Open sourcers revolt against Microsoft antispam plan

Two prominent open-source software groups have rejected a proposed technology standard backed by Microsoft that would close a loophole used to send unsolicited commercial ("spam") e-mail, citing unresolved patent and licensing issues with the standard known as Sender ID.

In recent days both the Apache Software Foundation and the Debian Project said that they will not be able to support the Sender ID e-mail authentication standard in their products. The statements bring into public view a debate that has been roiling for months within the open-source software and Internet standards communities as Microsoft tries to garner support for its nascent standard, while also protecting its intellectual property rights.

As currently proposed, the Sender ID license does not meet the standards that each group holds for software distributed with their products, making it incompatible with open-source products, the groups said. Other open-source groups, including the Free Software Foundation, have also voiced reservations about the Sender ID patents, according to those familiar with the dispute.

Microsoft was unable to immediately comment for this story.

Sender ID is a technology standard that closes loopholes in the current system for sending and receiving e-mail that allow senders, including spammers, to fake, or "spoof," a message's origin. Organizations publish a list of their approved e-mail servers in the DNS (domain name system). That record, referred to as the sender policy framework (SPF) record, is then used to verify the sender of e-mail messages sent to other Internet domains using Sender ID.

Tens of thousands of Internet domains have published SPF records since the standard was introduced by Meng Weng Wong of In May, Microsoft and Meng reached an agreement to merge SPF with a Microsoft-developed standard called Caller ID to form the new Sender ID standard, which Microsoft submitted to the Internet Engineering Task Force in June for approval.

At the heart of the dispute between Microsoft and the open-source community is language in the Royalty-Free Sender ID Patent License Agreement, which Microsoft requires those using Sender ID technology to sign, according to John Levine, a member of the Internet Research Task Force's Anti-Spam Research Group.

Open-source software advocates are uncomfortable with a prohibition against transferring or "sublicensing" Sender ID licenses to others in the open-source community, and with a requirement that all licensee's contact Microsoft directly to receive a copy of the license, Levine said.

The right to transfer and sublicense technology is common within the open-source community and is perceived as a key component , which relies on the contributions of labor and expertise from thousands of developers, who in exchange have unencumbered access to and use of open-source software. In contrast, Microsoft's license for Sender ID treats recipients of the license like "end users" who have limited rights, according to a copy of an e-mail to Microsoft from Lawrence Rosen, general counsel of the Open Source Initiative, that was posted by the Apache Software Foundation on its Web site Friday. The e-mail is available at

In a statement issued to the Internet Engineering Task Force (IETF) and published online Saturday, the Debian Project said that the inability to freely distribute, modify and use the Sender ID technology violates the Debian Free Software Guidelines, preventing that group from distributing Sender ID with any Debian software, or even supporting Sender ID.

Beyond the dispute about sublicensing, open-source software groups are also suspicious of Microsoft's refusal to say what pending patents the company has around the Sender ID technology. Without information on what technology Microsoft is claiming patents on, open-source groups are wary about implementing Sender ID for fear that Microsoft's patents, when finally disclosed and then granted, will be broad, according to the Apache Software Foundation.

The concerns over patent language in Sender ID are not new. Legal and technology experts raised similar questions about a licensing agreement for the Caller ID authentication standard when it was unveiled by Microsoft in March. Despite those concerns, Microsoft essentially used the same language for its Sender ID technology when it announced that merged standard in May, Levine said.

The IETF's MTA Authorization Records in DNS (MARID) group, which is reviewing sender authentication proposals, including Sender ID, declined to comment on the dispute over Sender ID, citing the sensitive nature of the group's work, according to an e-mail statement from Andrew Newton, co-chair of MARID.

However, the breakdown between leading open-source groups and Microsoft may slow the momentum behind Sender ID adoption, which Microsoft has been aggressively pushing in recent months at company-sponsored meetings with leading Internet service providers and e-mail technology vendors.

Patent disagreements aside, the Sender ID technology has not proven to be as popular or as effective at stopping spam as some had hoped, Levine said.

A recent survey conducted by e-mail security company CipherTrust found that only about 5 percent of inbound e-mail comes from domains that have published SPF records, a component of the Sender ID system. Of the 3 percent to 5 percent of mail that does come from an e-mail domain with a valid SPF record, more is spam than legitimate e-mail, CipherTrust's survey showed.

With only middling performance in spotting spam and a host of legal concerns surrounding it, Sender ID may fall by the wayside, as companies look with increasing interest at competing standards, such as DomainKeys, a sender authentication standard backed by Yahoo, Levine said.

"People are saying why jump through hoops and sell our soul to Microsoft for technology that's not that great, even when it is deployed," he said.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Paul Roberts

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?