Anti-spam standard body dismantled

The IETF (Internet Engineering Task Force) has disbanded its anti-spam working group, MARID (MTA Authorization Records In DNS) working group, in part because of an intellectual-property row surrounding Microsoft Corp.'s Sender ID proposal.

The decision, announced in an e-mail to the group from co-area director Ted Hardie, means the end for the IETF's original plan to back a single standard for authenticating the senders of e-mail messages, a way of stemming the address forgery commonly exploited by junk e-mailers and other scam artists.

Those participating in the effort are to put their various anti-spam proposals into practice, gathering real-world information that could lead to another IETF standardization effort. Other options include the creation of a standard by an industry organization or the coexistence of several standards.

"Concluding a group without it having achieved its goals is never a pleasant prospect, and it is always tempting to believe that just a small amount of additional time and energy will cause consensus to emerge," Hardie wrote in his message. "After careful consideration, however, the working group chairs and area advisor have concluded that such energy would be better spent on gathering deployment experience."

MARID was originally created in the expectation that engineers could produce a standard fairly quickly but the IETF did not count on the lack of deployment experience in the real world and intellectual property conflicts. "Technical discussion of the merits of these mechanisms has not swayed their proponents and what data is available on existing deployments has not made one choice obviously superior," Hardie wrote.

Opinions finally began to coalesce around Microsoft's Sender ID proposal, a combination of the company's own Caller ID for Email and a separate technology called SPF. But many open-source groups criticized Microsoft's licensing terms and the company's vagueness about pending patents that could have given Microsoft a claim on Sender ID technology. In its current form, critics said, the proposal could have given Microsoft patent control over part of the Internet's basic infrastructure. Shortly after America Online Inc. announced it wouldn't be supporting Sender ID, MARID finally rejected the proposal.

"Assessments have been difficult in part because they have been moved out of the realm of pure engineering by the need to evaluate (intellectual property rights) and licensing related to at least one proposal," Hardie wrote.

With an Aug. 4 milestone long past, and no immediate prospect of achieving it, project leaders decided to disband the working group and instead try to gather real-world data that could help make one of the proposals stand out as the obvious choice. Hardie asked the editors of the various working group drafts to submit their proposals for Experimental RFC status, to be reviewed by a specially formed directorate. When the directorate is formed it will be publicized on the IETF's Web site, Hardie said.

Industry pressure is growing for a standardized sender-authentication system, with technologies such as SPF already in use. In a June report by the U.S. Federal Trade Commission (FTC), the FTC suggested the U.S. government could mandate such a system if it decides to create a national registry of users who have requested not to receive junk email. The U.S. has already created such a registry for blocking advertising phone calls.