to explain what proper reverse DNS was to an MCI "internet engineer" (That was the title in his e-mail). Imagine my suprise at the number of complaints generated - and even greater suprise that people simply REFUSED to fix their problem. Instead, bowing to our own customer pressure, we stopped enforcing the checks. We again became part of the problem, instead of part of the solution.
We did this because we saw lots of spam that came from MTA's with no reverse. Even more telling we found lots of spam that used "spoofed" reverse dns. I.E. the reverse had a pointer to some host like mx4.hotmail.com, when no forward with that IP existed. This is most common from spammers coming out of eastern Europe, and some out of china. By refusing to accept mail from these we lowered the amount of delivered SPAM.
Supposedly, AOL, Road Runner, and AT&T require reverse dns. In actuality they don't. If the community is truly serious about fighting spam then they would follow their own policies, and they would help. If AOL and hotmail alone required valid everse DNS the rest of the world would follow suit in short order. By not enforceing their own published rules, very large providers are part of the problem, and their laziness continues to perpetuate the problem.
Considering their inability to enforce something as simple and as easy as rdns (RFC 1912 published 1996) I see no hope for caller ID, or SPF records. They all sound like great standards - but we can't even enforce the standards we have had for almost 10 years.
Debian is correct to reject the "caller-id" feature. Not for any copyright reason, but because it won't work in the current environment with so many lazy administrators, and the only adoption being the spammers themselves.
cluge
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
It is very likely that Sun, IBM and RedHat will reject Sender-ID as well. Here is a very interesting read on News Forge
This is my sig. There are thousands more, but this one is mine.
We are also concerned that no company should be permitted intellectual property rights (IPR) over core Internet infrastructure.
Seems obvious to me. Why isn't it obvious to the IETF?
Debian again: We believe the IETF needs to revamp its IPR policies to ensure that the core Internet infrastructure remain unencumbered.Right on.
A company like Microsoft has no respect for the rights of others, no respect for ethics, no respect for the ideals of the people who built the Internet infrastructure for our benefit. I agree with Debian that no company should be permitted IP rights over core Internet infrastructure. But especially not a predatory company like Microsoft.
Description of the Sender ID Framework from Microsoft.
It would be so much nicer if people writing/editing these stories would link to stuff that isn't blindingly obvious to everyone.
p
In Korea, long hair is for old people!
They were right to reject it. The open source world often stands together in such issues, and the only end result that could happen is a truly free standard that will take on the world. Now that issues have been raised, it means every other distro will analyse it, and probably not include it either but help work on a "free" one, and the internet in reality runs off Unix, so we have a VERY good chance of getting a strongly supported standard out there.. Very few major mail servers run off Windows, hotmail is probably the only one I'd imagine.
Just one question, has there been any work on a open standard yet?
Is there any way one can actualy find out what Sender ID _is_, without increasing one's exposure to patent infringement lawsuits?
Apart from the fact that Microsoft are an incredibly wealthy and successful company, they deserve a moment's silent respect for their utter failure to understand the way the IT market is evolving.
The attempt to inject patents into anti-SPAM tools is well-founded for a company that wants to find new business models, but it's incredibly offensive to the Internet community. Not just "nerds" and "fanatics" exposing some radical political viewpoint, but the hundreds of thousands of hard-working people who actually built the servers that run the web.
Technology gets ever cheaper and this inevitably destroys old markets. For the world's largest software company to _still_ earn the bulk of its money from operating systems and office suites is quite amazing. These are commodity products and only sell through brute-force tactics that are eventually self-defeating.
Microsoft should step back from trying to control essential domains such as email, and focus on what they are really good at: providing the unwashed masses with easy-to-use, pretty front-ends. It's a market with huge potential but its success depends on a reliable and expanding back-end infrastructure, exactly the domain that Microsoft is incapable of delivering.
A message to Microsoft: please understand that open source is the key to your long term survival. Embrace it, or die. Open source is the cornucopia of software technology: it will create a hundred million new software consumers, and most of these will be potential new clients.
Just produce software they actually want, not software they are forced into buying by your devious political games.
When the Internet first became popular, Bill Gates announced that the Microsoft Network would be better. He was wrong, and after a couple of years, forced Microsoft to embrace the net rather than fight it.
The same is true of open source. It's only a conflict because Microsoft is refusing to face the inevitability of the situation.
A moment's pity, therefore. They may be rich. That does not make them either smart, or right.
Sig for sale or rent. One previous user. Inquire within.
The big push here needs to be for Mozilla to refuse to support it.
We heard here yesterday that Mozilla has a far bigger market share than Debian does - and Mozilla actually does read mail and reject spam. So their refusal to participate in a Microsoft takeover of the world wide email system would have some real meaning.
It's good that Apache came out against it...what about 'sendmail'?
There also needs to be some promotion of a good alternative that's not IP-encumbered and which would hopefully have technical merits too...it's easy to refuse to support a proposed standard - but it's better to have a good reason to recommend a solid alternative.
www.sjbaker.org
Of course, if you have a DNS provider who won't let you make such changes, you probably need a different DNS provider!
You can implement handling the setup of the DNS TXT records without touching anything Microsoft claims ownership of. You can implement the checking of the HELO/EHLO and MAIL FROM via SPF with no patent concerns. Will Apache, Debian, et al dismiss this, simply because the most popular implementations of SPF also support checking the header FROM field, which is supposedly Microsoft's idea?
Sender ID adds checking of the header FROM field to SPF. SPF just checks the domains mentioned in the SMTP protocol exchange (HELO/EHLO, MAIL FROM), while Sender/Caller ID check the optional FROM header found in the DATA portion.
(emphasis added)
The only way that Debian could accept Sender-ID is to reject the GPL. At that point, having denied its own soul, it would cease to be 'Debian' by any meaningful definition - it would be ex-Debian.
[100% ISO 646 Compliant]
SVM, ERGO MONSTRO.
Trying to sneak a pantented standard in, then later charging for it after wide-spread adoption seems more likely, if you do remember that quote.
The sendmail support is from Sendmail, Inc. not from the open-source sendmail at sendmail.org
>A moment's pity, therefore. They may be rich. That does not make them either smart, or right.
I can't help but to laugh at this example of uninformed zealotry. Even if I weren't dubious about MS meriting any pity, this is rather like a 8 year old child patting itself on the back for outrunning a geriatric in a wheelchair.
OSS fits somewhere into MS's problems, but is hardly the dominant factor. Aside from OSS, their primary problems right now stem from the the worldwide wave of anti-monopoly lawsuits, being crushed between the need to maintain compatibility with their insecure legacy interfaces and the need to leave them behind to catch up on security, their poor public image caused by bugs on one front and the failed Sofware Assurance licensing program on the other, and last but hardly least, lack of new markets/product offering categories to expand into.
Come back and proclaim victory when MS is bankrupt and combined revenues for Linux and OSS support/products (i.e. IBM's non-Linux/OSS divisions don't count) approach that of the proprietary software world. The former may be inevitable, but, unless the OSS world changes radically, I'd give long odds against the latter occurring anytime soon.