Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Apache Rejects Sender ID

michael posted about 10 years ago | from the poison-pill dept.

Patents 351

hexene writes "In an open letter to the IETF MARID Working Group, the Apache Software Foundation has rejected the patent-encumbered Sender ID specification. This means no Sender ID support for SpamAssassin, Apache JAMES, etc. They state that the current license is generally incompatible with open source, and contrary to the practice of open Internet standards."

cancel ×

351 comments

Sorry! There are no comments related to the filter you selected.

First Post! (-1, Redundant)

Anonymous Coward | about 10 years ago | (#10140351)

My sender ID is firstyposty@slashdot.com.

Re:First Post! (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#10140406)

I'm getting so sick of this. Why can't we just decide on a method of getting rid of spam and stick to it? I recently registered a domain name, and the mailbox was full of spam THE VERY FIRST TIME I checked my email. I hadn't given the new email addy out to anyone yet. When are government bodies going to wake up and realize that we have a serious issue on our hands?

--
Free iPods! [freeipods.com]
Free Flatscreens [freeflatscreens.com]

Wired says Its legit... [freeipods.com]

Giving away GMail invites to the first 6 people to sign up and complete an offer. I recommend the Blockbuster offer, its instant credit, and the offer is actually worthwhile.

Re:First Post! (0, Redundant)

Anonymous Coward | about 10 years ago | (#10140463)

How can anyone mod up a message with 6 fscking line of advertisement??? HALF the message!!!

Re:First Post! (0)

Anonymous Coward | about 10 years ago | (#10140744)

They probably have signatures turned off in their prefs and didn't see it.

Re:First Post! (3, Insightful)

Edmund Blackadder (559735) | about 10 years ago | (#10140495)

If you do not like spam, please stop spamming slashdot.

Re:First Post! (0, Offtopic)

Anonymous Coward | about 10 years ago | (#10140536)

Well.. I don't consider doing that anywhere close to the same thing as spam. I'm 1 person away from getting a free iPod, and you choose to read slashdot. Reading slashdot just kinda implies all the trolls, flamebait, and spam that goes along with it. Besides, someone will be along to mod me down shortly I'm sure.

Re:First Post! (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#10140563)

MOD DONW NOW!!!
Parent is nothing but a "free ipod" linker.

Re:First Post! (4, Funny)

Sebby (238625) | about 10 years ago | (#10140700)

"and the mailbox was full of spam THE VERY FIRST TIME I checked my email. I hadn't given the new email addy out to anyone yet."

Serves you right for registering 'asdf.com' :)

Re:First Post! (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#10140726)

ROFL... Actually, the domain is my first & last name.com. I kinda odd though still.

For those wondering, that has to have been the most successful freeipod post ever. Netted 10 people for freeipods.com and 3 people for freeflatscreens.com until it got modded down to -1.

Sorry for spamming slashdot... I'm just 1 person away from getting a free iPod and I'm desperate. :P

Fuckin Hippies.... (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#10140353)

If it ain't free it sux!!!

Hoody Hoo! (5, Insightful)

CountBrass (590228) | about 10 years ago | (#10140354)

Well done Apache! Surely this must be a big stake in the heart of MS email domination plans ?

Re:Hoody Hoo! (0, Troll)

JamesKPolk (13313) | about 10 years ago | (#10140443)

It also hinders those of us who have supported SPF, the old name of the spec before MS joined in.

Oh, but don't let the problems with SMTP hinder your irrational hatred of all things connected with Microsoft.

Re:Hoody Hoo! (4, Funny)

chris_mahan (256577) | about 10 years ago | (#10140471)

Next time, put the GPL all over it and MS won't join.

You know, you guys could have seen this one coming.

Re:Hoody Hoo! (0)

Anonymous Coward | about 10 years ago | (#10140612)

Irrational hatred of all things microsoft ... niice

Re:Hoody Hoo! (1, Funny)

955301 (209856) | about 10 years ago | (#10140739)


you're new here, aren't you?

Re:Hoody Hoo! (0)

Anonymous Coward | about 10 years ago | (#10140846)

nope, but you must be.

Re:Hoody Hoo! (-1, Flamebait)

AviLazar (741826) | about 10 years ago | (#10140481)

It's SOP on /. to instantly hate anything that is 1) MS or MS related or 2) not open source.

