For Now, Sender ID is Dead and MARID Shuts Down

Thursday, September 23 2004 @ 03:23 PM EDT

Contributed by: PJ

I received the following from Yakov Shafranovich, co-founder and software architect with SolidMatrix Technologies, Inc., and former co-chair of the Anti-Spam Research Group (ASRG) of the Internet Research Task Force (IRTF):

The IETF announced that they are planning on closing down MARID, the working group tasked with developing an email authentication standard called "Sender-ID". Shortly following that a formal "closing" announcement was issued by the IESG, the governing body of the IETF. What this means is that the working group has been formally closed, but the process is not finished. But for now Sender ID is dead.

On a side note, the Sender ID name itself might be short lived. Right before the MARID WG closed, there was a discussion about an existing trademark on the Sender ID name and the WG chairs wanted to drop that name. Of course, it is kind of funny if Microsoft finds itself on the wrong side of an IPR lawsuit, but Microsoft have told the MARID WG a few month ago that their lawyers believe that the trademark is invalid. While Microsoft was willing to take their chances, the IETF and ISOC wasn't. Now that the MARID WG is dead, Microsoft may choose to go back to its old name "Caller ID", or perhaps take a second look at that trademark and pick a brand new name.

Anyway, reading through the email announcement about the closure, one needs to keep in mind that the IETF has its own subculture and terminology. The IETF operates by consensus - an agreement among its members. In this specific case, the IETF cited the apparent inability to reach an agreement among the members of the MARID WG as the reason for closure. In other words, the IETF failed to get an agreement from all participants on a single standard for email authentication. The IPR issues from Microsoft's license on Sender ID and incompatability with open source has been cited as well. Specifically, one of the problems is that the IETF is a technical body, not well suited for evaluating non-technical issues such as IPR.

While talking about the IPR issues, it is worthwhile to mention a recent conversation I had with someone from the the US Patent Office. If you ever wonder why so many crazy software patents are granted, a little inside information might be helpful. Patent examiners operate on a quota basis - there is a specific number of patent applications that each examiner must review every week. It starts out at about two applications per week, and goes up from there. My source at the USPTO told me that fulfilling the quota takes precedence over potential prior art. That means that if the patent examiner has a choice between spending an extra week looking at prior art, and approving the patent as is, he or she must approve the patent in order to fulfill the quota. I personally cannot vouch for this information since I don't work at the USPTO, but if it is true, it might explain some things.

In any case, going back to MARID and Sender ID, even though the WG has been formally closed, these proposals are not dead. The IETF wants to proceed with the existing proposals: SPF, Sender ID and some related ones such as CSV and BATV. Instead of formal standards, they will let several proposals proceed as experimental protocols making sure that they do not interfere with anything else on the Internet but without formal standards approval. This is called the "EXPERIMENTAL" track. According to the original announcement this will be coordinated by the IETF to make sure they do not break anything, but that's it. They want people to experiment and deploy these, gathering real-world experience before reconsidering standardization. Eventually if any single standard wins, the IETF may choose to formally standardize it.

What it means practically is that the IETF will not standardize anything but rather let the market choose (which is what some like Paul Vixie have been suggesting for some time). The issue of course is that some of these protocols will be mutually exclusive and will not have as much deployment as a single standard would have, but people will experiment and eventually a winner might or might not merge. All the IETF will be doing is taking a hands-off approach and making sure nothing breaks. Of course, all of this assumes that these proposals will stay within the IETF. Given the bad history with now-dead MARID WG, both the FOSS world and the commercial world might be hesistant to continue working within the IETF framework, and may choose to strike out on their own or go a different standards body as some like Phil Hallam-Baker of Verisign have been suggesting ( ).

The FOSS world and the SPF community might want to continue developing the standard on their own, while the commercial world seems to be leaning towards going to a standard body. Of course one must keep in mind that most other standard bodies do not have open membership policies like IETF does and do charge for membership (yes, the IETF has conference fees also, but not mandatory). The IPR issues are also not going away, especially considering the analysis posted by John Levine (" ) and others about Microsoft's patent application applying to a very broad range of anti-spam technologies.

So for now, we are stuck with several competing proposals and the market has to decide which one to support. There are also crypto solutions in the works which might be better such as DomainKeys and others, currently being discussed informally in the IETF. Given that the FOSS world is not supporting Sender ID anytime soon, SPF may be looked upon as a reasonable alternative. But one must keep in mind that many commercial companies have already invested significant resources, both financial and PR, in Sender ID, and Microsoft may choose to continue promoting it. This of course, will just continue the clash between the FOSS world and Microsoft, which in the long run is not good for anyone. Unlike what George Orwell wrote in 1984, war is not peace.