Sender ID Rises From the Dead, Spooky Patent and All

Opinion: PRA: Trick or treat? It sure looked like all the bridges had been burned, but if the big cheeses in the industry get behind it, Sender ID may be the only realistic game in town.

Its only a little over a month since the collapse of the MARID working group and the apparent death of the Sender ID specification on which it had focused.

But now, from the secret workings of Microsoft and Meng Wong (playing here the role of Victor von Frankenstein), a stitched-up version of the spec has emerged, good enough to make AOL happy. It attaches the ancient (circa 2003) SPF Version 1 syntax to the new Microsoft PRA capabilities using the classic SPF DNS records.

Like a dagger through the head of open sourcedom, this new proposal has many recoiling in horror and calling for Mengs head. He has done the unthinkable, to bring Microsoft back into the process.

To recount a couple essential facts, large parts of the MARID community went ape a few months ago when Microsoft announced that it had made intellectual property claims on parts of the proposed Sender ID specification. It turned out that the relevant area was in the determination of the "purportedly responsible address," or PRA, and the patent application is actually, arguably, a lot more aggressive than that.

28571.gif

Microsofts claims were actually within the bounds of what is permissible for an IETF standard, but they were a poison pill for most open-source licenses. This, combined with some actual technical criticism of Sender ID, caused the group leadership to throw in the towel and send everyone back to the drawing board.

But none of the licensing nonsense changed one important fact that Sender ID had going for it: It had a sporting chance to get the backing of most, if not all of the major ISPs and mail providers. Any standard that has this kind of backing has a good chance of creating, to use a diplomatic term, facts on the ground. With so many people using Sender ID, smaller organizations and ISPs might have to provide support or their users mail wont authenticate, and would be at a disadvantage.

This scenario became much more plausible when AOL signed up for Sender ID. Wong and Microsoft addressed some of those technical points to assuage AOL, and one has to assume some other objectors are now open to accepting Sender ID.

Next page: Who will set the standards?