The nature of the topic matters not, mention one of the above two and you will get people instantly shooting it down - and probably getting positive mods too :)

Re:Hoody Hoo! (2, Insightful)

killjoe (766577) | about 10 years ago | (#10140848)

" It's SOP on /. to instantly hate anything that is 1) MS or MS related or 2) not open source. "

So? Arent there plenty of boards where people

1) Love MS or 2) Hate open source?

The internet is a big place. You could always hang out at gotdotnet or any of the thousands of MS sponsored blogs if you want to be filled with pro MS propaganda.

Re:Hoody Hoo! (5, Insightful)

Tracy Reed (3563) | about 10 years ago | (#10140582)

No, it does not hinder SPF. Sender ID is SPF+MS's hacks. You are still free to use SPF by itself.

MOD HERE PLEASE (0, Redundant)

macdaddy (38372) | about 10 years ago | (#10140679)

This point needs some extra emphasis.

Re:Hoody Hoo! (1, Troll)

phats garage (760661) | about 10 years ago | (#10140710)

It looks like this Meng fellow started this SPF thing and gladly hooked up with Microsoft and had no interest in providing an open non-encumbered standard. A wish for open non-encumbered standards is often not simply some irrational manifestation of Microsoft hatred, but rather a desire to let different systems, including free software systems, interact.

Re:Hoody Hoo! (4, Insightful)

DAldredge (2353) | about 10 years ago | (#10140711)

It's not 'irrational hatred of Microsoft', it is concern that, in the future, Microsoft will use these patentes to control email on the net. Microsoft just hired a high level exec to over see it's IP portfolio and to increase it's 'value' to Microsoft.

Re:Hoody Hoo! (5, Insightful)

Abcd1234 (188840) | about 10 years ago | (#10140738)

Yup, you're absolutely right! Despite what the ASF said, they're rejecting SenderID because it's *Microsoft*! Yeah! Sure, they *claimed* it was because it was patent encumbered, but you have efficiently seen through their veil of deception.

Don't be a tool. The ASF doesn't gives a damn who created the freakin' standard. The fact is, it's patent encumbered. Period. And, as a result, they refuse to implement it. This shouldn't be at all surprising. Frankly, I think it's down right ridiculous that the IETF is willing to consider a standard that's patent encumbered. But, hey, who wants a free, open Internet?

Re:Hoody Hoo! (1)

EvilAlien (133134) | about 10 years ago | (#10140819)

Hrm... "big stake in the heart"... I think of it more as a "kick in the nards".

SPF has some good traction, but as far as I'm concerned, this is the death knell for SenderID.

So... (1, Redundant)

njfuzzy (734116) | about 10 years ago | (#10140362)

Will this stop the "standard" from going forward, or just increase the struggle to come to a useful consensus?

Re:So... (-1)

Anonymous Coward | about 10 years ago | (#10140393)

Yes.

What to do with dogs (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#10140363)

The gnaa/ecfa would like you to destroy them because they burn our energy without serving a real purpose.

What to do with the Parent Post's Mom? (-1, Offtopic)

Anonymous Coward | about 10 years ago | (#10140812)

Fuck her cunt with a dog's dick until she gets pregnant with a puppy.

Re:What to do with the Parent Post's Mom? (0)

Anonymous Coward | about 10 years ago | (#10140852)

Clearly that's already happened at least once.

Good start... (5, Insightful)

keiferb (267153) | about 10 years ago | (#10140372)

Hopefully this is just the start of a string of rejections. If lots of big names in the OSS community and some of the e-mail superpowers (yahoo, gmail, etc...) jump on the bandwagon, maybe it'll get pushed aside.

Wishful thinking? Probably, but a boy can dream...

Re:Good start... (0)

Anonymous Coward | about 10 years ago | (#10140808)

why is this a troll?

Good for them, but not far enough. (4, Interesting)

Euphonious Coward (189818) | about 10 years ago | (#10140384)

I don't see any reason to use SPF either. It only benefits big ISPs, by keeping spammers from mentioning them in their return addresses. Even then it only works until the spammers hijack the machine of some dumb sap who's a legitimate customer of such an ISP, and send under his name. It does you and me no good at all, either way.

The whole exercise has been a waste of time and attention for all involved, and the sooner it's forgotten, the better.

Re:Good for them, but not far enough. (5, Insightful)

athakur999 (44340) | about 10 years ago | (#10140480)

In the scenario you mentioned, it forces the spammer to use machines that's within the ISP's control. If the spam bearing your domain is originating from some random computer in China, there's not a whole lot you can do. But if the spam has to originate from one of your customer's computers and has to be sent via one of your SMTP servers, then you can look at the logs on your SMTP server, figure out the infected customer, and take appropriate action.

