Hats-off to Microsoft for finally freeing Sender ID! Spammers, take cover

Hats-off to Microsoft for finally freeing Sender ID! Spammers, take cover

Summary: Although it didn't open source the technology and there's no word on whether the open community will embrace it (after originally turning tail and running from it years ago), Microsoft has taken a bold and welcome step by changing the terms of availability for its Sender ID anti-spam technology to something that's less encumbered than the prior terms and that's more developer-friendly.

SHARE:
TOPICS: Tech Industry
4

Although it didn't open source the technology and there's no word on whether the open community will embrace it (after originally turning tail and running from it years ago), Microsoft has taken a bold and welcome step by changing the terms of availability for its Sender ID anti-spam technology to something that's less encumbered than the prior terms and that's more developer-friendly. According to IDG News Service's Elizabeth Montalbano:

Sender ID, an e-mail specification for detecting when an e-mail address is being spoofed to send spam, can now be used as a basis for new technology by anyone under Microsoft's Open Specification Promise (OSP), said Jason Matusow, senior director of interoperability for Microsoft

Through the OSP, published in September, Microsoft promised it would not take any patent-enforcement action against people that want to use specifications on a list of Web services technologies for which it has patents. Now Sender ID has been added to the list of specifications that are freely available for use, he said.

Without getting too deep into the nerdy details, the technology in question is one that can help e-mail systems determine whether or not the sender of an e-mail is really who they say they are. While such systems that authenticate senders are not a silver bullet to ending spam (nothing is), authenticating senders is widely believed to not only be one of many techniques that can establish with confidence that a certain email is or isn't spam, it's also a foundational block on which other anti-spam systems (eg: sender reputation management systems) can be built. In combination or layers, multiple anti-spam standards could probably weed about 90 percent of the spam out of the Internet. 

Although Sender ID has been around for a while and it was at one point being investigated as part of a possible Internet standard by a special research arm of the Internet Engineering Task Force (IETF), it never lived up to its potential after Microsoft announced that it wasn't contributing its technology to the open community on a completely unencumbered basis. Although Microsoft wasn't going to charge royalties to developers who included the technology in their products, it did require something called privity: all licensees had to execute their own license agreement with Microsoft. The move prevented open source developers from gaining access to the technology since open source is largely based on a culture of sub-licensing where developers can essentially pass a license around without ever having to go back to the original licensor.  

Now that Sender ID is a part of Microsoft's OSP program, the privity requirement is lifted which in turn paves the way for sub-licensing and usage by open source developers. Under the OSP, developers are even allowed partial implementations (sometimes referred to as derivative works). That's because the intellectual property in question has more to do with a patent and not copyrighted code. Patents can be implemented in code or with vegetables as far as anyone is concerned. Therefore, opening up patents for use can sometimes provide far greater flexibility to developers than can opening up access to specific chunks of source code.

As someone who has attempted to bring the industry together on multiple occasions in an effort to fight spam, encumbering Sender ID is something that I have long given Microsoft a very hard time about (here in this space). Big kudos go to Microsoft and whoever inside of it was responsible for this breakthrough. Thank you for letting Sender ID go.

Topic: Tech Industry

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

4 comments
Log in or register to join the discussion
  • Don't let the kool-aid go to your head.

    SenderID is already being analysed by spammers to exploit to further their profiteering.

    If it really was that secure, would MS have "set it free" without trying to profit for themselves?
    Mr. Roboto
    • Make sure you sleep with your tinfoil hat on...

      Of course, how could we ever imagine that the evil Microsoft would ever do something for the community
      asultan
  • I doubt sender ID will be as effective as we would like

    From my discussions with ISPs the majority of Spam comes via legitimate means by rogue ISPs who reap lots of money for sending the Spam on to the Net. Unless you are going to convict every dishonest ISP who does this, and I'll bet there are hundreds if not thousands, then sender ID won't be very effective because the sender ID is real.

    And as with all Net criminals, they are here today and gone tomorrow. As soon as they believe the authorities are about to appear, they close up shop, move a block away and open up under a new assumed name and start the same old Spamming or Phishing routine. As long as you have criminals within the Net system you're gonna be hard pressed to slow Spam and other Net crimes IMO. Having experience with sender ID for some time now, this has been my experience.
    BeGoneFool
    • Just a part of the solution

      The IETF looked at combining SenderID with SPF to get even better authentication. This can now happen. Both sID and SPF have their weaknesses, but those are mutually exclusive, so the standards are complimentary and reinforce each other. Lets see how BOTH of these technologies TOGETHER will fight spam.
      Roger Ramjet