Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Debian Project Rejects Sender-ID

CmdrTaco posted more than 10 years ago | from the two-strikes-down dept.

Spam 196

NW writes "Following on the heels of Apache Foundation taking a stance against Sender-ID, the Debian Project announced today their rejection of Sender-ID as well."

Sorry! There are no comments related to the filter you selected.

Perhaps (5, Interesting)

JoshMooney (668142) | more than 10 years ago | (#10161916)

Perhaps this is where closed source vendors (read: Microsoft) will lead the adoption of Sender-ID.

Re:Perhaps (3, Interesting)

sploo22 (748838) | more than 10 years ago | (#10161975)

I think you missed something - you say that like it's a good thing.

Re:Perhaps (5, Insightful)

Karzz1 (306015) | more than 10 years ago | (#10161988)

Perhaps there will be no adoption of sender-id; perhaps an open solution will prevail. The reason the internet works as well as it does is open standards. Perhaps these companies that are trying to encumber "standards" are slowly learning that they will not gain the acceptance of their "standards" and will have to compete on the merit of implementations of open standards rather than locking people into a "standard". This is just the newest version of proprietary file formats; unfortunately it is the only way Microsoft knows to compete anymore. Rather than compete on a level playing field, Microsoft wants to lock you into their new "standard" rather than compete on the merits of their products.

Re:Perhaps (1, Interesting)

Anonymous Coward | more than 10 years ago | (#10162033)

it is the only way Microsoft knows to compete anymore. Rather than compete on a level playing field, Microsoft wants to lock you into their new "standard" rather than compete on the merits of their products.

Anymore? This is the only way Microsoft has ever competed! Bill Gates himself has always denied that a company's success depends on the quality of it's products. This becomes a self-fulfilling prophecy: Microsoft cannot compete on the quality of their products because their products are poor! If there is a lack of interest in pursuing quality from the very top down then the resulting products will have poor quality.

Re:Perhaps (0)

Anonymous Coward | more than 10 years ago | (#10162113)

C#, CLI, etc. are standards and if I am not mistaken Mono adheres to these standards. MS are also adhering to / defining (working IBM, BEA and now Sun and Oracle) Web-Services standards for which they will have to compete on quality of implementation.

Re:Perhaps (1)

gl4ss (559668) | more than 10 years ago | (#10162042)

so.. what you're saying is that spam senders are adopting sender-id?

(which, is kinda exactly what is happening anyways..)

Re:Perhaps (3, Insightful)

whovian (107062) | more than 10 years ago | (#10162047)

Perhaps this is where closed source vendors (read: Microsoft) will lead the adoption of Sender-ID.

The article mentions that Microsoft's Sender ID is an extension of the SPF standard. Further, "SPF/Sender-ID requires changes to DNS and MTAs in order to work. The changes to DNS involve the addition of new records which identify machines authorized to send mail for a specific domain".
I'm inferring that the internet's root DNS's have to be modified. Allowing Microsoft's "standard" on the root servers is hardly nonpartial if the open community is disagreeing so much.

No basic DNS changes (4, Informative)

WoodstockJeff (568111) | more than 10 years ago | (#10162204)

The changes to DNS involve adding a TXT record to the domain which lists the hosts authorized to forward mail for the domain. Nothing proprietary there, and anyone with control over their DNS can do it.

Of course, if you have a DNS provider who won't let you make such changes, you probably need a different DNS provider!

Re:Perhaps (1)

FrostedWheat (172733) | more than 10 years ago | (#10162309)

closed source vendors

These people have as much reason to reject Sender-ID's license as anyone else.

I reject this color scheme. (0, Offtopic)

News for nerds (448130) | more than 10 years ago | (#10161918)

For your eyes only. [slashdot.org]

Re:I reject this color scheme. (0, Offtopic)

Anonymous Coward | more than 10 years ago | (#10161922)

+1, Color

NOT offtopic (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#10161933)

easier on the eyes

I'll bite (-1, Offtopic)

maskedbishounen (772174) | more than 10 years ago | (#10161958)

Offtopic is almost right. Redunant is the mod we're really looking for here, though.

