SPF To Be Integrated With MS 'Caller ID' System 227
An anonymous reader submits "CNET's news.com is reporting 'An ongoing effort to consolidate antispam authentication schemes took a big step forward with the merging of Sender Policy Framework (SPF) and Microsoft's Caller ID for E-mail.' This is potentially good news." For more background, here are three previous mentions of Microsoft's proposed Caller ID-style system.
The only good anti-spam solution (Score:4, Funny)
Re:The only good anti-spam solution (Score:2)
11x17, eh? I was tempted to point out that "I live in Europe, you insensitive clod!" until I thought... that'll make it even harder! What's the US equivalent of A0, Really f*ing big? And does it have to be plastic - would a precious metal do? ;)
Slightly less off-topic: the Singapore government is proposing [theregister.co.uk] to fine spammers up to a $1 (Singaporean) per spam. Granted, it won't stem the tide from outside Singapore, but it's a sight better than CAN-SPAM or anything the EU's proposed.
<thinks>Can't we
Re:The only good anti-spam solution (Score:5, Funny)
We don't use cars at my business. They're too cumbersome. I still prefer the good ol' horse-and-carriage. They can make a mess but doing so in front of the offices of the guys who keep sending us directmail solves that problem as well.
But what is this 'fax' you are talking about?!
Re:The only good anti-spam solution (Score:4, Funny)
Re:Too late ! (Score:4, Informative)
Good they've merged. Why XML ? (Score:5, Insightful)
I have yet to see [slashdot.org] a good reason why XML is the choice for the payload. I'm not really buying the argument that it's easier to shoehorn XML into TXT fields rather than have another tag. Either way, in order to implement the proposal the MTA authors will have to do some work, and I don't think there's much to choose between the two...
I still can't really rid myself of the nagging suspicion that the extensibility of an XML-driven anti-spam system plays into the hands of 'embrace and extend' that MS has used successfully since time began...
On the other hand, getting some authentication that it really came from where it says it came from will be very useful. The corollory is that 'owning' a mail server will become a higher priority for the hacker/spammer coalitions. Look for more attacks on MX machines if this becomes widespread...
Next on the agenda - get everyone to use digitally-signed certificates
Simon
Why not XML? (Score:2, Insightful)
Re:Why not XML? (Score:5, Informative)
Re:Why not XML? (Score:5, Insightful)
Because, since XML is not a format (but rather a standardized way of creating one's own formats) the issue of "creating a format" is not solved by the decision to use XML.
What XML "wins" is off-the-shelf parsers; one still needs to write some amount of code to convert dumb XML (elements and attributes and all that crud) into something with semantic meaning to your application.
For a simple application like this it's not clear that the overheads of XML (both in terms of size, computational complexity, and programmer overhead to make the aforementioned conversion) are at all worthwhile.
Re:Why not XML? (Score:4, Insightful)
MX:MyFatServer:212.169.24.12,212.169.24.13
MX:MyOtherServer:212.169.24.16
Not taxing to parse, simple, grepable, fast, lightweight, human readable. Even if you work for MS you should be able to write the code to parse this ;->
Re:Why not XML? (Score:3, Insightful)
Re:Why not XML? (Score:2)
Re:Why not XML? (Score:2)
Except for Microsoft's embraced and extended email (Score:3, Interesting)
Rather than simply create compliant MIME mails, Microsoft uses this secret format to say "yeah, we'll try and send email, but if you really want to communicate with companies that use Exchange Mail Server, you need to buy a copy of Exchange Mail Server".
Oh, and how to turn it off. (Score:2, Informative)
Why don't Microsoft set this by default? Email is email. People have got to learn that Microsoft are responsible for this abomination, and the hassle required is Microsoft's fault for not complying to the standard.
Re:Oh, and how to turn it off. (Score:2)
Microsoft Exchange Windows 3.x client 4.0
Microsoft Exchange Windows 95/98 client 4.0
Microsoft Exchange Windows NT client 4.0
Aren't Windows 3.1 & NT 4.0 at least 10 years old?
Come on, MS screws up a lot of stuff, but don't troll out on the fact that MS didn't get the internet in the 90's.
