Slashdot Mirror
OSI And Microsoft Negotiating Over Sender ID
ValourX writes "Microsoft's Sender ID has already been rejected by both the Debian Project and the Apache Software Foundation, but Joe Barr of NewsForge today interviewed Larry Rosen of the Open Source Initiative and discovered that there are negotiations between the two entities with regard to Sender ID's licensing. Could Microsoft be considering an Open Source license for Sender ID? Slashdot has covered other aspects of this story in the past. NewsForge is part of OSTG, like Slashdot."
I hope they still reject it. There's bound to be a better solution that won't give Microsoft yet another stranglehold on this as well. For once I'd like to see a standard (free and open) that MS has to follow instead of the other way around.
Kyle
http://www.unlogikal.net/
look forward to MS accommodating an open source implementation, while freezing out a GPL-compatible implementation.
pr0n - keeping monitor glass spotless since 1981.
Because PGP is not simple to use. And there's no huge company behind it.
I'm tired of filtering through the mountains of spam my users get everyday. There can be no legal recourse - the solution must be technological. I see this as a good thing.
Humor from a Genetically Molested Mind
SenderID really doesn't seem like that much of an improvement over SPF. Then you factor in the problem of licensing and you see how much of an big problem this really is. Even if you do get it accepted as some open source license (even the *gasp* GPL), I think we have way too many zealots/MS bashers working for the open source projects who wouldn't want to implement this.
I hate patents as much as the next guy... and even more when they are in the hands of a convicted monopolist.. But on the idea of a patented SPF system, consider this.
Wouldn't a patent on a mail mechanism be the perfect legal method of reducing spam? If the patent was held by a benevolent enough organisation, they could revoke spammers rights to use the patented methods to send spam, and not need to worry about new laws being passed.
I know, it has plenty of options for abuse.. but done correctly, it would put the law into the hands of the people receiving mail when it comes to suing spammers..
Open Your Mind. Open Your Source.
Years ago when X.400 was the in thing, Microsoft wanted to own email. The servers, the clients, the messages and collect a per message fee just like the post office.
Can you explain why they don't think they can do this now?
Now they have a huge patent base thats building up and they are going to use it to kill off the other options.
This stuff scares me because its their way of taking control. They were a major player in the Gossip email systems and they lost out to SMTP. Now they have a sneakly way to undo that.
I'll take spam and forged email over paying MSFT $.25 a message.
I may have missed any comments regarding this, but has anyone else drawn a connection between Sender ID and Microsoft's plan of "decommoditizing protocols" as referenced in the infamous "Halloween Documents"? 6 years later it seems their plans have remained the same. It'll be very interesting to see if they do come to some kind of agreement with the open source community.
Technically, the process you describe is included in SPF, which is an open/free standard and existed before (but has become integrated in) Sender-ID. Sender-ID provides for a few other things too, but none of them are terribly important imho. Raw SPF would suffice.
Not only have they botched TCP they've managed to try and replace it several times, none of which were particularaly well taken but still.
That said. I don't have a spam problem because I use email responsibly. It's morons and their forwards and honestly someone I know gets over 1000 spam messages a day and they deserve every one of them.
A solution to stopping spam is outlined here:
p am.html
http://antispam.yahoo.com/domainkeys
I picked up this link from here:
http://www.pgp.com/resources/ctocorner/cryptoands
This was a discussion about how pgp alone will not stop spam but how yahoo domain keys might. Due to domainkeys ability to actually verify the domain the e-mail is being sent from.
How about introducing a new MS record (not Microsoft ;-)) to point to Mail Senders? MX server(s) can continue to be the mail recepient(s). This gives the control to more distributed DNS system rather than a single company.
Mail servers need to accept mails from a domain only if they are coming from the MS servers for that domain.
This is not a novel idea. Most mail sersvers have a configurable feature to accept mails only from MX servers for that domain anyway.
