Internet Task Force Shuts Down Anti-Spam Working Group

By Larry Seltzer  |  Print this article Print


Re-Imagining Linux Platforms to Meet the Needs of Cloud Service Providers

Contentious discussions in group boded ill for consensus on a standard

Citing a lack of agreement on basic issues in the discussions of the working group, the IETF (Internet Engineering Task Force) has disbanded the MARID (MTA Authorization Records In DNS) working group. The group had been working to create a standard for mail authentication for the fight against spam, mail worms and other e-mail abuse.

The group's short history has been fraught with controversy. The most recent crisis was over intellectual property claims by Microsoft over technologies in some of standards under consideration, and the Microsoft license to those claims. Open source advocates and many others rejected the terms as burdensome and incompatible with their own licensing practices.

But there has been more disagreement than consensus in the group in other areas as well. Advocates for similar methods of authentication have continued to argue strenuously for their favorite approaches, many of which may be covered under the claims of Microsoft in their patent applications.

There have been other problems. Recently it was noted that the name "Sender ID," which had been used by the standards documents for many of the proposals, has a trademark claim by a company that does related work.

In an e-mail to the working group, the co-Area Director Ted Hardie said that effort to formulate a single standard was hampered by a lack of real-world experience with the proposals. The directors recommended that the work of the various proponents move forward to Experimental RFC status, and that actual tests of the proposals proceed. They hope this experience will clarify some of the debates in the group.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzer's Weblog.

A frequent contributor to the group, Phillip Hallam-Baker of Verisign, recommends moving the process out of the IETF and into a "more professional outfit." Hallam-Baker says that ISO accreditation is more important than a big name.

But Yakov Shafranovich, a former chair of the Anti-Spam Research Group of the Internet Research Task Force argues that most such organizations are not as open to participants as the IETF, and so "if anything comes out of the other organizations, it is likely to be something done by big firms only, not to mention possible [intellectual property rights]. The [free and open source software] world will probably fight that standard and continue going with SPF, and so we might end up fighting these for a while."

Meng Weng Wong, author of the SPF standard and co-author of the Sender ID specification, is now advocating for Unified SPF, a proposal from earlier in the MARID process that lost attention when the Sender ID agreement with Microsoft was announced. Unified SPF is a framework which supports one or more authentication methods specified by the system administrator.

Wong thinks the variety is a virtue and not, as some think, a recipe for a standards war. "Saying we should only standardize one form of authentication is like saying gas stations should only offer 87 octane gasoline and not sell diesel at all." Wong argues that Unified SPF gives all the various advocates in the standards process the opportunity to deploy their favorite standard.

Questions may also be raised over potential actions by the US government. In June the FTC rejected calls to create a Do-Not-Spam registry and noted that it couldn't work without a system of authentication. The FTC report actually contemplates mandating a system of authentication if the industry doesn't agree on one after a period of time.

Check out eWEEK.com's Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com security news feed to your RSS newsreader or My Yahoo page

Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.

Submit a Comment

Loading Comments...