Re:Good for them, but not far enough. (2, Interesting)

jhunsake (81920) | about 10 years ago | (#10140618)

It's an inferior attempt at authentication. Yahoo!'s DomainKeys is superior in every respect.

I was really interested in SPF for a while, but I'm tired of this shit. Like the grandparent says, it's all a big waste of time. I'm going to delete those TXT records right now...

Re:Good for them, but not far enough. (0)

Anonymous Coward | about 10 years ago | (#10140868)

Eh? It's to prevent people from impersonating you, not really to authenticate anyone.

Re:Good for them, but not far enough. (1)

hawkbug (94280) | about 10 years ago | (#10140642)

Well said - and I thinks a HUGE step towards killing spam. The only other issue now is stopping forged domains that don't exist without generating a lot of lag.

Re:Good for them, but not far enough. (2, Insightful)

Emrys (7536) | about 10 years ago | (#10140785)

SPF doesn't tell admins a damn thing they didn't know before. Admins do not pay attention to header addresses when determining the source of spam, they look at the IP addresses, which are not truly being forged (not in the same sense, anyway).

SPF is only useful to end users who can be fooled by forged text headers. It was created to help stop phishing and provide some kind of reputation protection. It's ridiculous that people who should know better co-opted it as a "spam solution" and are willing to break legitimate uses of SMTP to see it adopted, without seeming to even reale the leverage it hands big ISPs.

Re:Good for them, but not far enough. (3, Insightful)

Grayputer (618389) | about 10 years ago | (#10140554)

OK I'll bite. I fail to see how SPF only helps the big ISPs. Any little guy (running a domain) can publish his own SPF record. Any little guy (running a mail server) can check against existing SPF records. Checking against an SPF record will weed out (or at least certainly reduce) SPAM with forged source addresses (or make it harder to forge an acceptable address). Trackable SPAM is a definite improvement over the current state of affairs.

Obviously you have a beef with SPF. I seem to have missed it. So where's the beef?

Re:Good for them, but not far enough. (4, Insightful)

DJ Rubbie (621940) | about 10 years ago | (#10140562)

You are horribly wrong, and I will bite. I had my email address 'spoofed' by the W32.Netsky worm a while back, and it was sent from a machine that is not of the domain of my address. An SPF enabled mail server would reject emails with spoofed headers, and so my friends (victims) will not see the infected email with *my* email address. On the other hand, non-SPF enabled mail servers will accept it, and my friends sees it, and accuses me of sending them a 'virus'.

SPF will not only stop spammers, but will stop (or at least prevent) people and worms from spoofing the from address *sent from _everywhere_* to claim to be from a user@domain they do not own. I do not want spammers or anyone to claim to be from my domain (or my legit email address even), and have angry letters accusing me of letters I did not send.

If you have your machine hacked, or running a mail relay by accident, you should have secured those equipments, and if you had anything important on it (eg. financial records), you probably have much bigger concerns, like identity theft.

Yes, I know, we are supposed to check the email headers, but most home users are completely ignorant of those features.

Re:Good for them, but not far enough. (1)

Glamdrlng (654792) | about 10 years ago | (#10140716)

An SPF enabled mail server would reject emails with spoofed headers, and so my friends (victims) will not see the infected email with *my* email address.
Don't get me wrong, I approve of SPF, but here's my gripe from a best practice point of view. If you're capable of identifying the mail server(s) authorized to send mail from your network and publishing SPF records, why are you letting other hosts send SMTP out of your network at all?

Re:Good for them, but not far enough. (1)

macdaddy (38372) | about 10 years ago | (#10140840)

He never said the infected mail was coming from *his* network. It could come from any schmuck that has both their addresses in their addressbook. Still I'm in favor of forcing all dynamic-class users to use their provider's SMTP server. There are a few exceptions of course, such as the user that works at a big company that uses SMTP-AUTH/TLS to let employees securely send email from home. That of course would have to be an exception. Still there are very few reasons why the average dynamic user should not use their providers SMTP server. Statically assigned users however IMHO shouldn't be required to use their providers SMTP server since they are probably running a server themselves. Ideally though the provider would make the system opt-out for static customers. LDAP and Cisco ACLs is the trick.

