The open source Apache Software Foundation (ASF) is refusing to adopt technology promising to curtail the rising tide of spam, citing restrictions with Microsoft Corp. licensing.
Apache yesterday published an open letter saying it would neither license nor deploy Sender ID, because Microsoft’s Royalty Free (RF) patent licensing agreement is incompatible with open source.
Apache said major barriers exist despite talks between attorney and computer specialist Larry Rosen and Microsoft’s Michael Herman to address Apache’s concerns.
We believe the current license is generally incompatible with open source, contrary to the practice of open internet standards, and specifically incompatible with the Apache License 2.0, Apache’s letter said.
Apache is a major force in the open source developer community, and its leading projects include the popular Apache web server – ubiquitous across the internet – and Struts developer framework. Apache is also close to finalizing its own Java 2 Enterprise Edition (J2EE) application server, Geronimo.
The group’s resistance to Sender ID licensing comes despite growing backing for Sender ID, which is with the Internet Engineering Task Force (IETF). This week, Microsoft held the Sender ID Framework Implementation Summit in Redmond, Washington, while early adopters include domain name registrar Go Daddy Software Inc., which plans to establish Sender ID records as early as next month.
Sender ID is designed to eliminate domain spoofing, a practice that has lead to an explosion in phishing scams.
Phishing has hit a number of large organizations, notably Citibank, and involves criminals sending fake e-mails branded to look like official communications, requesting that the recipient re-enter personal details. In doing so, the end-user surrenders details such as bank accounts and social security numbers to the author.
Sender ID combines Microsoft’s Caller ID for e-mail, Sender Policy Framework and the Submitted Optimization specification, and validates a server’s IP address.
Among Apache’s concerns in Sender ID’s licensing terms, are that Microsoft provides limited rights to end-users while placing an impossible administrative burden on developers, which Apache said creates downstream patent licenses it said are incompatible with Apache and other open source licenses and development processes.
Apache is also concerned that Microsoft’s licensing requires developers to share with the company information about their own development plans, that developers will be burdened with Microsoft notices, and that the license makes licensees subject to US Export Administration Regulations.
Microsoft was unavailable for comment.