It's been how long until the IT section showed up? Dare I say, if you can't figure out how to avoid it on your own by now, you certainly deserve the color scheme. ;-)

Re:I'll bite (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#10161981)

maybe, but the newbies might be scared off by the cack colour scheme, this gives them an alternative

In which case its not offtopic, not redundant, not anything really, just under-rated

thank you (0)

Anonymous Coward | more than 10 years ago | (#10161936)

nt

Thank you: need Firefox extension for this (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#10161967)

Someone what to write a Firefox extension to fix slashdot's F'ing ugly colour schemes?

Re:Thank you: need Firefox extension for this (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#10161987)

Let the secret service deal with it instead: click here [slashdot.org]

Re:Thank you: need Firefox extension for this (0)

Anonymous Coward | more than 10 years ago | (#10162004)

I hope you know you're sending that threat to your ISP by way of their DNS server. Not very wise, IMO.

Re:Thank you: need Firefox extension for this (1)

random_static (604731) | more than 10 years ago | (#10162357)

i know i'd use it. just wish i had the skills (or the time to learn the skills) to write the damn thing myself.

Re:I reject this color scheme. (1, Funny)

Anonymous Coward | more than 10 years ago | (#10162015)

this is a great example of open source developers responding to the wants, needs and complaints of the community... oh wait a second, they aren't responding at all

Re:I reject this color scheme. (0)

Anonymous Coward | more than 10 years ago | (#10162035)

BWAHAHAHA! CmdrTaco and gang are developers? Perl monkies yes; developers no.

Restrictive Patents (4, Insightful)

darkmeridian (119044) | more than 10 years ago | (#10161919)

Of course patent-encumbered standards will never take. Why do companies even hope that it will? Do they remember what happened to IBM and MCA?

Re:Restrictive Patents (5, Insightful)

benjamindees (441808) | more than 10 years ago | (#10161946)

Although I hope you're correct, it's incredibly naive to believe so.

The truth is, proprietary 'standards' are all over the place. They are especially effective when directly-marketed to consumers, cutting out all the middle-men who might say "whoah there, that isn't a good deal" and replacing them with glossy print ads full of half-truths.

And, let's face it, Windows itself is the greatest direct-marketing tool ever created. I'm not looking forward to the direction this is going.

Re:Restrictive Patents (4, Insightful)

Kjella (173770) | more than 10 years ago | (#10161948)

Sure, patent restricted formats doesn't do well... like gif (now expired), mp3, mpeg2, mpeg4, wma, wmv, ttf (pixel hinting algorithm), rsa (also expired) and so on and so on. You are using one of very few examples where it was "everybody against one". Consortiums and such or companies with little competition rarely have problem introducing patented standards.

Kjella

Re:Restrictive Patents (2, Insightful)

darkmeridian (119044) | more than 10 years ago | (#10162023)

You are right. But here, we are talking about an E-MAIL standard. And while free open-source software doesn't dominate the market, it does make up a strong percentage of the market. Why bother shoving a patent-encumbered format in this field? It just seems like a pointless task. You could just NOT SQUANDER your good will and just remove the patents or donate them to a not-for profit.

Re:Restrictive Patents (1)

Tim C (15259) | more than 10 years ago | (#10162034)

Why bother shoving a patent-encumbered format in this field?

Maybe it's to prevent someone else from registering a patent for something that's broad enough/similar enough/outright identical to this and causing problems?

I've not RTFAed, but after the Eolas thing, I imagine that MS has become rather sensitive to that sort of thing happening, and so will probably now take out patents on everything it can to prevent it from happening again. Besides, merely owning a patent doesn't mean that you have to go after infringers - you can't lose them by not donig so. You're also at liberty to grant licences under whatever terms you see fit, including royalty-free for anyone who wants them.

Patents aren't bad, it's how they're used that can be.

Re:Restrictive Patents (2, Insightful)

mindstrm (20013) | more than 10 years ago | (#10162184)

Well, if the patent were licensed irevocably for unrestricted use by anyone for anything, then the OSS crowd wouldn't have a problem with it.

The problem is, unless it's so licensed, and despite best intentions... a patent holder can later choose to kick your ass for using his patented method, even if he let oyu use it for free for years.

Re:Restrictive Patents (0)

Anonymous Coward | more than 10 years ago | (#10161951)

For a open source project, that might be difficult.

Since the parent of this thread has a blanket statement... The person obviously haven't heard of DVD, 3G Wireless etc standard then...