Re:Why not XML? (Score:5, Insightful)
-russ
Re:Good they've merged. Why XML ? (Score:2, Interesting)
Re:Good they've merged. Why XML ? (Score:3, Funny)
Re:Good they've merged. Why XML ? (Score:5, Insightful)
That's a good point, but I see the eXtensability of XML as the power here. It would be relatively simple to extend the Email-Caller-ID XML specification to include an <spf:details/> tag. Which, would naturally allow for other extensions as well.
Remember, too, that XML is not a Microsoft technology. It's a W3C technology that Microsoft also uses. That's a big difference. If this proposal included a .NET extension to my Mail server, then I'd be suspicious.
My question is: How will SPF or Email-Caller-ID take into account mailing lists? Will this block Emails from my address sent through sourceforge.net's many fine list servers?
Re:Good they've merged. Why XML ? (Score:5, Informative)
Use of this technology requires submitting to a Microsoft license. This license allows distribution (but not re-distribution), and is not compatible with the GPL. That is to say, no GPL mail server will ever be able to directly impliment checks for this.
From the license (forgive typos, I typed this from the PDF):
That, my friend, is embrace, extend and assimilate. Nothing under strict GPL can impliment this natively. IIRC, SPF (Sender Permitted From) did not have source restrictive terms.Re:Good they've merged. Why XML ? (Score:2)
-russ
Re:Good they've merged. Why XML ? (Score:2)
Do you have a better alternative? Preferably something that is standardized, or at least based on something that most developers would already have some familiarity with.
Troll me if you like, but please, contribute an alternative idea along with your troll.
Re:Good they've merged. Why XML ? (Score:2)
isn't that what the X in XML stands for? you seem to be under the impression that XML is evil because MS embrace it so heavily. ok, i'm putting words into your mouth, but that's what I read nontheless. personally i don't see the difference between RCPT-TO: blah@blah.com and blah@blah.com. both of the
Re:Good they've merged. Why XML ? (Score:2)
I'd like to think I'm a *bit* more analytical than that! If you read the link in my post, I do say I'm a fan of XML, I just didn't think it was worth repeating...
My point is that if you establish an open standard which everyone starts to use, and people then start to add things, because they can, because XML parsers ignore what they don't understand, the whole system can become far more complicated (and therefore vulnera
Re:Good they've merged. Why XML ? (Score:5, Informative)
The thing is how many people allow TCP packets on port 53 on their firewall? There is no reason execpt to talk to your second-dns records. All other cases should be turned off but this requires that it be turned on.
Re:Good they've merged. Why XML ? (Score:2)
Open ports are not inherently insecure.
Re:Good they've merged. Why XML ? (Score:3, Informative)
In the year 2000.... (Score:2, Funny)
SPF 30 (Score:5, Funny)
Laugh! It was a joke!
Re:SPF 30 (Score:4, Interesting)
Why don't they just call it like it is? A secure substitute for the "source" field of the e-mail header.
Sounds like a truly awful idea (Score:5, Insightful)
The syntactic bit is easy -- XML is hardly appropriate for a DNS function. Mickeysoft is running around patenting XML schemas, and it adds a new layer of complexity to DNS. But then bad syntax is usually dealt with by code.
The semantic bit is worse -- SPF doesn't block spam unless the mail system makes it mandatory, after all, so until 100% compliance is reached, non-SPF mail will still have to be accepted. But wait -- SPF doesn't block spam! It just blocks spam where the From: is not right. Spammers can still create new domains on a hit-and-run basis, and they'll pass SPF. So it's another blast-proof vault door stuck onto a grass hut, a silly waste of time. The only potential real benefit, I suspect, would be to make phishing harder. The address will have to be slightly different from the spoofed domain. But that leaves plenty of opportunity to create deceptively-close hit-and-run domains (like, say, pay-pa1-approva1.com).
Worse, of course, is the collateral damage. How will I be able to send mail using my own business' domain, as I do today, when it is going out via an ISP server? My "from" address is an alias, not a real sender, and I use it to send via more than one ISP, depending on where I am. SPF seems to make this a lot harder, thereby forcing more people to put their ISPs' name in the From: field, rather than their own. Since email is not portable, a user's address is lost when they change ISPs, or when their ISP changes names (mediaone->attbi->comcast). Personal domains (forwarded via a service like mydomain) solve this. Will SPF kill mydomain?
I repeat what I've said before. The only way to kill spam is to stop having all email be totally, absolutely, "free" of charge in any quantity. This is not the topic to discuss solutions, but they are certainly possible, and they aren't SPF.