Re:Good for them, but not far enough. (1)

mattdm (1931) | about 10 years ago | (#10140844)

Don't get me wrong, I approve of SPF, but here's my gripe from a best practice point of view. If you're capable of identifying the mail server(s) authorized to send mail from your network and publishing SPF records, why are you letting other hosts send SMTP out of your network at all?

That's the point -- it's NOT coming out of your network. It's coming from someone else's network entirely beyond your control.

SPF lets you list which source networks *are* in your control, and if a message comes from somewhere that doesn't match, that's a warning sign.

Re:Good for them, but not far enough. (1)

kelnos (564113) | about 10 years ago | (#10140855)

i'm not sure how this is relevant. perhaps i run a business from my home and use a business DSL line for my website, mail, etc. if the ISP isn't allowing outgoing SMTP, i have to relay through their servers and my SPF records have to reflect this. personally i find this a non-ideal scenario. i'm sure with a little effort i could come up with other examples.

Re:Good for them, but not far enough. (2, Interesting)

Daniel Boisvert (143499) | about 10 years ago | (#10140856)

There's a difference between knowing which IP's in your netblock are allowed to send mail, and which IP's are allowed to send mail from your domain. SPF requires you to know the latter, which is something you really ought to know if you're running a domain.

The former is much harder to know, for a zillion reasons (subnets controlled by downstream entities, legit residential mailservers, etc.).

Re:Good for them, but not far enough. (1)

Elwood P Dowd (16933) | about 10 years ago | (#10140576)

Even then it only works until the spammers hijack the machine of some dumb sap who's a legitimate customer of such an ISP, and send under his name. It does you and me no good at all, either way.

Um, no. In that case, spam prevention would be way, way easier. Spam from spammer@yahoo.com would have to actually come from Yahoo. That would make my f*ing day.

How so? (0)

Anonymous Coward | about 10 years ago | (#10140587)

If you have control of your own domain's DNS server, there's nothing preventing you from publishing an SPF record, and it's a good idea for you to do so.

By publishing an SPF record, you can stop, or at least mitigate, "joe jobs" that use a forged From header trying to implicate you in someone else's spamming, not to mention email worms.

If you have a clue, your SPF record should only allow mail from your outbound mail server(s).

In case you don't follow M$'s every move like me.. (4, Informative)

Emugamer (143719) | about 10 years ago | (#10140389)

Microsoft Sender ID Framework [microsoft.com]

The Sender ID Framework is an industry standard created to counter e-mail domain spoofing and to provide greater protection against phishing schemes. This combined specification is the result of Microsoft's Caller ID for E-Mail proposal, Meng Wong's Sender Policy Framework (SPF), and a third specification called the Submitter Optimization. These three draft technical specifications were recently submitted to the Internet Engineering Task Force (IETF) and other industry organizations for review and comment. ... and it goes on and on

Re:In case you don't follow M$'s every move like m (3, Insightful)

sxtxixtxcxh (757736) | about 10 years ago | (#10140604)

industry standard?

isn't a bit early to be calling it a standard?
especially if apache is rejecting it.

Re:In case you don't follow M$'s every move like m (2, Insightful)

macdaddy (38372) | about 10 years ago | (#10140719)

Correct. It's not a standard at all but a proposal. Hopefully SenderID never becomes a standard. Wong should be slapped shitless for ever agreeing to couple SPF with CallerID. What a stupid move to make.

Re:In case you don't follow M$'s every move like m (0, Troll)

dacarr (562277) | about 10 years ago | (#10140847)

Yes, but everyone knows that Micro$oft is all about standards, and since they created all standards, they must be followed.

Re:In case you don't follow M$'s every move like m (0)

Anonymous Coward | about 10 years ago | (#10140643)

You're so right, using the $ makes you uber cool.
lOlZ

Be original (2, Insightful)

chamblah (774997) | about 10 years ago | (#10140704)

M$ [penny-arcade.com]

Turnabout (0, Offtopic)

MikeMacK (788889) | about 10 years ago | (#10140391)

We believe the current license is generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0.

While not exactly the same issue, wasn't MS complaining about Apple not "opening" the iPod format for them to use with their music site?

Patent encumbered indeed! (5, Informative)

Anonymous Coward | about 10 years ago | (#10140395)

Is this why the sender ID article on Wikipedia is only a stub? [wikipedia.org]

Please, click "edit this page" and help if you know anything!

