At 05:32 PM 3/4/2005 +0100, you wrote:
Wearing my "Council Member" hat...
> At this point, I fear Microsoft will yet again take over what is a very
> important area of the internet and I would really hate for that to
> happen.
I repeat: I don't see this happening. These are the facts: Microsoft is
using SPFv1 records for Sender-ID. This is technically wrong, but they
are doing it nonetheless. And they even have the bigger public relations
machinery. But all that does not change the slightest bit of the fact
that there exist virtually _no_ "Sender-ID" records (whatever those
records are supposed to look like). Practically all those IP-based sender
authentication records out there are SPFv1 records.
Of course this might change in the future if Microsoft lobbies the
industry hard enough, but that is going to be a hell of a job for them,
especially as far as open-source software vendors are concerned. Remember
that Sender-ID is patented. Remember also that nearly all MTAs with a
significant installed base are open-source. Also, if you enter "v=spf1"
records into your DNS configuration, which specification are you going to
follow, "SPF v1" or "Sender-ID"?
I sure hope you are right. There is certainly plenty of precedent. IBM
failed to derail Ethernet, and failed to get control of the ISA
bus. Microsoft, however, has been much more successful at monopoly
strategies. They may not be able to derail SPF, but they have certainly
set it back a few months, enough time for SenderID to catch up. That seems
to me the real purpose of the patent. I can't imagine them actually trying
to get license royalties from such indefensible claims. The only thing new
is a fancy algorithm to determine the message-from address.
Look, people, we have to accept that Microsoft _does_ have the bigger PR
machinery. Our only chance to win this "war" is to stay open, sincere,
consistent, and technically sound. Then people, especially mail admins,
are going to listen to us.
What else are we supposed to do?
Come up with a proposed standard, in addition to the proposals we have now,
but covering just the few items needed for the different methods to work
together. There won't be much to that standard technically, but it will
allow the IETF to say, OK that's a standard with nothing
controversial. Announcement of that standard should break the current
logjam, and allow each side to implement the details however they like.
Spamnix won't add domain names to their filter until there are some good
domain-rating lists available. SpamCop won't put together a domain-rating
list until Spamnix and others can use them. Neither Spamnix nor SpamCop
are hearing from their customers (ISPs and email recipients) that they want
to use domain ratings. ISPs have plenty of incentive, as domain ratings
will improve their filtering of incoming spam. But they have no clear
message on where to begin.
This squabble over standards is the biggest log in the jam. The pressure
is building, however. I think a small nudge might just break it loose.
-- Dave
************************************************************* *
* David MacQuigg, PhD * email: dmq'at'gci-net.com * *
* IC Design Engineer * phone: USA 520-721-4583 * * *
* Analog Design Methodologies * * *
* * 9320 East Mikelyn Lane * * *
* VRS Consulting, P.C. * Tucson, Arizona 85710 *
************************************************************* *