Re:Sounds like a truly awful idea (Score:2)
Re:Sounds like a truly awful idea (Score:2, Informative)
<Conspiracy>Funny, that's exactly the business that SPF's author (pobox.com [pobox.com]) is in.</Consipiracy>
Re:Sounds like a truly awful idea (Score:3, Informative)
Correct, but what this means is that there should now be some level of accountability to the originator. One of the biggest complaints I would have, looking into email-spam as a problem, would be that there's no way to hold a sender accountable when the true origination of the message is unknown. If I understand the proposal correctly, that accountability will at least be marginally present.
The ability to spoof this system is another issue entirely.
Re:Sounds like a truly awful idea (Score:3, Informative)
An SPF record is a record stating what hosts are registered senders of mail from a given domain. There's nothing stopping you from adding, say, smtp.verizon.net or whatnot to the record.
Of course, there's also SMTP AUTH...
Re:Sounds like a truly awful idea (Score:5, Insightful)
If spammers have to buy new domains for every couple of thousand spams they face a big problem.
Legislation hasn't helped yet (Score:4, Insightful)
Sorry, but I have to hit the bullshit button. Legislation hasn't helped yet, and I'm not talking about CAN-SPAM or any of the other anti-bulk mail bills, but the existing laws dealing with all manner of fraud, FDA regulations and any of the other various and sundry state and federal laws regulating the almost-universally fraudulent commercial content of spam.
You're suffering from the same delusion that many people, myself included, often suffer from -- "Can't we pass a *law*"? -- when there are many good laws already on the books that better deal with the problem in general.
I'd suggest a RICO investigation into some of the top-level spammers, their clients, and the people involved in the payments, the network access, and find out how dirty they really are. I don't know, but I suspect, that most of these people know they're involved in deeply fraudulent activity. A few racketeering convictions involving major ISPs, banks, spammers, and their business clients with some noisy investigation of other spammers could have a *real* impact -- squeezing the spammers out of ISP suppliers and banking services they literally can't do business without.
Re:Legislation hasn't helped yet (Score:2)
Re:Sounds like a truly awful idea (Score:5, Insightful)
This is false. There is no requirement for every domain on the internet to adopt SPF before it becomes useful.
Instead each domain owner decides when to flip the switch on for SPF enforcement for their individual domains. Since 14,000 domain already have valid SPF records and many of them have enabled enforcement, SPF is useful for not accepting worthless spoofed emails TODAY. Not in some far off future.
The way I see it... (Score:2)
My question is why we don't do this the same way we do it everywhere else: through authentication. If the would-be sender can't authenticate to the server (through PKI or password), they don't get to send mail. Now you know that when you get a mail from j.r.hacker@2600.com it was really someone who could authenticate to 2600.com as j.
Re:Sounds like a truly awful idea (Score:5, Informative)
Pobox.com antispam working like gangbusters for me (Score:5, Insightful)
Well, I'm a pobox.com customer, and my own experience of their new antispam measures is absolutely nothing but fantastic. They recently overhauled their spam filters, and the result (again, this is just my experience) has been stunning.
Of course, this says little about SPF itself, but at the very least, for what it's worth, the company that invented it comes with my recommendation.
Well, the way pobox.com has done it, you can choose to have your E-mail "flagged." SPF is one of those possible flags. If an E-mail gets X (a user-definable number) or more flags, it can be rejected as spam. This makes SPF useful even when there isn't 100% compliance.
How will I be able to send mail using my own business' domain, as I do today, when it is going out via an ISP server?
I would think that if your ISP is interested in doing honest business, they would make the effort to list their own mail server.
If you're running your own mail server, then, yes, this is a valid concern.
The only way to kill spam is to stop having all email be totally, absolutely, "free" of charge in any quantity.
I don't deny that that would be a very effective way, but I don't agree that it is the only way.
Re:Sounds like a truly awful idea (Score:2)
Worse, of course, is the collateral damage. How will I be able to send mail using my own business' domain, as I do today, when it is going out via an ISP server? My "from" address is an alias, not a real sender, and I use it to send via more than one ISP, depending on where I am. SPF seems to make this a lot harder, thereby forcing more people to put their ISPs' name in the From: field, rather than their own.