It will take off as long as the market likes the product and companies can still make lots of money after licensing the necessary patents.

Re:Restrictive Patents (1)

remin8 (791979) | more than 10 years ago | (#10161952)

I see a lot more OSS rejecting sender-id like Debian and Apache!

Re:Restrictive Patents (3, Insightful)

Froze (398171) | more than 10 years ago | (#10161956)

Its not like image compression using LZW was ever accepted by the masses or the mp3 codecs were ever used by the majority.

All broad sweeping statements are prone to failure, including this one.

Re:Restrictive Patents (2, Insightful)

Gentlewhisper (759800) | more than 10 years ago | (#10161960)

"Why do companies even hope that it will?"

A corporation does not hope.
It does not have a soul.
If a corporation were made flesh and has a body, he'd be locked away as a psychopath!

Have said that, well, it is probably an calculated gamble, and why not? Just because a few losers lost doesn't mean they will all bend over and die.

Licensing = zero recurring cost price + unlimited profits.

Wonder why USA is producing nothing much nowadays? They've discovered da bomb and is trying to slug the rest of the world with it by trying to create 'compatible' laws everywhere!

Re:Restrictive Patents (1)

tindur (658483) | more than 10 years ago | (#10161961)

I think you could say MS is used to forcing stuff down peoples throats.

Re:Restrictive Patents (1)

gl4ss (559668) | more than 10 years ago | (#10162048)

they can take up easily, you just need to submarine longer.

and after you're known to pull such stunts it's harder of course.

(being the only good alternative on the market is a good way too)

Free GMail invites! Grab one quick! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#10161920)

Re:Free GMail invites! Grab one quick! (0, Offtopic)

sploo22 (748838) | more than 10 years ago | (#10161953)

As idiotic, trollish and NSFW as that was, I have to admit it was pretty devious.

Re:Free GMail invites! Grab one quick! (-1, Offtopic)

Anonymous Coward | more than 10 years ago | (#10162093)

Off-topic: on anti-slash.org, you can grab a lot of Gmail invites no one cares about (they just troll all day long) (and NO I'm serious, just try not to click on goat links...)

Almost had me there.... (-1, Offtopic)

Chmcginn (201645) | more than 10 years ago | (#10161979)

I probably would have clicked on it without looking, except for the fact I've already got a gmail account...

Oh my! (-1, Troll)

Anonymous Coward | more than 10 years ago | (#10161928)

My anus flutters like a butterfly.

Critical mass needed. (4, Interesting)

Talonius (97106) | more than 10 years ago | (#10161950)

We have many major players rejecting this proposal in public. Is it enough for critical mass?

Sendmail has a plugin available which allows for Sender ID compliance. Which other GPL software will be modified by third parties? This is the joy of GPL software, of course, to maintain it separately from the core. This is also the Achilles' Heel. If Microsoft wanted to do so it could produce the necessary changes for all of these dissenting software packages itself -- and distribute them itself -- and achieve dominance through this method.

The official group declaration would mean little if the availability of the encumbered proposal is enormous and well known.

Most importantly, why wasn't this type of public condemnation available for the various W3C proposals that had patents attached? We cannot pick and choose the fights we engage in - our opposition to patents and intellectual property in standards must be uniform and universal. Once a single standard is accepted despite being weighed down by IP concerns the floodgates will open.

not possible for section 7 of the gpl (5, Informative)

Anonymous Coward | more than 10 years ago | (#10161983)

7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

Re:not possible for section 7 of the gpl (-1)

Donny Smith (567043) | more than 10 years ago | (#10162640)

Noone forces Debian to accept the license - they can just support it from the technical perspective.

A guy from sendmail consortium said he didn't see a reason why Sendmail should accept any license - they can just support it through milter.

Debian did it because Apache did it and Apache did it because they think they're smarter than Microsoft.

Not supporting something that _might_ cut down on spam for reasons they give is stupid.

Re: Critical mass needed. (1)

Spoing (152917) | more than 10 years ago | (#10162215)

Sendmail corporation...I'll get back to them in a moment.
  1. Sendmail has a plugin available which allows for Sender ID compliance. Which other GPL software will be modified by third parties? This is the joy of GPL software, of course, to maintain it separately from the core. This is also the Achilles' Heel. If Microsoft wanted to do so it could produce the necessary changes for all of these dissenting software packages itself -- and distribute them itself -- and achieve dominance through this method.

