The group working on a standard designed to help slow the onslaught of spam imploded last week amid intellectual property issues and in-fighting, but the co-author of the specification says he will introduce a new one shortly that he hopes will sidestep such issues.
The MTA Authorization Records in DNS (MARID) working group at the IETF was abruptly terminated last week along with its standards work on the Sender ID protocol, which was designed to curb spam and phishing attacks by validating e-mail senders.
The Sender ID draft technical specification combined Microsoft Corp.’s Caller ID technology and the Sender Policy Framework (SPF), authored by Meng Weng Wong, the founder of Pobox.com.
Wong says he has written and is already testing a new specification called Unified SPF designed to solve the disagreements that doomed MARID.
“In the working group, people couldn’t agree on the most basic things,” Wong says. “We had to come up with an agreement on what (sender) ID to check.”
In a posting to the working group’s mailing list last week, Ted Hardie, applications area director at the IETF, backed Wong’s assessment of the deadlock within the group and said “the working group participants have had fundamental disagreements.”
Wong says the working group polarized into three camps, each dedicated to their own ID proposal and unwilling to compromise. Two of the proposals, the “HELO domain” and “return path,” refer to technology that is part of the SMTP envelope included in every e-mail. The third was Microsoft’s “purported responsible address” (PRA), which refers to technology that would be part of the e-mail header.
Wong says his new Unified SPF will support all three proposals. “As soon as I can I will publish Unified SPF, and hopefully we will get a Phoenix to rise from these ashes. I am going to try to satisfy Microsoft’s desires while also satisfying everyone else’s,” he says.
Trouble with Sender ID began a few weeks ago over Microsoft’s licensing requirements for its patent pending PRA algorithms used within Sender ID to validate a user.
Open source advocates say the royalty-free license was incompatible with their own licensing formats.
The controversy seemed to be eliminated last week when Andrew Newton, co-chair of the working group, sent an e-mail to the group’s mailing list saying Sender ID would provide extensions for “non-encumbered” algorithms and saying the group hoped to have a new schedule to proceed as soon as possible. Just more than a week later that schedule was no longer needed, as the working group was shut down.
Meanwhile, Wong’s Unified SPF was already written when the working group was active, but he says co-chairs Newton and Marshall Rose asked him not to introduce it because there were already so many proposals before the group.
Newton says he had no comment beyond the formal statement issued by the working group. The statement encouraged developers of similar e-mail validation protocols to test their specifications in the real world to provide a testing ground for what will work and what won’t.
“Now that the working group no longer exists, I will move ahead with Unified SPF,” Wong says.
Microsoft declined to comment, but a source close to the company says it views the working group’s demise as a way for the industry to test technologies that Microsoft thinks will ultimately lead to a solution to curb spam and phishing.
Dave Crocker, principal at consulting firm Brandenburg InternetWorking and a participant in the disbanded working group, says he will continue his work on Client SMTP Validation, which is before the IETF.
“This thing is not dead, but this particular activity is off the standards track,” he says.