Microsofts efforts to jump on the SMTP authentication train have hit a new roadblock. The companys publication of a patent application has started a fresh controvery with the IETFs MARID working group, which is trying to formulate e-mail authentication standards.
According to participants in the working group, the patent appears to cover technologies in the older SPF (Sender Policy Framework) standard, which was developed by others prior to the date of the patent application and is already widely deployed.
At issue is authentication of the mail-from value from the SMTP envelope, described by the RFC 2821 standard. Most of the MARID (MTA Authorization Records in DNS) discussions centered around other mail addresses in the headers, described by RFC 2822.
In recent discussions of the working group, a Microsoft participant named as an inventor in the patent indicated that SPF was not covered by the patent claims. The denial may have only applied to specific implementation details.
The application was filed Oct. 10, 2003. Meng Wong, the author of SPF, published proposals for repudiating mail based on the mail-from value in June 2003. An even earlier proposal dates to June 2002.
Legal encumbrance on the use of mail-from could upset many industry plans. Ironically, AOL recently announced that it will not implement Sender ID in part due to legal concerns about the standard. There are also many free, open-source implementations of SPF.
Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page