Microsoft Patent Could Hamper E-Mail Authentication Group

The claims of a patent at the center of the Sender-ID licensing debate appear broad enough to reach SPF and potentially undermine efforts to keep standards efforts alive, experts say.

With intellectual property issues already causing defections from its Sender ID proposal, Microsoft Corp. is sparking fresh concerns that IP could even undermine alternatives.

This time, a Microsoft patent made public Thursday appears to be broad enough to cover not only methods of the authentication algorithms for which Microsoft wants licensing but also the SPF (Sender Policy Framework) method being touted as a patent-free alternative, according to legal experts and participants in the e-mail authentication working group.

While legal interpretations of the proposed patent will vary, at least one of its claims, if not more, seems to describe broad Internet Protocol-based authentication methods that would put SPF and other mechanisms in its crosshairs, said Anne Mitchell, president and CEO of the Institute for Spam and Internet Public Policy.

"I certainly believe that there is great cause for concern given some of the claims," said Mitchell, also a professor of law at the Lincoln Law School of San Jose.

/zimages/6/28571.gifAOL has dumped Microsofts Sender ID standard and instead will implement SPF. Click here to read more.

The U.S Patent and Trademark Office published the Microsoft patent application, which still must undergo a patent examination before being granted. Microsoft had previously disclosed the patents existence to the Internet Engineering Task Force, whose MARID (MTA Authorization Records in DNS) working group has been considering Sender ID, but the publication marked the first disclosure of the patents contents.

MARID last week largely abandoned Microsofts original Sender ID proposal and has been considering a hybrid approach that would support multiple authentication algorithms. The co-chairs have proposed a specification that supports both Microsofts PRA (Purportedly Responsible Address) algorithm, with its royalty-free license, and another without patent issues based on SPF.

/zimages/6/28571.gifClick here to read more about MARIDs compromise efforts.

Some MARID participants, though, worry that the latest patent could hurt those compromise efforts and extend the intellectual property fracas to SPF. A series of e-mail exchanges on the MARID e-mail discussion group shared varying interpretations but largely expressed concerns that SPF could be affected.

The patent has the potential to derail the working groups latest work to keep an altered Sender ID and e-mail authentication standard alive, Mitchell said.

"If SPF is encumbered by Microsoft then that means a couple things," Mitchell said. "It could mean they have to ditch everything or [that] Microsoft ends up owning authentication anyway."

Microsoft spokesman Sean Sundwall said because the patent is still under review, the company could not comment on whether it covers SPF or any other specifications. But he cautioned against speculation and noted that the patent was filed in October 2003 before the current incarnations of Sender ID and SPF.

"Its complicated, and were just not in position where we could speculate on what the patent is supposed to include," Sundwall said. "And any patent, especially when its published, is scrutinized publicly and more times than not its scrutinized inappropriately."

Asked why Microsoft previously disclosed that the patent could cover PFA, he said that disclosure was required as part of the IETF process for its original Sender ID proposal, which included PFA.

/zimages/6/28571.gifCheck out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at Security Center Editor Larry Seltzers Weblog.


Be sure to add our Security news feed to your RSS newsreader or My Yahoo page