Slashdot Mirror
OSI And Microsoft Negotiating Over Sender ID
ValourX writes "Microsoft's Sender ID has already been rejected by both the Debian Project and the Apache Software Foundation, but Joe Barr of NewsForge today interviewed Larry Rosen of the Open Source Initiative and discovered that there are negotiations between the two entities with regard to Sender ID's licensing. Could Microsoft be considering an Open Source license for Sender ID? Slashdot has covered other aspects of this story in the past. NewsForge is part of OSTG, like Slashdot."
sender ID still sounds a lot like PGP to me. why not just use that?
Amen.
I hope they still reject it. There's bound to be a better solution that won't give Microsoft yet another stranglehold on this as well. For once I'd like to see a standard (free and open) that MS has to follow instead of the other way around.
Kyle
http://www.unlogikal.net/
look forward to MS accommodating an open source implementation, while freezing out a GPL-compatible implementation.
pr0n - keeping monitor glass spotless since 1981.
Could Microsoft be considering an Open Source license for Sender ID?
There are rumors of a massive cold front moving towards Hell. Forecasters are predicting temperatures may drop to below 32 degrees F. Stay tuned for more up to date info.
No trees were harmed in the composition of this; however, numerous electrons were inconvenienced.
If Apache refuses to accept this technology, then it is dead in the water. There aren't enough IIS servers to make a signficant dent in spam even with this technology.
Personally, I'd love it if technology were judged on the content of its character rather than the character of its creator, but this is not a perfect world and fanatics on both sides of the aisle pass up good ideas that come from the "wrong" side all the time.
I'm tired of filtering through the mountains of spam my users get everyday. There can be no legal recourse - the solution must be technological. I see this as a good thing.
Humor from a Genetically Molested Mind
SenderID really doesn't seem like that much of an improvement over SPF. Then you factor in the problem of licensing and you see how much of an big problem this really is. Even if you do get it accepted as some open source license (even the *gasp* GPL), I think we have way too many zealots/MS bashers working for the open source projects who wouldn't want to implement this.
And I'm sure others can chime in on more as i'm not totally familiar with all the stuff they use. but they seem to have embraced open source fairly heavily.
Kyle
http://www.unlogikal.net/
Microsoft might as well let SenderID go open source. It would make their jobs easier. Less spam = less viruses = less need for frequent updates and less load on Hotmail servers. Am I wrong?
Someone is always ready and eager to play the part of Charlie Brown.
...
"But maybe they are serious this time!"
"MS isn't ALWAYS evil"
This could just be a tactic by Microsoft to push their software. Think about it, a somber looking Balmer (if that's even possible) saying "We tried to negotiate with the OSS community, but because of their ignorance we wern't able to come to an agreement"
Of course, at the same time they will start more FUD sites touting the benifits of Sender ID and why it will ONLY run on their software.
John 3:16 - The easiest way to a BETTER YOU.
Head on over and listen in.
Help fight continental drift.
Open Source Initiative - not to be confused with the 7 layer Open Systems Interconnection Reference Model.
At least thats the first thing that came to mind here.
No matter how hard I try, I cant get to Kevin Bacon within 6 links from any random Wikipedia article.
Im dreaming ofa big bndwdth, That can resist the
Years ago when X.400 was the in thing, Microsoft wanted to own email. The servers, the clients, the messages and collect a per message fee just like the post office.
Can you explain why they don't think they can do this now?
Now they have a huge patent base thats building up and they are going to use it to kill off the other options.
This stuff scares me because its their way of taking control. They were a major player in the Gossip email systems and they lost out to SMTP. Now they have a sneakly way to undo that.
I'll take spam and forged email over paying MSFT $.25 a message.
I'm not certain PGP is up to the task, but certainly some sort of public/private key signing tech needs to be used. The most important thing is that it be based on open non-patent encumered algorithms... otherwise it will never be accepted broadly enough.
What really needs to happen is for an open counter proposal to come out, and that needs to be folded into the public code base for sendmail as managed by sendmail.org. Unfortunately sendmail.org is sponsered by Sendmail, Inc. (sendmail.com), a commercial company that has announced support for Microsofts version of Sender ID. This could be a source of conflict perhaps?