I would think that it would not be hard, at all, to invent a sy
Re:Sounds like a truly awful idea (Score:2)
You're not reading the OP correctly. My business, like many small businesses, doesn't own a mail server. It owns a domain name, which works via a mail-forwarding service on mydomain. Outgoing mail goes via whatever ISP I happen to be on at the time; i.e., the one at home when I'm home, the one at the office when I'm at the office, or the one at the hotel when I'm at a hotel.
My clients don't care where my mail originated. They know it's from me. I'm
Re:Sounds like a truly awful idea (Score:2)
I have to agree that *full* XML is inappropriate for DNS. Requiring an XML parser for all mail servers is undesirable (unless you're MS and have MSXML available as part of the platform).
On the other hand, some kind of structured format is needed for the more complicated cases, which are currently badly served by SPF's somewhat clunky macro language.
As someone who's written a complete XML parser I wouldn't wish such a thing on MTA authors. A reduced profil
Re:Sounds like a truly awful idea (Score:3, Informative)
Re:Sounds like a truly awful idea (Score:3, Informative)
SPF doesn't block spam unless the mail system makes it mandatory, after all, so until 100% compliance is reached, non-SPF mail will still have to be accepted.
I'll type out an example, to show you exactly how it is already working and rejecting forgeries TODAY, without being mandatory, and long before widespread implementation.
Suppose your MTA receives a message from a spammer who is impersonating me. The message claims to be from "paul@pjrc.com", but it isn't. Your SPF
Re:Sounds like a truly awful idea (Score:2)
As far as its protecting aginst bounces, thats only going to happen if a few million systems start using SPF which is not going to happen for at least a decade. SPF has too many problems [abnormal.com] to use in the real world.
Re:Sounds like a truly awful idea (Score:3, Informative)
There aren't many tests which are perfect spam identifiers with no false positives. You should use the SPF compliance as part of a scoring scheme. Messages that fail SPF are more likely to be spam than messages that pass, so they get a higher spam score. If the score exceeds a threshold, mark it as possible spam. If it exceeds a higher one, delete it unread.
This is the strategy
Re:Sounds like a truly awful idea (Score:3, Informative)
Re:Sounds like a truly awful idea (Score:2)
Re:Sounds like a truly awful idea (Score:3, Informative)
It works just fine.
Re:Sounds like a truly awful idea (Score:2)
Actually that would cause a problem, for precisely the reason you outlined.
The solution, as I understand it, is an SMTP extension, RFROM, though I've forgotten whether it's the relaying sender that goes in RFROM or the original sender that goes in RFROM.
Re:Sounds like a truly awful idea (Score:2, Informative)
Lets hope they ditch the patent then. (Score:3, Interesting)
Damn, now where did I put that lawyer....
You could've read all about it last week... (Score:5, Insightful)
Basically, this is a simply classic way to "embrace and extend" Microsoft's Caller ID. Before the flag day, SPF will work the way it is now. After the flag day, which will probably occur later rather than sooner, SPF will have all the functionality of Caller ID. The idea of allowing both XML and text descriptors is simply brilliant. Microsoft wanted to force everyone to use XML, but now you have a choice. I believe most (like 99.9%) will use the text descriptors, both because it is easier and because it is sufficient for 99.9% of the cases.
The net result is Microsoft can't claim ownership anymore. Caller ID will be a footnote in the history of email authentication.
Re:You could've read all about it last week... (Score:3, Informative)
-russ
SPF is harmful. Adopt it. (Score:2, Informative)
Spam solution already exists (Score:5, Interesting)
Very simply, people can choose whether they want to receive unsigned e-mail, or accept sinatures from unkown keys. We'll eventually start building a web of turst (mistrust), such as, being able to automatically accept a key signed by some people or orgs, and similarly, blacklisting keys.
I could very easily, for example, instruct unknown senders (people who aren't in my contact list yet) to download my public key from a specified location to encryp a message that would bypass my filtes. Only a person who followed the instructions would be able to send me an unsolicited message.
Re:Spam solution already exists (Score:5, Insightful)
Re:Spam solution already exists (Score:2)
Huh. How long did it take to get internet email accepted as a commonly used service? How long for the telephone?
Re:Spam solution already exists (Score:2)
Once people had access to it, signifigantly less than 10 years. Sure, email was around for a long time before it took off, but that's a function of access to the Internet, not a function of the usability or functionality of email.
