September 28th, 2004
Microsoft and Sender ID: Ready or not, here it comes
It’s only Tuesday, and already I believe I’ve found the scariest quote of the week. In a story regarding the dissolution of an important, Internet Engineering Task Force anti-spam working group (see Catastrophic loss for unencumbered standards), CBSNews.com has a report that quotes Microsoft spokesperson Sean Sundwall as saying that Microsoft company would continue to push its Sender ID e-mail authentication technology regardless of the IETF’s decision and that smaller companies might hesitate without standards but larger ones won’t change their plans. "Once you get a critical mass of people adopting Sender ID, it becomes for the smaller sender critically important they adopt it as well" Sundwall said.
Push Sender ID regardless of the IETF’s decision? Get critical mass? Between Hotmail/MSN,Outlook, Outlook Express, and Exchange Server, few companies have the presence in the e-mail ecosystem or the ability to "push" or make something achieve critical mass that Microsoft does. Smaller companies in particular are very reliant on at least one Microsoft product for their e-mail and their adoption could leave the only e-mail players that can stand in Microsoft’s way — Yahoo, America Online, and Earthlink — with no choice but to go with the flow. The implication of Sundwall’s statements is that Microsoft will do whatever it takes to make Sender ID a de facto standard. In an e-mail exchange early today, Sundwall made the following points in response to my concerns regarding the implications of what he said:
- [My statement as quoted in the CBSNews story] is true whether Sender ID was officially a standard sanctioned by IETF or not. A smaller company is not going to invest the resources to implement a standard unless there is a compelling business reason to do so. If AOL, Microsoft, EarthLink,Yahoo, Comcast, etc., do not implement Sender ID, there would be little reason for smaller ISPs to implement it.
- Sender ID compliance can happen in one of two ways: using the PRA [Purported Responsible Address] check (which is what we will use and encourage others to use) or using [Meng Weng Wong's] Sender Policy Framework (SPF) check, which others have announced they will use. Either is within the Sender ID specification.
- Microsoft does not control Sender ID. The patents you reference have neither been scoped nor granted by the issuing body and we have maintained royalty-free licensing in perpetuity.
But concerns still remain about Microsoft’s patent application and whether or not, if granted, deployment of SPF will result in infringement. Though Sundwall claims that the Microsoft technologies in question will be available on a royalty-free basis in perpetuity, they’re not nearly as unencumbered as open source software or open standards typically are. Nevertheless, if Microsoft succeeds in turning Sender ID as well as PRA into de facto standards, and the U.S. Patent and Trademark Office (USPTO) grants Microsoft a patent or patents for any of the techniques used to authenticate e-mail senders, Microsoft could end up with significant if not total control over the Internet’s e-mail. At least the spam-reduced part of it (the part everyone would want access to).
Earlier this year, Microsoft chairman and chief software architect Bill Gates pitched the company’s work on Sender ID as a rather altruistic effort — something for the greater good of all Internet users — and cited the company’s involvement in an alliance of major e-mail players in the process. But by applying for a patent and placing licensing restrictions on its technology — restrictions that the e-mail community appears to be rejecting — Microsoft’s non-altruistic and non-alliance-like actions speak louder than words. As I’ve said before, as with any vendor, Microsoft is and should be entitled to protect its intellectual property. But the spam situation is a desperate one, and for the greater good of the Internet community, it’s beholden upon all those involved to make sure that intellectual property issues do not stand in the way of progress on this front. If Microsoft is truly interested in the greater good of all Internet users, then it should do to Sender ID what it appears to have just done to its FlexWiki software — open source it, or at the very least, completely unencumber it. If it can’t find it in its heart to do that, then the concerns voiced by the likes of America OnLine and the Apache Foundation, both of whom have been around the block a few times to know better, can’t so easily be dismissed.
