FSF & OSI Speak out Against Sender-ID License

NW writes "As a followup to yesterday story, Eben Moglen of FSF and Larry Rosen of OSI have publically spoken out against Microsoft's Sender-ID license calling it incompatible with the GPL and Open Source. A related eWeek story also covers this and includes the following quote from Eric Allman, the author of Sendmail: "It's pretty clear that it's going to take an act of whatever deity Microsoft worships in order to get them to back down on the sublicensing issue. They made it absolutely clear to us that they were not even going to consider changing this, and the legal folks made it further clear that they would rather see Sender ID die than back down.""

Fine by me.

[LordNimon]

the legal folks made it further clear that they would rather see Sender ID die than back down.

So be it.

Re:Fine by me.

[GOD_ALMIGHTY]

Second that... Either they release an RFC implimentable by OSS, or it doesn't get used.

Didn't MS learn this lesson back in '95 with Blackbird?

Re:Fine by me.

[km790816]

Q: What's Blackbird?
A: Exactly.

Q: No, really, what's Blackbird?

Re:Fine by me.

[Piquan]

No, really, what's Blackbird?

I'm not sure if you were just joking or really asking a question.

Blackbird was the protocol used by MSN. I'm not sure about the technical details, but I think it was pretty much sending GDI calls (Windows equiv to X calls) down the wire. Microsoft derided HTML in favor of Blackbird.

About a year after that, they were enthusiastically "supporting" HTML.

Re:Fine by me.

[km790816]

I'm not sure if you were just joking or really asking a question.

Both. :-)

Re:Fine by me.

[Phillup]

There should be a "No, Seriously" mod to counteract "Funny".

It isn't a joke.

Die.

Re:Fine by me.

[LordNimon]

That's what I was thinking. I wasn't intending to be funny. I was very serious. Oh well.

I'd rather see separate mod scales

[leonbrooks]

I'd like to see separate Agree/Disagree mods that don't use up karma, and don't have a cap (on either the post's rating or the user's hoarding ability). I'd also like to see high-score tables for those (as in, all-time agreeable and disagreeable posts, most and least agreeable average-over-lifetime and -over-last-20-posts, plus the extremes for this month, the last 24 hours, and top/bottom 3 posts in each story.

Maybe allocate one agree/disagree point per user per visit-day (ACs don't get any) and allow som

Re:Fine by me.

[doctormetal]

the legal folks made it further clear that they would rather see Sender ID die than back down.

So be it.

You mean that the SPF vs. Sender-ID battle has been won before it started?

Re:Fine by me.

[walt-sjc]

Sender-ID can incorporate SPF. It isn't a one or the other battle.

I've read through the ietf archives, and the big issues are that the license seems OK on the surface, but the details of exactly what is patented is very unclear AND The requirement that implementors and distributers get a license, even if it's free, is a huge burden. Imagine if this kind of thing happened with all the standards? A company like redhat would need to get thousands of licenses from thousands of companies. Debian would be impossible. Open source would die.

The end result is that SenderID will be mostly useless because it will not get critical mass adoption. ISP's rely heavily on opensource software. If opensource mail software does not support SenderID, only a small fraction of the world will adopt it.

Re:Fine by me.

[Rick the Red]

Unfortunately, Microsoft Outlook and Outlook Express have a huge market share. My brother, for example, uses it/them. So what am I supposed to do when my brother's email program refuses to accept my emails because I don't use the same mailer that he uses? How can I even email him to explain myself? For all I know, he won't even see that my email came in marked as "spam", he'll just wonder why I never send emails anymore.

That's my fundimental objection to all these anti-spam kludges (and that's what they are

Re:Fine by me.

[sbryant]

Consider this: current versions of Outlook (and O. Express) do not support sender ID. Microsoft has said they want to kill off Outlook Express, and Outlook, as a part of Office, costs cash. People don't generally upgrade that fast. There will be plenty of people with Microsoft software that doesn't support sender ID, and Microsoft needs to retain backwards compatibility, because not doing so gives people an incentive to use another product instead.