Re:Patent encumbered indeed! (1, Informative)

Anonymous Coward | about 10 years ago | (#10140724)

Check it now!

MSFT doesn't care about Apache. (3, Interesting)

garcia (6573) | about 10 years ago | (#10140398)

We will not be implementing support for Sender ID until such time as the issues with the license are fixed and acceptable to the Apache James and Apache SpamAssassin Project Management Committees.

It's obvious that Apache's concerns are of the utmost importance to both MSFT and those conducting the discussions. If they were SO concerned this would have been taken care of long ago. MSFT figures that either Apache will kowtow after users get pissed that they cannot send to those behind an MS mail solution or that they will end up having to break down themselves later. It's a lot bigger of a gamble for Apache to ignore MSFT than it is for MSFT to ignore Apache.

As an alternative resolution, we would find it acceptable if the pending patents were granted to a non-profit organization such as ISOC and licensed under sufficiently open
terms.


This, OTOH, is a valid option and should be exercised but I highly doubt it will be for obvious reasons.

Re:MSFT doesn't care about Apache. (3, Insightful)

millahtime (710421) | about 10 years ago | (#10140446)

MSFT does need to care about open source and other mail servers. They are a small fish in a big sea when it comes to mail systems.

Re:MSFT doesn't care about Apache. (-1)

Anonymous Coward | about 10 years ago | (#10140460)

They are a small fish with a big mouth.

Re:MSFT doesn't care about Apache. (1)

GoofyBoy (44399) | about 10 years ago | (#10140686)

How much email goes around that originate or recieved from a MS related system (Exchange/Hotmail/MSN)?

Maybe they can get a few other big mail services (say Yahoo) and ISPs (say AOL) to get on board. Someone makes a plugin/module for Apache to implement SenderID (if its possible, I suspect it would be), that would open up new servers using it.

It will be a sell job and thats what a big company like MS is good at.

Re:MSFT doesn't care about Apache. (3, Insightful)

macdaddy (38372) | about 10 years ago | (#10140784)

It's not Apache HTTP Server that would need the plugin. It's SpamAssassin, the dominant spam fighting tool and now an official Apache Software Foundation project.

And getting a few of the big players onboard with MS isn't going to do jack. The top dozen big ISPs are a drop in the bucket in the email system world-wide. Sure they are the biggest ISPs but that doesn't mean their userbase makes up the majority on the 'Net.

Re:MSFT doesn't care about Apache. (5, Insightful)

trifster (307673) | about 10 years ago | (#10140529)

Your logic doesn't flow. If that were the case then everyone would have stopped using sendmail and switched to exchange so everyone can send meeting appointments and tasks in addition to email. no, apache is on the right track. open standards (truely open) and protocols will win over closed source solutions. the reason is simple...the desires of the many will trump those of the few or only. so the majority will move on to the open technologies.

Re:MSFT doesn't care about Apache. (1)

GoofyBoy (44399) | about 10 years ago | (#10140771)

> the reason is simple...the desires of the many will trump those of the few or only.

The few ARE the ones who control this. If you get a few software makers (MS, Apache, Apple) and some service companies (Yahoo, AOL, Google) to accept a standard, then its going to be the standard regardless of what anyone else outside of say the dozen companies want.

I don't get a vote in which email verification gets to be the standard. How am I not the many?

Re:MSFT doesn't care about Apache. (4, Funny)

mr_z_beeblebrox (591077) | about 10 years ago | (#10140565)

It's a lot bigger of a gamble for Apache to ignore MSFT than it is for MSFT to ignore Apache.

Good point!!! Because Apache has Billions of dollars invested in their product. Whereas Windows is mainly just a free download.

Re:MSFT doesn't care about Apache. (2, Insightful)

TheUnFounded (731123) | about 10 years ago | (#10140683)

Not only that, but as the world's predominant web server [com.com] , Apache has a fair bit of clout with the IETF.

Look at it another way? (4, Insightful)

ImaLamer (260199) | about 10 years ago | (#10140827)

Apache will kowtow after users get pissed that they cannot send to those behind an MS mail solution

What about us users who are behind the MS mail solutions? I have addresses on both sides of the coin and to think the Microsoft won't let me get mail because someone didn't use their patented technology is crazy....

I know they are trying to ram it through committee, but have they really thought about this? It's crazy. They already put most of my mail in the "Bulk" folder with hotmail, even if it is sent from a friend. And technology is slow to adapt, yet they've already made the announcement that they will not take mail without Sender ID after October 1st (I believe). Who here still uses HTML tags like
<FONT SIZE>
We were supposed to drop that years ago. It still renders though.

We all hate spam but a "magic bullet" will only kill e-mail altogether IMHO. I've missed out on money actually because something gets marked as spam but I needed it for "business". Let me setup my own spam filters or let me weed through it.

Either way, I resent corporations like Microsoft and even Yahoo getting into the mix and removing me from the situation.

It's easy, don't give out your address. Don't click on links in e-mail that are so long they look like encryption keys. Don't allow images to load (easy with Thunderbird + Sygate Personal Firewall in XP and most webmail). Don't sign up for a freeipod (I want to post my referral link, so bad too.)

Oh really? (4, Insightful)

archen (447353) | about 10 years ago | (#10140412)

This means no Sender ID support for SpamAssassin, Apache JAMES, etc.

Funny, I thought Apache supported these things called modules that allowed you to extend Apache.

Just because it doesn't come from the Apache Foundation doesn't mean it wont happen.

Re:Oh really? (2)

Seth Finklestein (582901) | about 10 years ago | (#10140534)

Most system administrators also have a strong social conscience.

I, for example, refuse to allow any of my "users" to install any closed-source programs. Closed-source means "not directly GPL-compatible." I have sent out dozens of e-mail messages explaining why this is so important, and I haven't heard one complaint. Frankly, I think it's perfectly reasonable to expect "users" to use software that is not only sound in design but also sound in methodology as well.

Sincerely,
Seth Finklestein
Award-Winning Systems Administrator

Re:Oh really? (2, Insightful)

ClosedSource (238333) | about 10 years ago | (#10140634)

"Most system administrators also have a strong social conscience."

Some do and some don't just like everybody else. Of course, some people would argue that a strong social conscience has more to do with things like poverty, war and the like than it does with the GPL.

Re:Oh really? (0)

Anonymous Coward | about 10 years ago | (#10140820)

YHBT, fuckhead.

Read his comment history.

Parent is not insightful (0)

Anonymous Coward | about 10 years ago | (#10140681)

Parent is not all that insightful.

Apache the webserver does.

They are talking about spamassassin and james.

RTFA

Re:Parent is not insightful (1)

955301 (209856) | about 10 years ago | (#10140802)

Actually, James supports modules also. You simply have to include them in your classpath and refer to them in the config.

So it is insightful. And you're wrong. Wrong wrong wrong. Muahahahaha.

Re:Oh really? (2, Informative)

Anonymous Coward | about 10 years ago | (#10140727)

You're mixing up the Apache HTTP daemon with other projects under the ASF's umbrella.

Stick with JAMES (5, Informative)

Anonymous Coward | about 10 years ago | (#10140413)

I use JAMES for my mail transport, and have found it to be fantastic. A single XML file can configure all the services you need (SMTP, POP3, IMAP), with or without TLS. If you want TLS, you just add an entry for it.

Also, it's really easy to write custom programs for mail processing, called "Matchers" or "Mailets" (many already exist), for things like SPAM detection, custom mail delivery, etc. I highly recommend it over sendmail/qmail.

Re:Stick with JAMES (4, Informative)

BigGerman (541312) | about 10 years ago | (#10140570)

James project does not list IMAP in the list of features and the FAQs mention some "experimental" code. Is there something you know and they don't?

Question [slightly OT] (1)

JediTrainer (314273) | about 10 years ago | (#10140667)

Good thing this came up. I'm just building a new (replacement for a dying) server now to be used to handle mail for my domain and a couple of non-profit orgs I help with (it'll run their web sites and other things too). I've been running sendmail until now, but am open to suggestions for something better.

Can James integrate with SpamAssassin or something similar? Multiple domains? Forwarding?

It'd be great to find out. I'd much prefer a Java-based solution because I'd be able to put my own skills to good use if I need to extend it somehow.

Generally speaking I just need it to handle SMTP and POP3 and be able to deal with local mailboxes (I'd like have the option to be able to tack on a webmail package).

Maybe someone can also comment on what the best webmail packages are that are freely available?

Re:Question [slightly OT] (0)

Anonymous Coward | about 10 years ago | (#10140849)

"I've been running sendmail until now, but am open to suggestions for something better."

Exim

We've seen this before... (1, Redundant)

ArbitraryConstant (763964) | about 10 years ago | (#10140441)

"standards" that aren't acceptable to the general hacker population of the Internet aren't standards.

