September 07, 2004, 4:12 PM — Two prominent open-source software groups have rejected a proposed technology standard backed by Microsoft Corp. that would close a loophole used to send unsolicited commercial ("spam") e-mail, citing unresolved patent and licensing issues with the standard known as Sender ID.
In recent days both the Apache Software Foundation and the Debian Project said that they will not be able to support the Sender ID e-mail authentication standard in their products. The statements bring into public view a debate that has been roiling for months within the open-source software and Internet standards communities as Microsoft tries to garner support for its nascent standard, while also protecting its intellectual property rights.
As currently proposed, the Sender ID license does not meet the standards that each group holds for software distributed with their products, making it incompatible with open-source products, the groups said. Other open-source groups, including the Free Software Foundation, have also voiced reservations about the Sender ID patents, according to those familiar with the dispute.
Microsoft was unable to immediately comment for this story.
Sender ID is a technology standard that closes loopholes in the current system for sending and receiving e-mail that allow senders, including spammers, to fake, or "spoof," a message's origin. Organizations publish a list of their approved e-mail servers in the DNS (domain name system). That record, referred to as the sender policy framework (SPF) record, is then used to verify the sender of e-mail messages sent to other Internet domains using Sender ID.
Tens of thousands of Internet domains have published SPF records since the standard was introduced by Meng Weng Wong of Pobox.com. In May, Microsoft and Meng reached an agreement to merge SPF with a Microsoft-developed standard called Caller ID to form the new Sender ID standard, which Microsoft submitted to the Internet Engineering Task Force in June for approval.
At the heart of the dispute between Microsoft and the open-source community is language in the Royalty-Free Sender ID Patent License Agreement, which Microsoft requires those using Sender ID technology to sign, according to John Levine, a member of the Internet Research Task Force's Anti-Spam Research Group.
Open-source software advocates are uncomfortable with a prohibition against transferring or "sublicensing" Sender ID licenses to others in the open-source community, and with a requirement that all licensee's contact Microsoft directly to receive a copy of the license, Levine said.