Cheers
Thad
The Bolachek Journals
the people who need to pull their finger out is ISC, they are the organisation in the best position to be initating the spam solution. think about it, and anti spam solution is going to involve DNS - what the leading DNS server? BIND. IF ISC and sendmail org got together they would have more clout on this issue then MS and be a hell of a lot more trust worthy.
If you mod me down, I will become more powerful than you can imagine....
Could Microsoft be considering an Open Source license for Sender ID?
I don't know about that but maybe they will release Clippy under an Open Source licence, just to show they care about the movement.It's basically like this:
Alot of MS mail environments don't send mail like SPF envisions. Sender-ID basically makes life easier for MS customers. MS is coming to SPF people, saying, heh, can you modify your protocol to be a bit more friendly to our implementations?
And, since there are actually users behind those mail servers, SPF folks say, sure. Lets talk. Lets see how we can better adapt to your architecture.
Then MS turns around and says, oh, you want to adapt to us? You'll have to sign these forms.
At which point, SPF people walk away. They've already got a great way to tell eachother what they need to say, and while they're willing to work with MS, really, Sender-ID really helps MS more than it helps anyone else. A fate where exchange deployments need to either alter their topology or risk getting their mail dropped isn't one that's beneficial to the company.
Indeed, there are these people called customers that'll handle any intransigence on the part of their vendor. Which, uh, is about what's happening right now.
I'm not saying this is exactly what's going on. Neither side is monolithic. But this is, at least from the outside, what appears to be happening. Someone on the inside should feel free to correct me.
--Dan
I don't think SenderID is anything whatsoever like PGP. Coincidentally I went to Microsoft.com and read about SenderID today to see what the fuss is about. Turns out, and I'm sure someone will correct me if I'm wrong, it's simply an extension record in your DNS MX record that basically lists the possible outgoing IP addresses for email from a certain domain. For instance Citibank would add their outgoing mail servers in their MX record (because presumably only authorized agents will be screwing with the MX record), and any recipient can simply check the MX record and get the possible source IP addresses, rejecting the phish attempt from some server in central Russia. There's a tool to configure the extension block.
As an aside, because invariably someone will mention this, TCP (on which SMTP is based) is connection based, so spoofing isn't an issue.
IIS does HTTP, FTP, and SMTP.
With millions of dollars in bandwidth costs on the line, and potentially billions of dollars in customer satisfaction, Microsoft may very well want to play nice on this issue. SPAM is a serious problem, and bickering and fighting isn't going to make it go away. Cooperation and hard work will.
Bryan
Two articles on the history of Sender-ID:
http://www.circleid.com/article/730_0_1_0_C/
http://www.circleid.com/article/732_0_1_0_C/
Note that they're "negotiating". This is MS we're talking about here...
"We'll give you a financial boost if you'll fast-track our application to be an OSI-Approved License. Just ignore the incompatibilities, and here's $100k for your trouble."
Same old problem ... who will watch the watchers. The only organization that is theoretically powerful enough to force Microsoft's compliance in such matters has repeatedly proven both its ineptness and impotence. And I don't see spammers (particularly those who aren't subject to the U.S. legal system) being too concerned about patent infringement. No, it seems to me that whatever system eventually gets adopted will have to be both wide-open and completely free of any "intellectual property" components (so that it can be trusted by all those who would have to use it) and implemented on such a massive scale that spam will simply become passe'. One nation isn't going to be able to combat spam all on its own: this will require ISPs the whole world over to co-operate. That is a non-trivial task in and of itself, but any attempt to promulgate a proprietary solution (particularly one controlled by a globally-distrusted entity such as Microsoft) is doomed to failure.
The higher the technology, the sharper that two-edged sword.
I'm just curious as to what is there to negotiate? Either they license it royalty-free for all fields of use, or it does not belong in an officially-recognised IETF standard. There is no "middle ground" license that will satisfy the community. Patents are, by definition, incompatible with open standards.
Could Microsoft be considering an Open Source license for Sender ID?
Well, looks like a good time to clarify the difference between patents and copyright for the benefit of the new blood here on slashdot. They are very different things, and you must understand what the law says before you can develop educated opinions on the law. Copyright is a government issued monopoly on the distribution, and public performance of a specific work and derivatives of that work. Patents on the other hand are a government issued monopoly on the commercial application of an idea. A book is a specific creative act, and thus falls under copyright. A method of building a tractor is an idea, and is thus patentable. You can't have copyright on an idea, and you can't patent a specific work.
