I'd like to quote parts of FAQ/comments on their page that concerns SID:
[http://www.microsoft.com/interop/osp/default.mspx]:
----------------------------------------------------------------------------
Frequently Asked Questions
...
Q: Is this Promise consistent with open source licensing, namely the GPL?
And can anyone implement the specification(s) without any concerns about
Microsoft patents?
A: The Open Specification Promise is a simple and clear way to assure that
the broadest audience of developers and customers working with commercial
or open source software can implement the covered specification(s). We
leave it to those implementing these technologies to understand the legal
environments in which they operate. This includes people operating in a
GPL environment. Because the General Public License (GPL) is not
universally interpreted the same way by everyone, we canâ??t give anyone a
legal opinion about how our language relates to the GPL or other OSS
licenses, but based on feedback from the open source community we believe
that a broad audience of developers can implement the specification(s).
SECURITY TECHNOLOGIES
Q: Why are putting Sender ID under the OSP now?
A: In September of this year, Microsoft announced a new approach to the
availability of open specifications. At the time we announced the
application of the Open Specification Promise to 38 Web services
specifications and earlier this month we expanded it to include the
Virtual Hard Disk Image Format specification. At this point, we think we
can promote further industry interoperability among all commercial
software solutions that utilize email authentication, including open
source solutions by making Sender ID more clearly available to the entire
internet ecosystem including customers, partners, ISPs, registrars and the
developer community. This approach complements Microsoft's broader
commitment to combat the spread of spam, phishing, malware and other
exploits in email, as well as interoperability, which we achieve in part
through enabling access to our technology.
Q: Are you making Sender ID available under the OSP because you received
so much criticism for your original licensing approach to the spec?
A: We recognize that there are lingering questions from some members of
the development community about Microsoft's licensing terms and how
those terms may affect developers ability to implement Sender ID. It is
important to note that great progress has already been made on email
authentication worldwide with more than 5 million domain holders adopting
Sender ID as a best practice today. Sender ID helps protect brands, reduce
spam, and counter email exploits. The OSP is a simple, clear way to
reassure a broad audience of developers and customers that any Microsoft
patents ever needed to implement all or part of the specification could be
used for free, easily, now and forever.
Q: What's the significance of the OSP for Sender ID?
A: By extending the OSP to the Sender ID format, Microsoft will help the
industry combat e-mail spoofing and phishing by fostering greater
interoperability among all commercial software solutions for email
authentication, including open source-based solutions. Implementers of the
Sender ID Framework will not need to be concerned about signing a license
in order to implement the anti-spoofing and anti-phishing technology. This
approach also complements Microsoft's broader commitment to
interoperability, which we achieve in part through enabling access to
our technology.
* Microsoft is committed to working with the IT industry and businesses to
help protect consumers and businesses from the blight of online threats.
The Sender ID Framework is an e-mail authentication specification that
helps address domain spoofing â?? a common tactic used for the spread of
spam, phishing, malware and other exploits in email â?? by verifying the
domain name from which an e-mail is sent.¢
* After nearly two years of worldwide deployment to over 600 million
users, Sender ID already enjoys broad industry support, with approximately
36% of all legitimate email sent worldwide Sender ID compliant and an
estimated 5.5 million domains worldwide protected by Sender ID. Adoption
of the Fortune 500 has increased from 7% a year ago to over 23% today
* Email authentication and the ability of validating the identity has
become critical in the face of the increase sophistication and online
threats being propagated. With Sender ID senders and receiving networks
are afforded an additional layer of safety and security from these
exploits.¢
* Sender ID provides significant business value at no cost and impact to
performance. Today business throughout the world are realizing enhanced
brand and user protection while realizing improved deliverability of
legitimate email. With the addition of Sender ID and the sender's
reputation, false positive are able to be reduced to nearly zero while
false negatives being reduced by over 80%.
Q: Where can I download the Sender ID specifications?
A:
RFC 4406 - Sender ID: Authenticating E-Mail
RFC 4408 - Sender Policy Framework: Authorizing Use of Domains in "Mail From"
RFC 4407 - Purported Responsible Address in E-Mail Messages
RFC 4405 - SMTP Service Extension for Indicating the Responsible Submitter
of an E-Mail Message
...
Feedback From Representatives of the Community
...
SECURITY TECHNOLOGIES
"E-mail security is critical to safeguarding consumer confidence online.
It's important that the entire community adopt interoperable,
easy-to-implement and low-cost platforms to encourage broad adoption of
tools to combat e-mail spoofing and phishing scams. We commend Microsoft
in its effort to foster improved industry cooperation."
Ramesh Lakshmi Ratan
Executive Vice President and Chief Operating Officer
Direct Marketing Association (DMA)
"The ESPC members have long recognized the need for strong spam
solutions that help ensure the delivery of legitimate e-mail, and we
welcome Microsoftâ??s announcement today as another positive step for the
delivery of safe and authentic e-mails."
Trevor Hughes
Executive Director
Email Sender & Provider Coalition (ESPC)
"As a leading Internet gateway security provider, we are interested in
seeing the best anti-spam products get to market to improve trust and
confidence in e-mail. Moving the Sender ID specification under the OSP is
an important move by Microsoft, and we hope it will result in widespread
adoption across the industry."
Patrick Peterson
Vice President, Technology
IronPort Systems Inc.
"Sender authentication technologies like Sender ID are important tools
that help ensure e-mail security, and by making Sender ID available under
the OSP, Microsoft is addressing the interoperability needs of
heterogeneous e-mail infrastructures. We're pleased to see this
development and believe it's a positive step in the fight against
spoofing, phishing and other categories of unwanted messaging"
Eric Allman
Chief Science Officer
Sendmail Inc.
-------
Sender Policy Framework: http://www.openspf.org/
Archives at http://archives.listbox.com/spf-discuss/current/
To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to http://v2.listbox.com/member/?listname=spf-discuss(_at_)v2(_dot_)listbox(_dot_)com