Email signing has been around for just as long easy access to email, if not longer. Once there was easy access to email, it took off in popularity. Email signing, which has been freely available
Re:Spam solution already exists (Score:2)
It's also an issue of people realizing the need for something. Back in the 80's, I hadn't even heard of the Internet. But I did have access to FidoNet [fidonet.org]. I used email. I thought it was amazingly cool - even profound. Although my family and non-BBS friends had no idea what
Re:Spam solution already exists (Score:3, Insightful)
Re:Spam solution already exists (Score:3, Informative)
Perhaps an RFC is in order (Score:2)
Re:Spam solution already exists (Score:2)
users sending email send to the email server from INSIDE the provider's network and if you are a roaming road warrior then you are forced to use webmail or VPN into the network.
this would solve a GOB of the problems and certianly stop all the emailing viruses.
But we cant get most email provid
Re:Spam solution already exists (Score:3, Interesting)
1) I really hate webmail.
2) As the administrator for our small network, I prefer to have direct access to the e-mail server logs for security and verification purposes.
3)Your suggestion would still not solve the spam problem.
As annoying as the constant Viagra and porn ads are, not to mention offensive to some people, 3 years from now, those will be pleasant memories compared to wh
Re:Spam solution already exists (Score:3, Informative)
By extension, then, you figure if only ISP email servers could send mail, spam would be greatly reduced.
Congratulations! You just explained why SPF is a good idea! The whole point of SPF is to point out which servers for a given domain are allowed to send email.
Re:Spam solution already exists (Score:3, Informative)
If you reject messages without a PGP signature, spammers will simply sign their messages.
If you reject based on the signing author being a known spammer, spammers will simply generate a new key for each message. This isn't a computational burden (as it is in PGP) if the keys aren't generated in a secure manner.
If you reject all unknown senders, people unknown in your "web of trust" will be rejected.
instruct unkn
Re:Spam solution already exists (Score:2)
But then, I dont gripe about the 50 or so people a day who contact me.
Mailserver IPs listed in DNS Record (Score:2)
breaks forwarding (Score:5, Informative)
The problem is this. Suppose AOL start adding SPF records to their DNS, saying effectively 'only the following IP addresses are authorized to send @aol.com emails. Suppose also that Hotmail start rejecting emails from SPF domains where the IP addresses don't match. Now suppose that joe@small.biz is going to be away from the office for a couple of weeks, so he gets the small.biz mail server to forward his emails to his hotmail account. At this point anyone from AOL who emails him will find the emails bouncing (although if they're from AOL, this may not be such a bad thing...)
Re:breaks forwarding (Score:2, Insightful)
Sorry if I'm not overjoyed... (Score:2)
I can only assume they'll eventually charge some sort of licensing of other kind of fee, and they'll force their way to approval to displace Yahoo's proposed system.
Caller ID (Score:2, Funny)
dynamic dns users (Score:5, Interesting)
How will this effect dynamic DNS users who send email? I'm not talking about some rogue spammer, but the people who have legitimate servers running on real IP addresses with domain names that are managed by the likes of dyndns.org
In the past, these DHCP hosted addresses have been under a lot of grief with people erroneously RBLing them simply because they are DHCP (like it ever really expires!!!) managed IP addresses.
Much of the workaround for this has been to RELAY all the email up to the ISP for delivery from a non DHCP hosted IP address. But some people block these because they show evidence of being relayed by anyone and hence must be evil.
So what will have to do in order to get my mail server considered acceptable for sending email under this SPF/CallerID scheme?
I'm also really curious to see how this can be a good thing at the same time that it involved Microsoft, but I'm trying to keep an open mind on this one...
Re:dynamic dns users (Score:5, Insightful)
If a real sender can somehow distinguish themselves via a valid SPF record, they might actually have better luck sending mail than they do now.
XML ? (Score:2, Insightful)
What if. (Score:4, Interesting)
They set their SPF to everyone/everyone...or something.
Then it's an open relay with an SPF signature that matches.
and we're back to square 1.
Re:What if. (Score:3, Interesting)
No "email for this domain is allowed to come from these machines" program that is under control of the domain owner has any hope of reducing spam, because spammers will just use it, and keep cycling through disposable domain names at $5-10 each. Only
How will the spammers fight back? (Score:3, Informative)
I knew it... (Score:2, Funny)
In fact, how surprised would you be if it was just a 1200-baud half duplex signal leading every email?