I'm not sure that Sendmail is licenced under the GPL. (I'm 80% against that being the case...can't verify it.)

As the Apache Foundation and Debian have pointed out, that would put a restriction above and beyond the current licence(s). Since the licences specifically deny that ability, Microsoft could be held liable and could be sued by the other copyright holders.

An exception: Any group that did hold copyright to the code could re-licence or dual licence it and add in the non-compliant parts to that branch or fork.

In the case of Sendmail -- I couldn't find the licence after a short bit of searching. 2 more minutes probably would have done it, though. I think it's similar to the BSD licence, so it is likely that the exception above doesn't even apply. If it's a GPL-style licence, they could be in violation -- depending on who owns the copyright to the code they ship commercially.

Re: Critical mass needed. (2, Informative)

farnz (625056) | more than 10 years ago | (#10162486)

Sendmail's licence [sendmail.org] is a hybrid between the GPL and the BSD licences. I think it lets you get away from the patent issue though (ask a lawyer to be certain).

Making software or distributing it (1)

leonmergen (807379) | more than 10 years ago | (#10161955)

Probably a somewhat stupid question, but doesn't Debian only distribute the software, and therefore doesn't really have anything to do with the Sender-ID and the possible patents it depends on ? Or is Debian plainly boycotting any program from distribution that uses Sender-ID ?

Re:Making software or distributing it (0)

Anonymous Coward | more than 10 years ago | (#10161984)

No importing a patented tech is a vioaltion of that tech'.

Plus MSFT should have a patent claim that covers software/media that contains the patented method.

"Claim X" 11: An article comprising:
a machine accessible medium having a plurality of machine accessible instructions, wherein when the instructions are executed, the instructions provide for:
[Insert MSFT's SenderID mehtod here]"

Article title is 'Soviet Russia' logic (3, Interesting)

The Monster (227884) | more than 10 years ago | (#10162542)

Or is Debian plainly boycotting
Debian isn't 'boycotting' anything. It didn't even really 'reject' anything. In classic 'Soviet Russia' fashion, the editors got it backwards. It should be more like
Debian Project (recognizes that) Sender-ID Rejects
it
Anyone who can read simple declaratory English sentences can see that the Sender-ID licence terms are incompatible with the GPL. Full stop. Go directly to Jail, do not collect $200. This parrot has ceased to be!

The only way that Debian could accept Sender-ID is to reject the GPL. At that point, having denied its own soul, it would cease to be 'Debian' by any meaningful definition - it would be ex-Debian.

How risky is this? (4, Interesting)

johannesg (664142) | more than 10 years ago | (#10161963)

I'm assuming Microsoft will soon enough have mail servers that support (or worse, require!) sender ID, and will advertize heavily with this as a supposed extra security feature that OS cannot or will not offer. What I'm wondering: is this in any way a threat to OS and the infrastructure of the web?

Re:How risky is this? (1)

penguinoid (724646) | more than 10 years ago | (#10162088)

Or, it might say "We are really committed to security! Fuck all the FOSS, they can't use our patent even if that would increase security and compatibility!"

Re:How risky is this? (1)

bythescruff (522831) | more than 10 years ago | (#10162393)

Well, let's see. Hands up everyone who wants to email anyone at Microsoft?

(tumbleweed rolls by...)

Re:How risky is this? (1)

johannesg (664142) | more than 10 years ago | (#10162478)

Well, let's see. Hands up everyone who wants to email anyone at Microsoft?

Now _that_ is just unfair. I have sent, by proxy, countless emails to Microsoft. Indeed, addresses such as billg@microsoft.com are among my favorites when I need to enter "my" email address in yet another stupid webform.

Statements but little analysis (4, Interesting)

SilentChris (452960) | more than 10 years ago | (#10161964)

I've read both statements and, while I agree they can do whatever they want with their software/distributions/etc., I've seen little analysis.

What makes Sender-ID so bad, in comparison to other technologies that both do support (say ASP and SMB). Is it because they reverse-engineered those and MS is trying to release this into the "open"? Are they waiting for a reverse-engineered version?

I know some about coding but little about law. What in particular about this license is causing so much trouble? Could MS change a few lines and it would be accepted?

