Slashdot Mirror


IETF Decides On SPF / Sender-ID issue

Zocalo writes "The MARID working group at the IETF responsible for deciding on which extensions to SMTP will be used to try and prevent spoofing of the sender has made their decision. At issue was whether Microsoft's patent encumbered Sender-ID would be eligable for inclusion in an Internet standard. An initial analysis of the text of their decision, available here with a brief analysis, would suggest not. Unless Microsoft is going to make any dramatic concessions out of desperation, that pretty much clears the way for Meng Wong's Classic SPF to become the standard and hopefully make Joe-Jobs at thing of the past."

7 of 269 comments (clear)

  1. I love it by kc0re · · Score: 5, Insightful

    I love it when the world has a moment of clarity and decides that Microsoft has enough damn patents and we're not going to let them run everything. Adopt the open standard that everyone can use. It makes more sense.

  2. It's been said before, but it's worth repeating by Weaselmancer · · Score: 4, Insightful

    Microsoft shouldn't be surprised that their patent-encumbered method didn't fly. Remember the whole "burn all GIFs" campaign, when a patent made gif files possibly illegal to use? Now - imagine that mess with your email, and Microsoft holding the reins. Argh.

    We've been through the whole embrace-and-extend loop with MS before, and it's nice to see the IETF understand the problems that a patent encumbered standard would produce.

    --
    Weaselmancer
    rediculous.
    1. Re:It's been said before, but it's worth repeating by Weaselmancer · · Score: 4, Insightful

      Well, it's not really a problem anymore because the gif patent expired, so they're ok to use now.

      But I still think the point is a valid one - and an excellent example of why software patents are a bad idea. I know it's contrary to Slashdot groupthink, but what if Microsoft's implementation is the superior one? (Work with me guys, it's hypothetical) Now, because of the patents, it'll never be used and we'll be missing out on a good thing.

      --
      Weaselmancer
      rediculous.
  3. Re:Standards == Monopoly?? by peragrin · · Score: 4, Insightful

    Yes the ITEF can use patented standards.

    On the other hand if the majority of Email servers are F/OSS, and F/OS doesn't adopt it because of the patent, it doesn't make sense to support it anyway. You suddenly appear to be in MSFT's pocket.

    Being in MSFT's pocket nowadays isn't considered a good thing.

    --
    i thought once I was found, but it was only a dream.
  4. Re:SPF is NOT about... by afidel · · Score: 4, Insightful

    Yes, but this does change the method finding the origionator of spam and other annoying messages. It allows an ISP to lock down a compromised system after it sends a very large volume of emails through their gateway, it allows black holes to target ip's used by spammers more efficiently, and it allows email gateways to throw away virus emails which came directly from infected system which are obviously not authorized to send for the myriad of spoofed addresses they have classically used. It is just a tool in the fight against spam and viruses, but it is a fairly powerfull first step in patching SMTP into a more trustworthy system.

    --
    There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
  5. It is absolutely insane to let MS be involved by Featureless · · Score: 4, Insightful

    There is absolutely zero value proposition for anyone to let MS own, encumber, or otherwise threaten, by act or by fear of an act, the email standard.

    They need to be kept 1000 feet away from any standards setting. Microsoft should only encounter the email standard when they send an email. Anything else is an absurdly bad idea.

    If you had to bet, could you honestly bet they wouldn't exploit their license to shut out open source, or (more likely) GPL, now or (more likely) later?

    I'd bet your well-cushioned ass they would.

    It is hardly a conspiracy theory, when you can open any business section and read about their new patent portfolio manager or the SCO lawsuit. They play dirty, they do it in exactly this way, and everybody knows it.

    Letting them taint the standard is bad for other vendors. It's bad for service providers. It's bad for users (read: most of the world's population, individuals and businesses). It's even bad for Microsoft itself.

    It is absolutely absurd to have a standards war over email. But now we have to consider it.

    Standards bodies may do the right thing. That's great. But what I fear now is that Microsoft will say "OK, you don't want to play our game? That's fine. Have it your way. Just don't bother sending any emails to @microsoft.com or @hotmail.com (and everywhere else we can buy or control) without a patented Caller/Sender ID record."

    When they do this, we have to stand in a big line facing them, stare back, grin, and say "your loss."

    Get ready...

  6. Re:Certificate based sender authentication by l3v1 · · Score: 4, Insightful

    Such a good thought that I was thinking and spreading this idea for a time. But I had to realize I can't succeed. Why ? Because while our IT friends use GPG, nobody else does it willingly. They all say it would make their life more difficult. Most of them out there don't even know what signing is, let alone GPG. My answer to that is as always: right, complaining is easier :P

    The problem all around spam is most of the users are just users. Don't understand, don't care, don't want to care. They just spread other people's viruses, spam, etc. without knowing or if knowing don't believeing they do much trouble by using crappy buggy and vulnerable sw.

    If I could afford the luxury to devnull all e-mails I receive that are not signed, I would never ever get spam, that's for sure. The problem is one can't easily talk others into GPG.

    They would much more easily turn into over-patented Microsoft solutions however crappy or overpatented they would be.

    --
    I am putting myself to the fullest possible use, which is all I can think that any conscious entity can ever hope to do.