I write as the executive director of the Email Service Provider Coalition
(ESPC). The ESPC is a trade association made up of 54 email service
providers. We estimate that our members provide delivery services to over
250,000 senders in the US alone. And according to Ironport's SenderBase,
our members deliver approximately 12% of all email.
Both in a personal capacity and as a trade association, I write today to
express strong support for Sender ID. The ESPC has been advocating for
authenticated email solutions for almost two years and feel that this is a
critical first step toward more comprehensive solutions to the spam problem.
Last year, the ESPC published a white paper on our vision for authenticated
email (Project Lumos, authored by Hans Peter Brondmo and Margaret Olson).
Within our organization, we have had three corporate attorneys from member
companies review the Microsoft license (I too am an attorney, although not
trained or licensed in patent law). Resoundingly, we have found that the
issues raised within MARID are addressable, or at worst understandable,
given the context of situation. I personally believe that Microsoft is
acting in good faith and in a rational manner and has moved forward with
patent protections as a defensive response to very real risks. (See
http://www.groklaw.net/article.php?story=20040901004705872 for a decent
discussion on the reasoning behind a defensive patent claim on an otherwise
"free" license.)
Based on our review, the license terms have been deemed acceptable. The
fact that pending patent claims are present is nothing new to the IETF.
Many RFCs have gone forward with IPR claims. The issue should then distill
to whether the license presented is consistent with IETF standards. I
believe that Microsoft has complied with, and indeed exceeded, the
standards. The IETF has been notified of the IPR claims and royalty-free,
non-discriminatory license terms have been offered. What more is required?
Much has been made of the fact that the pending patent content has not been
disclosed. While this may be disconcerting to some, it represents a
balanced strategy to protect against predatory claims downstream. A patent
application is the first time that a company exposes proprietary
information. Any attorney representing a corporation would counsel against
disclosure of the patent at this stage in the process. Suggestions that
this inappropriate (particularly from attorneys) fail to recognize the risks
associated with disclosure of the patent content.
Even more has been said about the sub-licensing of Sender ID. While I do
acknowledge the concerns of many on this list, we feel that the friction
caused by sub-licensing is a worthwhile quid pro quo for the greater value
of broad implementation of an authenticated email solution. Again, any
attorney acting as counsel for a corporation would seek such terms. They
are neither surprising, nor objectionable.
I do want to raise one issue that has not been discussed on MARID yet (at
least as far as I have seen). The eyes of the world are upon industry at
this time and great expectations have been created for authenticated email
technologies to emerge quickly and broadly. The Federal Trade Commission
recently issued a report to Congress and strongly advocated for
authenticated email solutions. They will be holding a workshop on the topic
later this fall. Failure to move forward with Sender ID at this juncture
will likely put us back at least 6 months and perhaps more. Such a delay
will only invite interference from legislators and regulators. I certainly
do not think that is in the best interests on anyone!
Finally, I want to share a dystopian vision of how things may play out if we
fail to move Sender ID forward. Multiple IP-based authentication mechanisms
will be a disaster for email. We run the risk of balkanized ISP solutions -
and the ensuing demands of multiple protocols on all senders. Not a good
result coming out of an effort to create a standard!
I urge the participants on this list to consider the greater good that will
be borne from the wide adoption of Sender ID. This is a good tool. The
actions of the various parties involved are understandable and reasonable.
The license terms are workable and within the scope of IETF standards and
history. And it will have a positive effect on our ability to reduce
phishing and protect legitimate email.
J. Trevor Hughes
Executive Director
NAI
207 351 1500 (o)
207 351 1501 (f)
<mailto:thughes(_at_)networkadvertising(_dot_)org>
thughes(_at_)networkadvertising(_dot_)org