Now onto this specific situation.
When you talk about open source licenses, you are dealing with copyright. A copyright license grants you specific (often limited) rights to distribute, perform, or modify the authors work. Without a copyright license you do not have the right to do any of these things. Open source software gives people the right to redistribute the work, created derivative works, and redistribute those works (possibly with the restriction that the derivative work must also be open source). However, it requires that if a work is distributed it must be available in a useful form - the original source code.
Now Caller-ID is not a piece of software - it is a protocol, a standard, an idea, and thus falls into the realm of patent law. A patent license gives you permission to use an idea in your own works. Without a patent license you do not have a right to use the idea in your own work, even if you thought of it by yourself. Microsoft has patented some of the ideas in Caller-ID, so anyone who wants to create an implementation of Caller-ID must get a patent license from Microsoft. The patent license which Microsoft is currently offering for Caller-ID has several issues that make it impossible to use the patented ideas in Open Source software without violating one of the licenses.
By now you can see what was wrong with the text I quoted - Sender ID is not a piece of software - it is a patented idea, and so it is nonsensical to talk about releasing it under an Open Source (copyright) license. What the submitter should have asked is "Could Microsoft be considering an Open Source friendly patent license for Sender ID".
That said you can read this post if you want to know more about why the current patent license for Caller ID is incompatible with Open Source software.
I may have missed any comments regarding this, but has anyone else drawn a connection between Sender ID and Microsoft's plan of "decommoditizing protocols" as referenced in the infamous "Halloween Documents"? 6 years later it seems their plans have remained the same. It'll be very interesting to see if they do come to some kind of agreement with the open source community.
Anyone that does not agree with the above should research what happened to Netscape and Stacker, and the many others who tried to deal with M$. They all got consumed by M$ or another large Corp.(AOL got Netscape) or they just folded and dissapeared.
Negotiating with M$ reminds me of a line from the Godfather:
In ten seconds your signature or your brains will be on the paper.
Professional Politicians are not the solution, they ARE the problem.
ACs are stupid.
But yes, Exchange also does SMTP (in addition to MAPI, POP3, and IMAP).
HOMER
Oh, they have the Internet on computers now!
MARGE
Homer, Bill Gates is here.
HOMER
Bill Gates?! Millionaire computer nerd Bill Gates! Oh my god. Oh my god. Get out of sight, Marge. I don't want this to look like a two-bit operation.
Marge groans and rolls her eyes. Bill Gates and two "associates" enter.
GATES
Mr. Simpson?
HOMER
You don't look so rich.
GATES
Don't let the haircut fool you, I am exceedingly wealthy.
HOMER
(quietly to Marge) Get a load of the bowl-job, Marge!
GATES
Your Internet ad was brought to my attention, but I can't figure out what, if anything, CompuGlobalHyperMegaNet does, so rather than risk competing with you, I've decided simply to buy you out.
Homer and Marge step aside to talk privately.
HOMER
This is it Marge. I've poured my heart and soul into this business and now it's finally paying off. (covering his mouth) We're rich! Richer than astronauts.
MARGE
Homer quiet. Acquire the deal.
HOMER
(to Gates) I reluctantly accept your proposal!
GATES
Well everyone always does. Buy 'em out, boys!
Bill Gates companions begin to trash the "office".
HOMER
Hey, what the hell's going on!
GATES
Oh, I didn't get rich by writing a lot of checks!
Bill Gates lets out a maniacal laugh. Homer and Marge cower in the corner as the room continues to be trashed.
-from www.simpsoncrazy.com
Python script to convert photos into "artsy" portraits: http://p2pbridge.sf.net/pyPortrait/
fscking newbies
IIS installs SMTPD
Exchange does NOT install SMTPD.
Hence, IIS does smtp email, not exchange. Exchange runs happily without that useless public standard, smtp.
Buncha useless whining fscking idiots.
Bleh. Quick, where's that URL for that study about how useless people always think they know more than other people?
Technically, the process you describe is included in SPF, which is an open/free standard and existed before (but has become integrated in) Sender-ID. Sender-ID provides for a few other things too, but none of them are terribly important imho. Raw SPF would suffice.
in a wrestling ring with no referee and metal folding chairs conveniantly nearby.