Re:Statements but little analysis (1, Informative)

Anonymous Coward | more than 10 years ago | (#10161977)

it's patent-encumbered, which means that reverse-engineering won't help: regardless of the implementation, they would still need to abide to whatever ms is telling them.

Re:Statements but little analysis (1, Insightful)

Anonymous Coward | more than 10 years ago | (#10161993)

In the same way that you have to wait for MS to release a security patch for software, I would guess that the patent would mean that you would have to wait for MS to change the standard if a flaw is found

Solution : Go for SPF, the unencumbered version (2, Informative)

Anonymous Coward | more than 10 years ago | (#10161966)

A list of SPF-enabled registrars and DNS providers is at http://www.spf.idimo.com/ [idimo.com]

Concern for all (4, Interesting)

MikeMacK (788889) | more than 10 years ago | (#10161969)

We are also concerned that no company should be permitted intellectual property rights (IPR) over core Internet infrastructure.

This should be a concern for all, no matter how you feel about MS, or even if this was another company, like IBM, HP, etc. The standards which hold the Internet together cannot "belong" to one company.

Re:Concern for all (0)

Anonymous Coward | more than 10 years ago | (#10162049)

The standards which hold the Internet together cannot "belong" to one company.

In general I agree with you. In particular, they cannot belong to Microsoft! Microsoft has a long history of leveraging these kinds of tools to increase their market dominance. To think they could be trusted now with this kind of power is lunacy!

Re:Concern for all (1)

jdkane (588293) | more than 10 years ago | (#10162074)

I agree. I also believe Sender ID will never be officially adopted into the Internet standards because of its licensing and belonging to one company, however practically speaking wide-spread adoption of the technology is as good as a standard ... and Microsoft knows this ... and Microsoft stands in a good place to be able to do it. In fact Microsoft has become the defacto (although un-official) standard for a lot of things.

It's important that *nix-based platforms and OSS community continue to stick with open standards. Apache and Debian (and others who have already followed or will soon) are doing the right thing.

In the future will the Internet and standards end up being fully commercialized like almost everything else in the North American society (I can't speak for other countries)? Seeing all the patent acquisitions on software and many of the more foolish copyright infringement cases of late, it's really hard to tell. It's definitely an uphill battle, but there are a lot of good people to fight it. Let's hope support doesn't drop as the next generation takes over.

Re:Concern for all (1)

penguinoid (724646) | more than 10 years ago | (#10162120)

Tell me again why we would need a new law for this? Because I can tell you right now that they won't make a new law just for this. And just as well, because we don't need one:
1) Patents cannot be applied to existing internet standards, because of prior art
2) *We* are the ones who choose whether or not to accept a patent encumbored standard. Now go with Apache and Debian, and shout "We won't accept this!" for all to hear.

Re:Concern for all (1)

mindstrm (20013) | more than 10 years ago | (#10162219)

IF agnosticism is the scientific view.. then when I tell you there is an invisible flying magic pig that lives in my bedroom, only I am the only one who can see him....

You have to concede that there MIGHT be such a pig in my room, but you just don't know enough to decide either way?

The scientific view would be "there is absolutely no evidence that said invisible flying magic pig exists, therefore we assume it does not"

In the absence of any evidence, something isn't there.
Ergo, in the absence of evidence of a God, atheism would be more scientific.

"Until you prove to me otherwise, God does not exist"

Re:Concern for all (1)

penguinoid (724646) | more than 10 years ago | (#10162370)

I did not say that the scientific view was agnosticism, I said agnosticism and simplicity (also known as Occam's Razor). Draw your own conclusions.

Re:Concern for all (1)

agbinfo (186523) | more than 10 years ago | (#10162378)

Agreed on most of your post.
I would add also that the scientific view doesn't care much about simplicity.

On the other hand, it is not required to prove something for it to exist but that won't make me change my belief that god (or God) and flying pigs don't exist.

