Put Up Or Shut Up Time For Microsoft on Spam

By Larry Seltzer  |  Posted 2004-07-25 Print this article Print

Opinion: Microsoft's patent license could make an IETF Sender-ID standard radioactive to the GNU gang. It doesn't matter if the license is good enough for the IETF, it has to be good enough for everyone.

I wont bother asking you whether youve noticed a lot of spam coming into your e-mail account lately. It would be more interesting to ask if you can notice any real mail. MessageLabs, a mail security service, recently reported that 76 percent of all mail they processed in the month of May was spam. That number keeps going up. If nothing fundamental is done, the number will exceed 90 percent and gradually creep up toward 100 percent. E-mail will become useless. The only really serious effort to do something about the overall problem is currently focused on an IETF standards group called MARID (MTA Authorization Records in DNS). A proposed specification has been written and will be discussed at an IETF meeting in San Diego next week. Microsoft has been a positive force in this process so far and worked with Meng Wong, developer of SPF (Sender Policy Framework), the main standard inspiring the MARID group, to combine it with their Caller ID for E-mail spec and make a better standard.

Theres a problem though: Microsofts claims that it holds patents related to the technology behind Caller ID. Even though it issued a free (as in beer) license to these patents and the Caller ID technology, the license doesnt pass muster with open-source advocates. Richard Stallman himself just chimed in on the MARID mailing list on the subject, declaring that "Microsofts Sender-ID license is directly incompatible with free software regardless of which free software license is used."

Fed up with spam? Read eWEEK.coms special report
Hes right, at least as I read the license. It says that you can implement the spec for free, but you need to make an agreement with them, i.e. directly with Microsoft. You cant just put the code up on a Web site and let anyone else download it and use it. He goes on to say, "In the absence of resistance, Microsoft has a good chance of imposing whatever standards it likes. Let us, therefore, resist it here and now."

I decline to be inspired by this call to action. The free software movement has been notably useless in the fight against spam. The members of the 9/11 commission are going around advocating their reports recommendations saying, "If you dont like them, come up with something better, because something has to be done now." Thats how I feel about SMTP authentication. Nothing useful can be done about spam until some form of SMTP authentication is in place, and I would also argue that RFC2822 authentication—what the Caller ID part of the spec does—is a necessary part of it. If you dont like the spec, come up with something better.

But of course thats not going to happen, so MARID has to be successful. And to be successful it has to be widely accepted and as uncontroversial as possible. Because of this, Microsoft simply has to drop its license conditions and come up with something that even the most extreme open-source advocates can put up with.

Its worth noting that the patent license isnt technically a problem for the IETF. The IETF has lots of standards based on patented technologies, and most large corporations and software companies dont have a problem signing them. But thats not good enough in this case.

Microsoft isnt alone in disliking the GPL. Even advocates of other open-source licenses, BSD in particular, dislike it. Many GPL advocates figure that only their license is "free." I dont agree, and Microsoft certainly doesnt agree, and I dont begrudge them their rights to license their software as they see fit.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog. This isnt the time or place to fight that fight. Whatever value Microsoft sees in the patents, it has to pale in value compared with an effective standard to battle spam. What matters here and now is for that standard to move ahead unimpeded by a political issue that will drown out all the arguments over the true merit.

Microsoft representatives on the MARID working group have said they are working to come up with a response to a request to clarify their intellectual property claims. They cant answer soon enough, but the wrong answer could be bad news for MARID, and thats bad news for everyone.

But think of the potential for a cooperative Microsoft: They could be a major part of a specification that helps to solve perhaps the biggest problem in computing today, and to have that solution accepted even by those who usually spurn anything the company does. Technical issues might remain, but only the unreasonable would reject the solution simply because Microsoft had a hand in it. This would not just be a valuable service to all users on Internet, it would be illustrative.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms Security Center at http://security.eweek.com for security news, views and analysis.
Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page:   More from Larry Seltzer
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel