I suggest strongly that everybody who is interested in this thing should really
pick those Microsoft patent applications apart very finely. Do it like you were
trying to understand an uncommented computer program. Identify each term, pin
down it's definition, work through the logic.
Why? Because: 1. It appears, based on their statements so far, as though the
MS folks themselves may not understand what is really in these applications.
(This would not really surprise me. Suits have a strong habit of not paying
attention to detail. It's certainly true outside of MS. Why not inside?) 2. It
is not clear to me that PRA is actually covered in what I have read so far. (I
haven't read the preceeding application yet.) 3. SPF classic may be covered,
but a lot is going to hang on the meaning of one or two words. In particular,
it will hang on the meaning of those words in the particular context of these
patent applications.
For instance, it appears to me that the phrase "network address" in this context
means a low level address such as an IP address and not a higher level construct
such as an email address, URL or fqdn.
The context of this application appears to be that the inventor was primarily
concerned with verifying network addresses (the whole first 21 claims), not with
verifying domain names. It appears almost accidental (to me) that the language
of claim 22 includes something very similar to SPF. In the claims where a PRA
like mechanism is described, the aim of the PRA like algorithm is clearly stated
as finding a network address, not as finding a purported sending domain.
In claim 22, the clause, "an act of examining a plurality of parameter values of
the electronic message to attempt to identify an actual sending side network
address corresponding to a sending computer system;" is curious to me. I
thought in SPC Classic, there was no need to hunt for an IP address, no thought
that the IP address might not be trustworthy. In SPF classic, we assume that
the IP address from the TCP transaction is trustworty. It is the only truely
trustworthy thing about the whole email transaction and the success of SPF
Classic hangs on its trustworthyness. So why is this patent application
troubling with hunting for an "actual sending side network address"? Maybe the
inventor really didn't have what we call SPF Classic in mind. Maybe he didn't
really invent it.
Assuming for the moment that the suits had one idea right, Microsoft, so far,
has made no statement that they believe this application or any other that they
are aware of covers SPF classic. When the question has been put to them, they
have not answered directly, but always in a fairly obtuse way that implied they
did not think SPF Classic is covered. Perhaps the inventors themselves do not
believe they invented SPF Classic. That would be pretty important in a legal
battle, but they could change their story.
According to patent law (as best I understand it, which ain't none too good), if
it isn't disclosed in these, or other patent applications, then the inventor has
failed to meet the requirements of patentability. Even better from the open
source point of view, if he did invent it, but did not disclose it properly, it
may make the idea ultimately unpatentable, by anybody, at least anybody who has
not already filed a prior claim.
I need to go through the description now to see if any of the preferred
embodiments include SPF Classic, or, for that matter PRA. If they do not, it
will be harder for MS to argue that the inventors really did realize that they
had invented them.
Another argument from patent law is that a patent is only supposed to contina
one invention. There may be different embodiments and elaborations of the
invention, but it is still supposed to be only one. Whoever wrote this
application thought there was only one invention. How do PRA as we understood
it to this time, and SPF Classic fit in one invention with an anti IP address
spoofing mechanism? Seems a stretch to me, but it didn't to the authors of the
application. Perhaps they simply did not intend to describe what they have
ended up describing. It matters, because if they did not, then they can not
claim to have invented it.
I can't say I will be happy to be shown the error of my ways, but I am open to
it.
Mark Holm
mdholm(_at_)telerama(_dot_)com