Re:Concern for all (1)

flibberdi (800264) | more than 10 years ago | (#10162613)

I am a little bit worried of the term "prove". To "prove" something we need to colloborate something with a "known fact". We assume that the "known fact" (may that be a mathematical expression or a common belief, based on our common concius) is "true", but where did we get this "true" fact from?? I could play a "childish" game where I ask you "how do you know that an apple is attracted to the earth?", you would tell me the laws of gravity, and I would ask "how do you know that the gravity propogate through the three dimensions?", you would tell me that Newton proved it with is mathematical findings of the force is the inverse of the distance in square, that this is in line with the sphere's area relative to the distance of the center (this is ofcourse not a proof in it self, it's just very likely that it's related). I would ask you how this was proved, and we would go on to findings of the "old greeks", and finally I would question the fact that 1+1 is alway 2. And you would tell me that this is silly, I would argue that sometimes it's not, sometimes 1+1 is 3. It just happens once every gazillionth year. And we would be back to square 1. Now, whats up with that flying pig?

By the way, I think I suffer from sleep depravation (the cats keeps me awake, my body is aking).

P.S I read somewhere that Boole "proved" that god exists...THAT would be fun to see.

The new MS Word "standard" (5, Insightful)

mariox19 (632969) | more than 10 years ago | (#10161972)

Everybody here is no doubt familiar with the "unofficial standard" that is Microsoft Word: meaning, they have been sent Word documents or asked to send documents in Word format as if everybody used Word. Microsoft has ensured that the clueless masses default to Word's format as an Internet standard (or as an example of "best practices" -- to use the latest buzzword).

You can find examples of this in business, education, and government.

It's possible that we're going to see e-mail "evolve" in the same way. Ninety percent of e-mail flying around the Internet will use the new Sender ID standard; those not using it will seem odd and likely be forced to use it more often than not in their various business dealings.

Re:The new MS Word "standard" (2, Interesting)

remin8 (791979) | more than 10 years ago | (#10161986)

What needs to happen is we need to develop an open Sender-ID format. Of course this would have to be different enough to sneak by the patent office but maybe we can sneak in interoperatability???

hurricane in florida (-1, Offtopic)

LinuxBeerMugs (730982) | more than 10 years ago | (#10161978)

whats going on with that hurricane down there? Looking at news.go ogle.com does not seem detailed enough. When will the internet be as informative as Tv. I was hoping it would happen already but the articles I see at the moment are crap.

Sender ID - hell, how about reverse dns? (5, Interesting)

cluge (114877) | more than 10 years ago | (#10161989)

It's sad, but it seems that taking sometimes the most primitive steps to help secure one's mail server is over the heads of mail administrators. Even worse, the amount of resistance to having an MTA have proper reverse is incredible.

A short time ago the company I worked for started refusing inbound connections from MTA's that didn't have proper reverse DNS. By proper reverse dns I mean as per RFC 1912 section 2.1 . While the word must isn't used in the RFC, the word should is used, and the RFC even states "For every IP address, there should be a matching PTR record in the in-addr.arpa domain........Failure to have matching PTR and A records can cause loss of Internet services similar to not being registered in the DNS at all."

Imagine when I had to explain what proper reverse DNS was to an MCI "internet engineer" (That was the title in his e-mail). Imagine my suprise at the number of complaints generated - and even greater suprise that people simply REFUSED to fix their problem. Instead, bowing to our own customer pressure, we stopped enforcing the checks. We again became part of the problem, instead of part of the solution.

We did this because we saw lots of spam that came from MTA's with no reverse. Even more telling we found lots of spam that used "spoofed" reverse dns. I.E. the reverse had a pointer to some host like mx4.hotmail.com, when no forward with that IP existed. This is most common from spammers coming out of eastern Europe, and some out of china. By refusing to accept mail from these we lowered the amount of delivered SPAM.

Supposedly, AOL, Road Runner, and AT&T require reverse dns. In actuality they don't. If the community is truly serious about fighting spam then they would follow their own policies, and they would help. If AOL and hotmail alone required valid everse DNS the rest of the world would follow suit in short order. By not enforceing their own published rules, very large providers are part of the problem, and their laziness continues to perpetuate the problem.

Considering their inability to enforce something as simple and as easy as rdns (RFC 1912 published 1996) I see no hope for caller ID, or SPF records. They all sound like great standards - but we can't even enforce the standards we have had for almost 10 years.

Debian is correct to reject the "caller-id" feature. Not for any copyright reason, but because it won't work in the current environment with so many lazy administrators, and the only adoption being the spammers themselves.

cluge

Re:Sender ID - hell, how about reverse dns? (1)

benjamindees (441808) | more than 10 years ago | (#10162092)

Are you just saying that the name returned by a reverse lookup should resolve to the correct ip address?

