Open-Source Community Skeptical About Microsofts Sender ID License

Sender ID's license is making it impossible for open-source programmers to use it in their e-mail applications.

Microsoft this month is moving forward with the developer implementation of its anti-spam Sender ID framework, but open-source advocates and mail vendors doubt whether the software giants new proposed license meets open-source requirements.

Sender ID is a proposed IETF (Internet Engineering Task Force) e-mail standard that combines Microsofts earlier Caller ID proposal with SPF (Sender Policy Framework), which was developed by Meng Weng Wong, founder of IC Group Inc.s Sender ID is meant to stop many spam, virus and phishing attacks before they are launched by inspecting e-mail at the SMTP level to ensure that messages are actually coming from real users at recognized mail domains.

Sender ID has already gained market support. Both ISPs, such as AOL, and mail software and support companies, such as Cloudmark Inc. and Tumbleweed Communications Corp., have announced support for it. Microsoft has also announced that it will start using Sender ID for inbound e-mail to its, and domains in October.

Despite this groundswell of commercial support, Microsofts licensing requirements are incompatible with many open-source licenses, according to experts. This, in turn, means that Sender ID couldnt be implemented in open-source mail applications.

Richi Jennings, lead analyst for Ferris Research Inc., explained that Microsoft insists that anyone who implements the proposed standard "agree to their licensing requirements, since that standard will be in part based on their contributed IP."

He continued: "The license appears to be incompatible with usual open-source practice, for several reasons. The most important one is that it precludes the use of GPL [General Public License] open-source license styles for any implementation, because your IP rights are not transferable to people who take your code and modify it, [and] your IP rights can only be used to implement this standard, nothing else. So you cant study how it works and adapt it."

Lawrence Rosen, a partner in the law firm Rosenlaw & Einschlag and author of "Open Source Licensing: Software Freedom and Intellectual Property Law," said he has "explained to Microsoft that their license is expressly incompatible with the warranty of provenance in the Academic Free License and the Open Software License."

Specifically, he said, "the nontransferable, non-sublicenseable language in their reciprocal patent license imposes an impossible administrative burden on the open-source development community and, in essence, creates additional downstream patent licenses that will be incompatible with the AFL/OSL and similar open-source licenses, and with the open-source development process."

Rosen added that some issues go beyond just open-source concerns. "The requirement that If you would like a license from Microsoft (e.g., rebrand, redistribute), you need to contact Microsoft directly gives Microsoft information about its competitors plans that it has no reason to know."

In addition, he said, "No open-source license—and all of them allow rebranding and distribution—can be conditioned on informing Microsoft of anything at all. Other proposed licenses have been rejected by OSI [Open Source Initiative] and FSF [Free Software Foundation] because they required licensees to notify the licensor of their intentions."

Next page: A compromise may be possible.