I wonder if SenderID might require some old Exchange installs to be upgraded. When I tried searching Microsoft's web site for "SenderID Exchange 5.5", I got one link. Items I should consider when building "Commerce Solutions with Technology". So I am taking that as a yes. Cha-ching, Microsoft...Commerce Solutions with Technology at work!
Strange women lying in ponds distributing swords is no basis for a system of government.
A solution to stopping spam is outlined here:
p am.html
http://antispam.yahoo.com/domainkeys
I picked up this link from here:
http://www.pgp.com/resources/ctocorner/cryptoands
This was a discussion about how pgp alone will not stop spam but how yahoo domain keys might. Due to domainkeys ability to actually verify the domain the e-mail is being sent from.
SPF support for most open source mail servers can be found at libspf2.
Yeah.
Exactly the same way that DVD-CCA's patent on CSS has empowered them to sue all non-conforming DVD player software out of existence.
Exactly the same way SCO's "copyrights" and "patents" on UNIX technology allowed them to sue all non-conforming UNIX and UNIX-like implementations out of existence.
Nice thought; won't work.
Schwab
Editor, A1-AAA AmeriCaptions
Insight into the current situation can be found in a post by Matt Sergeant (Spamassassin/messagelabs):
http://www.imc.org/ietf-mxcomp/mail-archive/msg040 45.html
SPF support for most open source mail servers can be found at libspf2.
How about introducing a new MS record (not Microsoft ;-)) to point to Mail Senders? MX server(s) can continue to be the mail recepient(s). This gives the control to more distributed DNS system rather than a single company.
Mail servers need to accept mails from a domain only if they are coming from the MS servers for that domain.
This is not a novel idea. Most mail sersvers have a configurable feature to accept mails only from MX servers for that domain anyway.
Which would you rather know? Who sent the mail, or where the mail came from? Sender ID only tells you where. With S/Mime you get both. And this sender ID/SPF thing requires that EVERYBODY use it or else. On the other hand, S/Mime can be phased in gradually, one user at a time, and could easily be filtered client side. It looks to me like a major piece of the spam solution is right under your noses.
I still haven't heard what's wrong with SPF. The only thing seems to be that a decision has to be made that `we' all support it. So if we just take that decision, at some point MS has no choice but to follow, putting them back where they belong, in the back seat.
I really do not understand why people use the term "TCP/IP".
TCP is just one of the protocols running under IP on a normal computer. The others are UDP and ICMP. So if you want to include that protocal layer in the name, "TCP+UDP+ICMP/IP" would be better. Or you could just say "IP".
To me, this is like calling all four wheels on a car "front wheels".
You missed Safari (KHTML), and Rendezvous. Also the Objective-C langauge that their GUI framework is built on is an extension of GCC.
The competitive advantage comes from having something thanks to Open Source where otherwise you would have nothing. It's hard to compete if you don't have anything to compete with. Apple have built their entire OS on top of Open Source, and they and NeXT before them have done so since the late 1980s!
iChat rocks for IM. Simple and powerful. If you want endless config dialogs, sure, go for another client. Enjoy. As for Darwin not being as 'sophisticated' as the broken lump of spaghetti code that is the NT kernel, how exactly is that a bad thing? Linux is less sophisticate than HURD...
I can't tell you what the worker bees at Microsoft are considering, but I can tell you what the movers and shakers at the top are considering. They're considering what course of action will do the most harm to the Free Software community in general, and people's perception of the GPL in particular. When they think they've figured out what that course of action is, they'll tell the troops to do it.
All this talk of various new(?) protocols and tags is pure FUD and bullshit.
spam can be eradicated (99%) in 48 hours, this was true years ago when I used to hang out on nanae and it is still true today, because 99% of spam originates from companies with "pink" (no AUP) connectivity / IP block contracts that typically pay the provider several times the market rate per IP / Gb of bandwidth.
I could go out today and buy a block of 255 IP addresses on an OC3 and stick 72U of servers behind it sending out spam 24/7, and NOT lose my connectivity....
Sure, it might suck if you have a close IP to mine and SPEWS lists the company that is providing connectivity to both you and me, but at the end of the day money talks.
And at the end of the day there is more money in marketing (globally) than even bill g can dream of.
_NOTHING_ short of an equivalent to the usenet death penalty (which is different because fuck all providers make 1 cent out of usenet, for 95% of them it is a loss making service bundled with http / smtp etc) SPEWS style will ever stop spam.