If Microsoft make new products that mark all email with

Re:Fine by me.

[WolfWithoutAClause]

Um, but only the mail servers *need* to implement SenderId. Outlook Express and Outlook are irrelevant in this.

Re:Fine by me.

[Rick the Red]

Then what's the problem with the GPL? If elm and pine and all the rest will work with senderID as-is -- if it's purely a mail server thing -- then what's the problem? I have zero control over what software Comcast uses to provide me my email, and frankly I don't care if they use something from Microsoft or something open, as long as it works. If you're an ISP and you want to use non-Microsoft software, then you should be on the front lines fighting this patent nonsense, but if it doesn't affect the rest of

Re:Fine by me.

[WolfWithoutAClause]

But now I'm troubled by the notion that Comcast will (or will not) assign me a senderID whether (or not) I want them to.

No, as I understand it, that's not how it works, atleast as far as spam killing goes.

The sender Id identifies the ISP, not the user. That way, if a users' machine gets owned, the sender Id doesn't get added, because the mail isn't being officially sent by the ISP's server. So when the mail arrives at the destination mail server, it throws it away, because it doesn't have the right digi

Re:Fine by me.

[phraktyl]

Actually, I think your sig says it all:

And the men who hold high places must be the ones who start

To mold a new reality ... closer to the heart

The FSF/OSI communities are doing as much as we can, but as much as I hate to say it, things aren't fundamentally going to change until the big companies -- to include Microsoft -- do.

Great Rush quote, BTW.

Re:Fine by me.

[tsg]

"Over my dead body"

"I accept your terms..."

Actually, the quote was...

[leonbrooks]

"You can have my gun when you pry it from my cold dead hands!"

"Your proposal is... acceptable."

Can't find a still of Edgar getting his face ripped off, though.

Re:Actually, the quote was...

[tsg]

Yeah. But mine is applicable in so many more situations.

Familiar dialogue?

[silicon not in the v]

the legal folks made it further clear that they would rather see Sender ID die than back down.

Sith lawyer: "As you can see, my sublicensing powers are far beyond yours; now back down."
Eben-Wan Kenobi: "I don't think so."

OK, so the "back down" is directed the other direction, but it sounds so right, doesn't it?

Uh...

[T-Ranger]

Someone actually want to link to a reference where this statement was made?

Re:Uh...

[gorre]

Yes, the statements can be found here [imc.org].

Open Letter to Bill Gates and Minions

[jo42]

Dear Bill,

Regarding mandatory Sender-ID licensing.

Get bent!!!

Yours Sincerly,
jo42 (on behalf of the rest of the world)

Act of...

[warrendodge]

"going to take an act of whatever deity Microsoft worships in order to get them to back down"

That would be an act of Dollar, the almighty god of commerce. Worshiped by by corporations and monopolists around the world.

Get used to it...

[cornice]

It's quite clear that this is the best strategy that Microsoft has against Free Software. MS _may_ not get to point where they directly sue over patents and copyrights but be assured that they will work very hard to create useful and popular things that are legally incompatible with Free Software.

Re:Fight back

[Bastian]

<knee-jerk>

I wonder how feasible it would be for Free Software to fight back by embrace and extending some ubiquitious and vital technology the way Microsoft hs tried with e-mail and the Web, getting a patent on it, and then licensing it under some GPL-like license?

Sadly (for some, at least), this would be a strike at business in general, and I'm not sure everyone would want to attack an entire industry based on the actions of a few unruly members, and open source probably isn't big enough to do it

Re:Fight back

[Xentax]

"No Microsoft" is still "Not Free".

This is one of those moments where you have to reflect on what TRULY free TRULY means.

For example, Free Speech means you can say something that I absolutely, 100% disagree with, or even despise you as a person for, yet you are acting within the law (whether I is joe citizen or the US government).

Or, as has been mis-attributed to Voltaire a few times, "I disapprove of what you say, but I will defend to the death your right to say it".

If you truly believe your software, or ALL software should be free, that means ANYONE, including Microsoft, MUST be allowed to use it (within the terms of the particular "Free-compatible" license, of course).

