ietf-mxcomp
[Top] [All Lists]

Re: (DEPLOY) In Support of Sender ID

2004-09-02 11:57:14



J. Trevor Hughes wrote:

Even more has been said about the sub-licensing of Sender ID. While I do acknowledge the concerns of many on this list, we feel that the friction caused by sub-licensing is a worthwhile quid pro quo for the greater value of broad implementation of an authenticated email solution. Again, any attorney acting as counsel for a corporation would seek such terms. They are neither surprising, nor objectionable.


They may not be surprising, but they are objectionable to a significant portion of the people who would be developing and implementing MARID.


I do want to raise one issue that has not been discussed on MARID yet (at least as far as I have seen). The eyes of the world are upon industry at this time and great expectations have been created for authenticated email technologies to emerge quickly and broadly. The Federal Trade Commission recently issued a report to Congress and strongly advocated for authenticated email solutions. They will be holding a workshop on the topic later this fall. Failure to move forward with Sender ID at this juncture will likely put us back at least 6 months and perhaps more. Such a delay will only invite interference from legislators and regulators. I certainly do not think that is in the best interests on anyone!

Not true. SPF is more mature than Sender-ID.


Finally, I want to share a dystopian vision of how things may play out if we fail to move Sender ID forward. Multiple IP-based authentication mechanisms will be a disaster for email. We run the risk of balkanized ISP solutions – and the ensuing demands of multiple protocols on all senders. Not a good result coming out of an effort to create a standard!


This is the most troubling issue that I forsee, I agree. However, I have to wonder why everyone who is pro-Sender-ID doesn't feel it necessary to try to pressure Microsoft into adopting SPF instead. To my mind, there are ZERO hinderences to Microsoft adopting SPF, but there are plenty of hinderences for most everyone else to adopt the encumbered Sender-ID.



I urge the participants on this list to consider the greater good that will be borne from the wide adoption of Sender ID. This is a good tool. The actions of the various parties involved are understandable and reasonable. The license terms are workable and within the scope of IETF standards and history. And it will have a positive effect on our ability to reduce phishing and protect legitimate email.


And I urge Microsoft to consider the greater good and drop their licensing requirements or else adopt SPF instead.