AOL and MS say: publish SPF records (Score:5, Interesting)
The MicroSoft Caller-ID/SPF merger proposals say that SPF records will be honored, so you can publish them without fear of losing support.
So, go ahead and publish SPF records [spf.pobox.com].
MicroSoft supporting SPF records is a really smart move. Last week, I posted results of a survey of 1.3 million email domain names to the IETF MARID mailing list. Now that I'm back from the MARID meeting, I just finished a survey of Caller-ID records. There appears to be about a factor of 500-1000 more domains that have published SPF exclusively than Caller-ID exclusively and only a tiny fraction of the 1.3 million domains have published Caller-ID records. In short, MicroSoft isn't changing to support SPF records because they are better (I think they are), but because it is an acknowledgement that MicroSoft's Caller-ID hasn't caught on.
Meng Weng Wong (the SPF author) and MicroSoft are still discussing how exactly this merger will work on. I personally don't see any reason to support XML right away. MicroSoft has not come out with a single concrete extention that can't be done with SPF already.
I also think that there are alternatives to the complex Caller-ID algorithm and that doesn't require every Ezmlm and other mailing lists to upgrade their software. From the research that I've done (and yes, this is something I have really researched), there appears to be far more mailing lists broken by MS's Caller-ID system than email forwarders broken by SPF.
(I'm the author of libspf-alt [midwestcs.com] and the maintainer of the trusted-forwarder global whitelist [trusted-forwarder.org]. So, now you know why I have researched this stuff so much.)
Why XML is bad (Score:5, Insightful)
It's simple really. DNS is one of the highest areas of traffic and hits out there. Every web page generates multiple DNS hits and so does email and P2P and everything else.
XML, is a bunch of text that wraps around a bunch of data and is called meta data. It's not the data you need, but data about the data you need. In DNS, you already know what you need, so the "meta" is silly.
Point being, you add a lot of extra characters to the data transmissions. UDP won't support it anymore so we have to to with TCP, which has even more overhead being added to the process.
Compound this with MSFT's tendency to send shitloads of data across every network they touch just because they can, and you've DDOSed the Internet.
XML may have a place, but DNS sure as hell isn't it.
Re:would be nice (Score:4, Insightful)
the user can set up their system to reject anything they damn well feel like rejecting.
the hard part is the testing, not the actions taken after testing...
LOL, this is soooo easy to bypass! (Score:2)
Stupid /., ruining my joke (Score:4, Funny)
[erwin: ~] root# *67 && mail -s "enlarge your elbows" mpost4@mikeoconnor.net << cat enlarge.txt
Re:LOL, this is soooo easy to bypass! (Score:2, Funny)
joke. Helllo, McFly? :P j/k (Score:2)
Re:joke. Helllo, McFly? :P j/k (Score:2)
Re:would be nice (Score:2)
Re:i still don't trust it... (Score:5, Insightful)
From my point of view, the spam cleanup would just be collateral.
Re:i still don't trust it... (Score:2)
ALso, what happens if a M$ Caller ID server gets a virus. Image the damage from that payload.
Re:i still don't trust it... (Score:4, Insightful)
Already got a mail client that handles spam well.. (Score:2)
Now, if we could integrate that at the server level we would be all set. Maybe it's time for Apple to write a mail server with this technology.
Re:IP addresses? (Score:3, Insightful)
Because the SMTP protocol requires two-way communications, the packet has to have a valid IP address, so that the TCP/IP traffic can go between the two mail servers (sender, reciever). Because of this, you are guaranteed that the IP address is correct to within a given sub-net. Within that sub-net, yes, spoofing is possible (convince the router that you are the real 131.107.3.124). This is definately "close enough" to usually be accurate.
Re:Boycott of Microsoft's Caller ID for E-mail (Score:5, Interesting)
If the two camps agree, this will speed up adoption of SPF records enormously.
Re:Boycott of Microsoft's Caller ID for E-mail (Score:4, Insightful)
---
Make sure you let them know that patents on email technology are unacceptable [boycott-em...ler-id.org]. Merging is okay, let's just keep the SPF license, not the Microsoft one.
---
It's just saying that patents on email tech are unreasonable. That's pretty reasonable to me.