FSF & OSI Speak out Against Sender-ID License

NW writes "As a followup to yesterday story, Eben Moglen of FSF and Larry Rosen of OSI have publically spoken out against Microsoft's Sender-ID license calling it incompatible with the GPL and Open Source. A related eWeek story also covers this and includes the following quote from Eric Allman, the author of Sendmail: "It's pretty clear that it's going to take an act of whatever deity Microsoft worships in order to get them to back down on the sublicensing issue. They made it absolutely clear to us that they were not even going to consider changing this, and the legal folks made it further clear that they would rather see Sender ID die than back down.""

Re:Fine by me.

[GOD_ALMIGHTY]

Second that... Either they release an RFC implimentable by OSS, or it doesn't get used.

Didn't MS learn this lesson back in '95 with Blackbird?

Re:Fine by me.

[walt-sjc]

Sender-ID can incorporate SPF. It isn't a one or the other battle.

I've read through the ietf archives, and the big issues are that the license seems OK on the surface, but the details of exactly what is patented is very unclear AND The requirement that implementors and distributers get a license, even if it's free, is a huge burden. Imagine if this kind of thing happened with all the standards? A company like redhat would need to get thousands of licenses from thousands of companies. Debian would be impossible. Open source would die.

The end result is that SenderID will be mostly useless because it will not get critical mass adoption. ISP's rely heavily on opensource software. If opensource mail software does not support SenderID, only a small fraction of the world will adopt it.

Re:Fight back

[Xentax]

"No Microsoft" is still "Not Free".

This is one of those moments where you have to reflect on what TRULY free TRULY means.

For example, Free Speech means you can say something that I absolutely, 100% disagree with, or even despise you as a person for, yet you are acting within the law (whether I is joe citizen or the US government).

Or, as has been mis-attributed to Voltaire a few times, "I disapprove of what you say, but I will defend to the death your right to say it".

If you truly believe your software, or ALL software should be free, that means ANYONE, including Microsoft, MUST be allowed to use it (within the terms of the particular "Free-compatible" license, of course).

I wouldn't expect to see MS modifying and sharing any GPL code anytime soon, but they have used BSD code in the past, and I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).

You can't pick and choose and still call it 'Free'.

I recognize your knee-jerk tag - so just consider this the second part of a knee-jerk chain reaction :)

Xentax

Who cares...

[qtp]

As long as Microsoft is incorporating SPF [pobox.com] into their solution, then it doesn't really matter if few providers use SenderID (as long SPF is widely adopted).

SPF provides the means to eliminate the most egregious spammers by eliminating all emails with forged headers and providing a means to ensure that the sender is complying with the rules set by their ISP. It is simple to implement because it uses already existing features of SMTP and DNS to operate, and it does not need to be adopted "all at once" by every ISP, as it does not interupt mail being sent to/from non-participating ISPs until the provider using it makes that decision themselves. It is also possible for a user (of a participating ISP) to incorporate SPF response into their filters in such a way that it would not eliminate any legitimate mails, and it would still be effective at helping the user to identify spam.

It will help ISPs verify that their users are violating policy by sending spam. It will help make blacklists more accurate by identifying ISPs that permit or encourage spammers to use their services.

Read the FAQ [pobox.com].

As long there is progress toward wide adoption of SPF, there is little reason to argue over Microsoft's SenderID licensing scheme. If their protocol cannot be used with qmail, sendmail, and other high reliability/security servers, it will not be adopted. As long as Microsoft has followed its stated intention to adopt SPF as part of SenderID, then SPF will work for everyone, including those using SenderID.

Re:Fine by me.

[sbryant]

Consider this: current versions of Outlook (and O. Express) do not support sender ID. Microsoft has said they want to kill off Outlook Express, and Outlook, as a part of Office, costs cash. People don't generally upgrade that fast. There will be plenty of people with Microsoft software that doesn't support sender ID, and Microsoft needs to retain backwards compatibility, because not doing so gives people an incentive to use another product instead.

If Microsoft make new products that mark all email without sender ID as spam (possibly meaning it isn't even seen), that will legitimately upset a lot of paying customers. The lack of sender ID then becomes effectively meaningless, and things like that do die off. It's happened to them before; sometimes they let it die, sometimes they change their tune.

Consider this: Microsoft wasn't interested in supporting TCP/IP or the Internet; they wanted everyone on their own private MSN too (not the MSN we know today).

-- Steve