The Internet Engineering Task Force has closed down the working group that was developing the Sender ID email authentication standard, saying the group has been unable to reach consensus on key issues in the time allowed.
The move is believed to have been caused in part by Microsoft Corp’s assertion that it has applied for a patent on parts of Sender ID and would require implementers to take out a free license before deploying the specifications.
The MARID (MTA Authentication Records In DNS) working group was closed by the Internet Engineering Steering Group, the IETF’s oversight committee, in an email message to the group by co-director Ted Hardie.
The group has had no lack of energy, Hardie told MARID. From the outset, however, the working group participants have had fundamental disagreements on the nature of the record to be provided and the mechanism by which it would be checked.
Hardie added that the process was complicated by being moved out of the realm of pure engineering by the need to evaluate IPR [intellectual property rights] and licensing, believed to be a reference to Microsoft’s patent claims.
In recent days, discussions in the group have been mainly about this IPR issue, which was perceived as a problem by many open source software groups and caused America Online Inc to withdraw its support from the standard.
But the IETF’s move yesterday still came as a surprise to many. Microsoft had no immediate response to the move. At this point, Microsoft is just deferring to the IETF and has no further comment, a Microsoft spokesperson said.
Sender ID was anticipated to be a merger of Microsoft’s own Caller ID For Email with Sender Policy Framework, a similar spec proposed by Pobox.com CTO Meng Wong and already in use in several thousand email servers.
The spec calls for email senders to publish the addresses of their email servers in their domain name system records, and for receivers to do a DNS lookup when they receive a mail in order to authenticate the sender’s identity.
While Microsoft’s method of doing this lookup, called purported responsible address or PRA, was expected to be the adopted method, the IPR concerns caused the MARID group to resurrect the SPF method two weeks ago.
Last week, we reported that both methods were anticipated to be included in the standard, with users getting the option which of the two to implement, but with the closure of MARID that appears to be no longer the case.
Sender ID is not being rejected in favor of SPF or vice versa, said Andrew Newton, co-chair of MARID. This is part of the IETF process asking the community to gather more experience with sender authentication schemes to get the final standard right.
The IESG, in its notice closing the group down, said that the group was failing to reach consensus on what technological trade-offs to make because the discussion was being clouded by IPR discussions.
Rather than spin in place, the working group chairs and Area Advisor believe that the best way forward is experimentation with multiple proposals and a subsequent review of deployment experience, the IESG wrote.
Microsoft will shortly start checking Sender ID records based on its own PRA checks in Hotmail and MSN. Bulk marketers who operate within the law are expected to adopt this spec in order to get preferential treatment for their emails.
AOL said last week that it is going to continue to use the classic SPF check on its incoming mail, although it will publish records compatible with both types of check for its outgoing mail.