As far as OSS goes as far as I can see there is only one way to make this work, and that is to use an electronic analogy of what I do at home.
I get junk (snail) mail every day, lots of it comes with pre-paid return envelopes, most of it doesn't.
The stuff advertising local firms tends not to have pre-paid envelopes, that national stuff tends to have pre-paid envelopes. So I sort my junk mail into local and national, takes about 3 seconds.
The local stuff I just throw out into the street to blow around and litter the place, the residents get pissed off, the council gets pissed off, clear plastic bags containing samples of the litter get placed on council meeting tables and the companies whose names are on said bits of paper get a hard time from the council and everything from business rates increases to bills to clean up litter.
The national stuff I just stuff into the prepaid return envelopes, just not the right envelopes, so each company gets an envelope full of some other companies junk mail, and pays for the postage.
Result, I now get about 4 pieces of junk mail per week, it DOES work IF you work at it for a year or two.
I see a similar thing in the OSS community as being the only solution, it takes a little bit of care to eliminate the joe-jobbed return addresses, but all you need is a spam filter that directs spam back to other spammers addresses, and if they have no smtp ports open then try to send it to them on port 80 every second for 24 hours.
Yes I ___AM___ advocating DDoSing the cunts off the net, because when spam starts costing spammers money and denial of THEIR services they will stop, not before.
http://slashdot.org/~GuyFawkes/journal
Employee of Inrupt, Project Release Manager and Community Manager for Solid
We know already that SID doesn't comply in spirit with the internet we know and love.
.. and its by our trustworthy future thinking pal microsoft.
We know spammers are already lined up and using SID, so the system is already polluted. "ya want validated spam with that?"
MS doesn't want OSS/Linux/etc. They have made that quite clear. Right now they need us to support this or the whole thing fails- or they start an apache war or something. MS has enough control already. IMHO they should have no say-so about my email.
Some persons at ms are getting *paid* to deploy this successfully & quickly and they will try very hard to do so. This includes convincing everyone else to support it. (for free?) Hold the ropes boys and girls.
Why would the OSS community care about supporting something that is IP encumbered by ms and in litigation, broken, basterdized, and infested with spammers already? err
So IIRC if they flick the switch on this thing hotmail and msn will be crippled and only work with SID friendly systems. Boo Hoo. maybe hotmail users will complain to ms since they won't be able to complain to me!
Look-- Every time ms does something like this eg: tcp/ip, kerberos, iis,ie,outlook, etc. it's a train wreck of decaying squid parts. Learn from the mistakes. If they need support for SID stall them:
Tell them you'll put it on an Action List or you'll do it as soon as 'counsel gives you the green light'. Tell them you use drugs and therefore cannot be trusted with such thigs until rehab! or Just lie! They'll never expect it! Better yet make them believe it will soon be supported!
Anyway I hereby claim my disgust and lack of support for sender id and beg all the developers working so hard on interesting things being bothered to support this to not waste their time and keep on inventing.
Thank you.
Firefox &
This isn't meant to be a troll, but honestly, who other than the Debian folks care that they opted not to adopt Sender-ID. I understand they "represent" the purity of libre software, but there's plenty of things they haven't added to their distro based upon their ideologies. Furthermore, it's not as if they would be writing the software. If they want to patch it to remove support from upstream, fine, but that hardly is a threat to Sender-ID (software that wouldn't make it to Stable for a couple years anyway). So, it seems to me this is all a bunch of self-righteousness, and the fact Debian doesn't want to play really is insignificant. If I'm off-base though, please answer the original question and set me straight.
Sure it is.
Microsoft is a master at manipulating situations for it's own gain and to the severe detriment of everyone else. This fact should not be ignored when considering their products.
It has been this way since MITS, quite possibly since before you were even born.
A Pirate and a Puritan look the same on a balance sheet.
Sounds like you want DomainKeys. Sendmail has support for DomainKeys as well, as does qmail.
-russ
Don't piss off The Angry Economist
And so the rule of business is to screw everyone every chance you get?
Naa. I don't think so. While many *people* DO practice business this way (and they ARE people - PEOPLE screw you, the business doesn't act on it's own) there's also a great many that do not. Just because Microsoft is a very large company doesn't mean they are off the hook in the ethical department.
- It's not the Macs I hate. It's Digg users. -