I wouldn't expect to see MS modifying and sharing any GPL code anytime soon, but they have used BSD code in the past, and I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).

You can't pick and choose and still call it 'Free'.

I recognize your knee-jerk tag - so just consider this the second part of a knee-jerk chain reaction :)

Xentax

Re:Fight back

[molo]

I wouldn't expect to see MS modifying and sharing any GPL code anytime soon, but they have used BSD code in the past, and I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).

They already distribute GPL licensed code. See Windows Services for UNIX 3.5 [microsoft.com]. It includes gcc, g++, make, rcs, awk, grep, sed, tar, cpio, etc.

-molo

Fighting back means not helping those who harm us.

[jbn-o]

This is one of those moments where you have to reflect on how freedoms work and then recognize that we cannot afford to support those who would take other freedoms away.

Software proprietors like the new BSD license (among others) because it allows them to build on the program and not share their improvements in a form which allows others to excercise their software freedom to inspect, share, and modify the software. As you have pointed out, Microsoft has done this.

We don't gain or retain software freed

What an odd definition.

[Medievalist]

Where I come from, "fighting back" means killing or beating the living s**t out of whoever's trying to harm you. But I guess we're kind of backwards around here, we haven't really got the hang of this new millenium yet.

Re:Fight back

[spitzak]

I have no doubt they do use binaries of GPL'd projects (but would naturally avoid tainting themselves by looking, let along modifying, sources).

There is nothing wrong with looking at the source or even modifying it. Microsoft knows this (although they won't say that publically to avoid counteracting their FUD) and I'm sure they are modifying and testing GPL code plenty in there.

What they cannot do (without releasing the source) is redistribute the software. And they are not doing that.

"tainting" is a bo

Re:Fight back

[Xentax]

You're right and you're wrong (IMHO), to various degrees.

You're right in that anything short of a 'clean room' approach is, to some degree, tainted, so it must not be THAT hard-and-fast, or you could never hire anyone that ever worked for your competition.

But you're wrong in that tainting is completely unheard of or a boogeyman that has no force.

It's really more of a *general* trade-secret issue that Microsoft (and probably others) is playing safe by including GPL'd source as well as other competitor's p

Re:Fight back

[someone247356]

You wrote;
"If you ARE claiming otherwise, you're saying a Windows developer could freely, minutely examine the Linux kernel, and then, without any degree of fear of legal repercussion, *implement the ideas expressed in that code* without GPL or other legal fallout. To be clear, he doesn't copy a single line of code, just reuses the good ideas, tweaks things based on the insights he gains, etc.

Do you really claim that?"

I'm not sure about the original author, but I'll claim that.

The GPL is based on "copyri

Re:Fight back

[spitzak]

you're saying a Windows developer could freely, minutely examine the Linux kernel, and then, without any degree of fear of legal repercussion, *implement the ideas expressed in that code* without GPL or other legal fallout. To be clear, he doesn't copy a single line of code, just reuses the good ideas, tweaks things based on the insights he gains, etc.

Do you really claim that?

Yes I am claiming that.

Read RMS's rants some time. Take a look at where he talks about reverse engineering. Even he says that lea

Re:Fight back

[Xentax]

The reason this *does not* happen is the legal mess I pointed to.

If some Windows devs DID do this, you're right that it *ought* to be fine.

But what *could* (and I really mean "could", I don't mean Linus would, should, or even 'might' do this) happen is that the authors of that code COULD turn around and claim MORE happened - ie, that copying occurred. You'd have MS saying no, we just LOOKED AT the code, and used the good ideas, etc. - while (whoever) says there MUST be copying. They'd want their lawyers t

Re:Fight back

[spitzak]

That argument makes no sense. If Microsoft was willing to lie and copy GPL code, then they are equally willing to lie about not looking at it. In fact somebody can claim "by saying they are not looking at GPL code, they must be covering something up, therefore their denial is proof that they are copying it".