Yahoo!'s DomainKeys is free and technically superior, and it's not mutually exclusive with SenderID. That means it will end up all the mail-related software except Microsoft stuff. Now who's the standard?

Re:We've seen this before... (2, Insightful)

Feyr (449684) | about 10 years ago | (#10140729)

i doubt your claim of technically superior. if i remember DomainKeys work on the headers, which means you have to send the whole mail first (thus anihilating any sort of bandwidth reducing abilities, which spf does not suffer from)

I had so much hope (4, Insightful)

Omega1045 (584264) | about 10 years ago | (#10140448)

Having read up on SPF long before MS got involved, I had such hope that this would help to secure email and kill spam. The reliance on a proven system like DNS seemed like an awesome idea. I wonder what parts of SPF can be considered prior art to MS's patent, and how it was licensed before MS came into the picture. Can we use a pure SPF implimentation an avoid the MS crud? If not, can we come up with a similar system? I think this is a concept that we need implimented asap.

With the rejection by Apache, hopefully the rest of the FOSS will follow and then the industry at large.

Re:I had so much hope (1, Informative)

Anonymous Coward | about 10 years ago | (#10140697)

We already have an unencumbered standard for SPF: It's called SPF. You already said SPF predates MS involvement....

Here's for example the statement of the Courier maintainer on the mxcomp-list:

On Fri, Aug 27, 2004 at 08:01:16PM -0400, Sam Varshavchik wrote:
|
| The purpose of this message is to clarify my plans for any deployment of
| the Sender-ID specification in Courier (http://www.courier-mta.org).
|
| Microsoft has made certain patent claims on the Sender-ID specification.
| Microsoft has issued the IPR disclosures and royalty free license required
| by the IETF. It appears that IETF's contemporary policies do not prevent
| the sponsor/advocates from including patented IP material into
| standards-track specifications, without even requiring the sponsor to
| actually enumerate and identify their intellectual property; a mere claim
| of the existence of some nebulous IP rights is sufficient, which can be
| revealed at any point in the future, at the sponsor's discretion.
|
| The current development version of Courier implements the original
| SPF-classic specification, that predates Sender-ID. This will be rolled
| into a forthcoming release. I'm quite pleased with the results so far --
| there are a lot of classic SPF records in existence, as witnessed by my
| mail logs :-)
|
| It will not be possible for me to implement Sender ID in Courier. Courier
| is licensed under the GPL. The FSF already flatly stated that Microsoft's
| IP license is not GPL compatible. I reviewed the most recent version of
| Microsoft's proposed IP license, and I've reached the same conclusion. For
| this reason Sender ID cannot be implemented in Courier; Courier's
| implementation will be limited to the unencumbered SPF-classic.
|
| --
| Sam Varshavchik
| http://www.courier-mta.org

So, keep up the hope - just ignore SenderID.

what's the big deal? (-1, Troll)

karmagardless (800169) | about 10 years ago | (#10140449)

Everyone on Slashdot always seems to be complaining about spam. I don't see what the big deal is. I enjoy receiving e-mail from people and companies I don't know. Each morning when I run my e-mail program, it starts downloading, and the unexpected e-mail is a pleasant surprise that brightens my day. Well, a few hundred pleasant surprises that is, and they brighten my day in the same way that stepping in a pile of dogshit brightens my day. A few hundred times. So what the fuck? Why are all you whiny bitches on Slashdot always complaining about spam? Don't waste your time writing or deploying spam blockers. Enjoy life. And relax. Assholes.

"troll"? (-1, Troll)

karmagardless (800169) | about 10 years ago | (#10140687)

it's called humor. mod it down as overrated if you want, even flaimbait (which is also an over-reaction) but it's not a troll, and I resent the implication.

Jason

Re:"troll"? (0)

Anonymous Coward | about 10 years ago | (#10140746)

Relax.. Modding you down as troll is just showing my appreciation of your humor.

What a suprise! (4, Insightful)

yoshi_mon (172895) | about 10 years ago | (#10140473)

Finally, as developers of open source e-mail technologies, we are concerned that no company should be permitted IP rights over core Internet infrastructure.

Is any really surprised that MS is trying to build it's patent arsenal around such things? And of course they want to do it quickly because it's much easier to get something underhanded accepted quickly. (PATRIOT Act anyone?)

We are also concerned by the rush to adopt this standard in spite of technical concerns, lack of experience in the field, and a lack of consensus in the IETF MARID WG.