Which would you rather know? Who sent the mail, or where the mail came from? Sender ID only tells you where. With S/Mime you get both. And this sender ID/SPF thing requires that EVERYBODY use it or else. On the other hand, S/Mime can be phased in gradually, one user at a time, and could easily be filtered client side. It looks to me like a major piece of the spam solution is right under your noses.
If MS wanted to play nice, they'd just accept SPF.
No, it really is all about the $$$ -- MS already lost, but they still want a piece of the pie. They might make SenderID open source, but will it be Free? And what happens when they get additional patents for SenderID 2.0?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
I still haven't heard what's wrong with SPF. The only thing seems to be that a decision has to be made that `we' all support it. So if we just take that decision, at some point MS has no choice but to follow, putting them back where they belong, in the back seat.
All this talk of various new(?) protocols and tags is pure FUD and bullshit.
spam can be eradicated (99%) in 48 hours, this was true years ago when I used to hang out on nanae and it is still true today, because 99% of spam originates from companies with "pink" (no AUP) connectivity / IP block contracts that typically pay the provider several times the market rate per IP / Gb of bandwidth.
I could go out today and buy a block of 255 IP addresses on an OC3 and stick 72U of servers behind it sending out spam 24/7, and NOT lose my connectivity....
Sure, it might suck if you have a close IP to mine and SPEWS lists the company that is providing connectivity to both you and me, but at the end of the day money talks.
And at the end of the day there is more money in marketing (globally) than even bill g can dream of.
_NOTHING_ short of an equivalent to the usenet death penalty (which is different because fuck all providers make 1 cent out of usenet, for 95% of them it is a loss making service bundled with http / smtp etc) SPEWS style will ever stop spam.
As far as OSS goes as far as I can see there is only one way to make this work, and that is to use an electronic analogy of what I do at home.
I get junk (snail) mail every day, lots of it comes with pre-paid return envelopes, most of it doesn't.
The stuff advertising local firms tends not to have pre-paid envelopes, that national stuff tends to have pre-paid envelopes. So I sort my junk mail into local and national, takes about 3 seconds.
The local stuff I just throw out into the street to blow around and litter the place, the residents get pissed off, the council gets pissed off, clear plastic bags containing samples of the litter get placed on council meeting tables and the companies whose names are on said bits of paper get a hard time from the council and everything from business rates increases to bills to clean up litter.
The national stuff I just stuff into the prepaid return envelopes, just not the right envelopes, so each company gets an envelope full of some other companies junk mail, and pays for the postage.
Result, I now get about 4 pieces of junk mail per week, it DOES work IF you work at it for a year or two.
I see a similar thing in the OSS community as being the only solution, it takes a little bit of care to eliminate the joe-jobbed return addresses, but all you need is a spam filter that directs spam back to other spammers addresses, and if they have no smtp ports open then try to send it to them on port 80 every second for 24 hours.
Yes I ___AM___ advocating DDoSing the cunts off the net, because when spam starts costing spammers money and denial of THEIR services they will stop, not before.
http://slashdot.org/~GuyFawkes/journal
This isn't meant to be a troll, but honestly, who other than the Debian folks care that they opted not to adopt Sender-ID. I understand they "represent" the purity of libre software, but there's plenty of things they haven't added to their distro based upon their ideologies. Furthermore, it's not as if they would be writing the software. If they want to patch it to remove support from upstream, fine, but that hardly is a threat to Sender-ID (software that wouldn't make it to Stable for a couple years anyway). So, it seems to me this is all a bunch of self-righteousness, and the fact Debian doesn't want to play really is insignificant. If I'm off-base though, please answer the original question and set me straight.
And so the rule of business is to screw everyone every chance you get?
Naa. I don't think so. While many *people* DO practice business this way (and they ARE people - PEOPLE screw you, the business doesn't act on it's own) there's also a great many that do not. Just because Microsoft is a very large company doesn't mean they are off the hook in the ethical department.
- It's not the Macs I hate. It's Digg users. -