There is no way for Microsoft to prevent made-up accusations like this and it is insane for them to change their behavior and limit their options because of this. I can claim they are killing kittens in

Re:Fight back

[Xentax]

I disagree.

The key difference is that you can make a much more substantial claim with available evidence.

If you have code that acts substantially similar, and claim it's because you copied, but only copied ideas based on viewing the code, that's (Arguably) hard to distinguish from less-legal copying.

Your kitten-killing claim is different. Maybe if kittens near MS campus were disappearing and MS claimed they were 'just adopting them all' or something.

My claim is that it is (or may be claimed) that distin

Re:Fight back

[aminorex]

The EFF should be patenting open source technologies right and left.

Re:Fight back

[grahamm]

That should not be necessary. Merely publishing the source, which Open Source software does, should prove prior art and hence prevent anyone else subsequently patenting it.

Re:Fight back

[aminorex]

It is necessary for the same reason corporations
build defensive patent portfolios: Cross-licensing
agreements. In this case, in the public interest,
since the government long since abdicated the role
of defending the public interest.

Who cares...

[qtp]

As long as Microsoft is incorporating SPF [pobox.com] into their solution, then it doesn't really matter if few providers use SenderID (as long SPF is widely adopted).

SPF provides the means to eliminate the most egregious spammers by eliminating all emails with forged headers and providing a means to ensure that the sender is complying with the rules set by their ISP. It is simple to implement because it uses already existing features of SMTP and DNS to operate, and it does not need to be adopted "all at once" by every ISP, as it does not interupt mail being sent to/from non-participating ISPs until the provider using it makes that decision themselves. It is also possible for a user (of a participating ISP) to incorporate SPF response into their filters in such a way that it would not eliminate any legitimate mails, and it would still be effective at helping the user to identify spam.

It will help ISPs verify that their users are violating policy by sending spam. It will help make blacklists more accurate by identifying ISPs that permit or encourage spammers to use their services.

Read the FAQ [pobox.com].

As long there is progress toward wide adoption of SPF, there is little reason to argue over Microsoft's SenderID licensing scheme. If their protocol cannot be used with qmail, sendmail, and other high reliability/security servers, it will not be adopted. As long as Microsoft has followed its stated intention to adopt SPF as part of SenderID, then SPF will work for everyone, including those using SenderID.

Hotmail

[Tyreth]

Sender ID has already gained market support. Both ISPs, such as AOL, and mail software and support companies, such as Cloudmark Inc. and Tumbleweed Communications Corp., have announced support for it. Microsoft has also announced that it will start using Sender ID for inbound e-mail to its hotmail.com, msn.com and microsoft.com domains in October.

Practically speaking, what does this mean? That we won't be able to send emails to hotmail.com, msn.com and microsoft.com unless we use Sender ID enabled mail servers? What exactly does Sender ID do that will cause a problem of incompatibility for the open source community? I understand that Sendmail and others won't be able to implement it as is, but what does not being able to implement it mean?

Re:Hotmail

[WWWAvenger]

SenderID is a combination of the Meng Wong's SPF and Microsoft's Caller-ID. If someone has implemeneted "Sender-ID" that means they use both to check for an email sender's right to send mail from a particular server. This licensing issue is really about the MTAs (the mail software) that checks for the Sender-ID records and scores mail based on them. If Microsoft won't let their portion of the schema be compatible with the licenses MTAs like Sendmail have, then the technology can't be incorporated legally an

That really sucks

[Aloaha]

Its incredible. I feel just an other time f... by M$. We small/tiny vendors leave modules Freeware like we do in our Aloaha because we believe in the Idea of SPF and so on and the big ones just focus on how to gain control. It would be interesting how it would legally look if we would silently support SPF2/SenderID. Anyway - I always prefered SPF1 and I hope that people are now even more motivated to push it... Thanks Frank

Just the beginning

[stox]

I suspect the future will be fraught with Microsoft "innovations" in use of patent/copyright/trademark law.

How can I implement Sender ID in a freeware module

[Aloaha]

Since SPF in our Aloaha is Freeware of course we are not implementing PRA - even though we support SPF2 records.....