OSI And Microsoft Negotiating Over Sender ID

ValourX writes "Microsoft's Sender ID has already been rejected by both the Debian Project and the Apache Software Foundation, but Joe Barr of NewsForge today interviewed Larry Rosen of the Open Source Initiative and discovered that there are negotiations between the two entities with regard to Sender ID's licensing. Could Microsoft be considering an Open Source license for Sender ID? Slashdot has covered other aspects of this story in the past. NewsForge is part of OSTG, like Slashdot."

Bah

[FuzzzyLogik]

I hope they still reject it. There's bound to be a better solution that won't give Microsoft yet another stranglehold on this as well. For once I'd like to see a standard (free and open) that MS has to follow instead of the other way around.

divide and conquer

[flacco]

look forward to MS accommodating an open source implementation, while freezing out a GPL-compatible implementation.

Re:divide and conquer

[flacco]

Be happy that an open source implementation came out of them. You don't use Apache software because it's not GPL'd? That's a bit rough don't you think?

i didn't say anything about relative merits of open source vs. free software - just that i suspect one of ms's eventual tactics is to isolate free software. they've indicated as much in past statements.

There is no Negotiating

[thogard]

Years ago when X.400 was the in thing, Microsoft wanted to own email. The servers, the clients, the messages and collect a per message fee just like the post office.

Can you explain why they don't think they can do this now?

Now they have a huge patent base thats building up and they are going to use it to kill off the other options.

This stuff scares me because its their way of taking control. They were a major player in the Gossip email systems and they lost out to SMTP. Now they have a sneakly way to undo that.

I'll take spam and forged email over paying MSFT $.25 a message.

Halloween Documents Anyone

I may have missed any comments regarding this, but has anyone else drawn a connection between Sender ID and Microsoft's plan of "decommoditizing protocols" as referenced in the infamous "Halloween Documents"? 6 years later it seems their plans have remained the same. It'll be very interesting to see if they do come to some kind of agreement with the open source community.

Nit-picking

Technically, the process you describe is included in SPF, which is an open/free standard and existed before (but has become integrated in) Sender-ID. Sender-ID provides for a few other things too, but none of them are terribly important imho. Raw SPF would suffice.

pgp and domainkeys

[iradik]

A solution to stopping spam is outlined here:

http://antispam.yahoo.com/domainkeys

I picked up this link from here:

http://www.pgp.com/resources/ctocorner/cryptoandsp am.html

This was a discussion about how pgp alone will not stop spam but how yahoo domain keys might. Due to domainkeys ability to actually verify the domain the e-mail is being sent from.

Re:It's all about $$$

[mrchaotica]

If MS wanted to play nice, they'd just accept SPF.

No, it really is all about the $$$ -- MS already lost, but they still want a piece of the pie. They might make SenderID open source, but will it be Free? And what happens when they get additional patents for SenderID 2.0?

"Pink" contracts are the source of spam.

[GuyFawkes]

All this talk of various new(?) protocols and tags is pure FUD and bullshit.

spam can be eradicated (99%) in 48 hours, this was true years ago when I used to hang out on nanae and it is still true today, because 99% of spam originates from companies with "pink" (no AUP) connectivity / IP block contracts that typically pay the provider several times the market rate per IP / Gb of bandwidth.

I could go out today and buy a block of 255 IP addresses on an OC3 and stick 72U of servers behind it sending out spam 24/7, and NOT lose my connectivity....

Sure, it might suck if you have a close IP to mine and SPEWS lists the company that is providing connectivity to both you and me, but at the end of the day money talks.

And at the end of the day there is more money in marketing (globally) than even bill g can dream of.

_NOTHING_ short of an equivalent to the usenet death penalty (which is different because fuck all providers make 1 cent out of usenet, for 95% of them it is a loss making service bundled with http / smtp etc) SPEWS style will ever stop spam.

As far as OSS goes as far as I can see there is only one way to make this work, and that is to use an electronic analogy of what I do at home.

I get junk (snail) mail every day, lots of it comes with pre-paid return envelopes, most of it doesn't.

The stuff advertising local firms tends not to have pre-paid envelopes, that national stuff tends to have pre-paid envelopes. So I sort my junk mail into local and national, takes about 3 seconds.

The local stuff I just throw out into the street to blow around and litter the place, the residents get pissed off, the council gets pissed off, clear plastic bags containing samples of the litter get placed on council meeting tables and the companies whose names are on said bits of paper get a hard time from the council and everything from business rates increases to bills to clean up litter.

The national stuff I just stuff into the prepaid return envelopes, just not the right envelopes, so each company gets an envelope full of some other companies junk mail, and pays for the postage.

Result, I now get about 4 pieces of junk mail per week, it DOES work IF you work at it for a year or two.

I see a similar thing in the OSS community as being the only solution, it takes a little bit of care to eliminate the joe-jobbed return addresses, but all you need is a spam filter that directs spam back to other spammers addresses, and if they have no smtp ports open then try to send it to them on port 80 every second for 24 hours.

Yes I ___AM___ advocating DDoSing the cunts off the net, because when spam starts costing spammers money and denial of THEIR services they will stop, not before.