I think again Open Source groups show their strength by not allowing such tactics to take place without notice. It also shows that many major groups are very aware of how the game is being played.

Go Apache foundation! (2, Insightful)

Rupan (723469) | about 10 years ago | (#10140475)

I'm glad that a major OSS project has seen through the FUD and is speaking out on behalf of the community. I seem to have lost my faith in humanity, but events like this start to restore it.

Encumbered Standards (5, Insightful)

Secrity (742221) | about 10 years ago | (#10140504)

I find it pretty amazing that the IETF accepts encumbered "standards". Protocols should either be industry standards or propietary. It could become interesting if an RFC calls for the use of an encumbered standard and half of the Internet chooses to ignore the standard.

Sendmail what is your move now?? (5, Interesting)

bryam (449040) | about 10 years ago | (#10140517)

"Sendmail releases open source milter for Sender ID
August 30, 2004
Today, Sendmail, Inc. is releasing an open source implementation of the IETF's Sender ID specification for testing on the Internet. This implementation utilizes the milter interface to plug directly into the sendmail MTA.

Sender ID is a standards-track proposal that merges Meng Wong's SPF and Microsoft's Caller ID for email. Authorizations records are published in DNS in an SPF-compatible format, and then used to validate user-visible message headers using the Caller ID "Purported Responsible Address". This sid-milter release implements the marid-protocol and marid-core draft standards, leaving the marid-submitter SMTP Extension to be implemented directly by the sendmail MTA.

Downloadable source code for sid-milter can be found at: sendmail.net/sid-milter"

Let's all say it now.... (-1, Redundant)

Anonymous Coward | about 10 years ago | (#10140521)

Thanks Microsoft!

RMS summed it up well (5, Interesting)

Skiron (735617) | about 10 years ago | (#10140532)

RMS E-Mail to IETF MARID WG ML [imc.org]

All listen to the man!

Re:RMS summed it up well (-1, Troll)

Anonymous Coward | about 10 years ago | (#10140607)

The man who, after about a quarter century, still hasn't shipped a complete OS?

Re:RMS summed it up well (3, Funny)

Skiron (735617) | about 10 years ago | (#10140673)

What's that got to do with the price of beer?

He is spot on about what M$ are up to with this issue.

Re:RMS summed it up well (-1, Flamebait)

Anonymous Coward | about 10 years ago | (#10140698)

You're so right, using the $ makes you uber cool.
OMg LoLz

Sendmail (1)

ilikejam (762039) | about 10 years ago | (#10140653)

What's the opinion of the sendmail developers?

Apache open? (-1, Flamebait)

Anonymous Coward | about 10 years ago | (#10140671)

If you still think the Apache Software Foundation's license is a truly open license, take a look at this story [undeadly.org] about Apache httpd being unable to be included in OpenBSD and think again!

Good articles on this (5, Informative)

Anonymous Coward | about 10 years ago | (#10140703)

Re:Good articles on this (0)

Anonymous Coward | about 10 years ago | (#10140762)

thank you for entering the phrase Sender ID into http://news.google.com!

Sender-ID may not be MS's IP (3, Interesting)

scorp1us (235526) | about 10 years ago | (#10140747)

According to this [newsforge.com] article SenderID in the agreed upon form is nothing new. Indeed it seems that MS has embeaced and extended someone else's IP and put their own claim to it.

Therefore, Apache maybe abandoning something that it needs not to abandon.

I don't see the problem.. (0, Troll)

d_jedi (773213) | about 10 years ago | (#10140788)

Isn't Microsoft providing a royalty-free license for everyone to use this patent?

It's funny how some people deride Microsoft for not supporting web standards in their IE browser.. and then turn around and applaud Apache when they say they're not going to support IETF standards. I bet they don't even realize they're contradicting themselves..

Media issues (4, Insightful)

r.jimenezz (737542) | about 10 years ago | (#10140873)

I hope the OSS community can follow up in the ensuing media war that MS may unleash. It will be relatively easy for them to say "see, we had a solution for this but those non-IPR respecting open source zealots boycott it". Especially if (God forbid!) the rest of the "big companies" do not line up with Apache.

Firm positions like this must be applauded and upheld, but once again we also need other professionals to help get the voice out about the truth. We shall not be fanatical, but I humbly believe it is clear Microsoft is not being transparent in this and that does not bode well for the Internet as we've come to know it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>