If so, how does this increase the trustworthiness of the server? You know that they could just reverse-map to mail.hotmail.com or some valid name instead. Would you then perform a lookup on mail.hotmail.com and check this against the original ip address or what? Besides spammers just being too lazy to add the necessary reverse entries, how does this identify rogue sites or help block them?

I'm not criticizing, just wondering.

Re:Sender ID - hell, how about reverse dns? (1)

farnz (625056) | more than 10 years ago | (#10162559)

As a simple test, aimed at making spoofing a little more awkward, my mail server does a reverse lookup on the IP of the connecting mail server, then does a forward lookup on that name; if the connecting IP does not match the IP looked up, a special header is inserted, which SpamAssassin uses to score the mail a little more strongly. No mail lost, but you cannot easily spoof someone else's domain (set your reverse lookup to mail.hotmail.com, and my server will increase your spam score).

Re:Sender ID - hell, how about reverse dns? (0)

Anonymous Coward | more than 10 years ago | (#10162126)

If AOL and hotmail alone required valid everse DNS the rest of the world would follow suit in short order.

Huh? I never receive email from either one. Is hotmail big? I would have thought Yahoo was many times bigger.

Re:Sender ID - hell, how about reverse dns? (0)

Anonymous Coward | more than 10 years ago | (#10162169)

Is this the first time you have used the internet?

Re:Sender ID - hell, how about reverse dns? (4, Informative)

Homology (639438) | more than 10 years ago | (#10162390)

If AOL and hotmail alone required valid everse DNS the rest of the world would follow suit in short order.

Not very likely, for this would break large part of the e-mail infrastructure. There are many virtual hosters whose reverse DNS does not match the domain they are hosting. Or in my case with static IP home DNS that does resolves to something, but my domain name. And I suppose we can say bye, bye to many backup MX servers as well.

What AOL sensibly require [aol.com] is :

  • If the sender's domain is the only domain sending mail from a specific IP address, we recommend that the reverse DNS entry (PTR Record) match the domain name (A Record), but we do not require it.
  • AOL does require that all connecting Mail Transfer Agents have established reverse DNS, regardless of whether it matches the domain.
  • Reverse DNS must be in the form of a fully-qualified domain name - reverse DNS containing in-addr.arpa are not acceptable, as these are merely placeholders for a valid PTR record. Reverse DNS consisting only of IP addresses are also not acceptable, as they do not correctly establish the relationship between domain and IP address.
  • /ul

Sun, RedHat, IBM's response? (5, Interesting)

p0 (740290) | more than 10 years ago | (#10161995)

It is very likely that Sun, IBM and RedHat will reject Sender-ID as well. Here is a very interesting read on News Forge [newsforge.com]

Re:Sun, RedHat, IBM's response? (2, Informative)

Zocalo (252965) | more than 10 years ago | (#10162274)

I was expecting your link to go the Newsforge story that leads to this article [moongroup.com] , but apparently not. Apparently Earthlink is refusing to adopt Sender-ID in its current state as well, and most interestingly it is doing so on the advice of its legal counsel. Given that the project leads of Exim and Postfix, but interestingly not Sendmail, have also adopted a similar stance I think Sender-ID is pretty much dead in the water at this point.

I have to admit, I'm in two minds about this. On the one hand it's long overdue for Microsoft to be seriously given the finger by a collective group that it is unlikely to be able to bully or "embrace and extend" around. On the other, Sender-ID does seem to be the most sophisticated of the sender validation technologies proposed to the MARID group at the IETF, it would be a shame to lose it to corporate greed if Microsoft doesn't resolve the patent issues soon.

IETF should get its head out of its ass (5, Insightful)

njdj (458173) | more than 10 years ago | (#10162016)

As the Debian statement says,
We are also concerned that no company should be permitted intellectual property rights (IPR) over core Internet infrastructure.

Seems obvious to me. Why isn't it obvious to the IETF?

Debian again: We believe the IETF needs to revamp its IPR policies to ensure that the core Internet infrastructure remain unencumbered.

Right on.

A company like Microsoft has no respect for the rights of others, no respect for ethics, no respect for the ideals of the people who built the Internet infrastructure for our benefit. I agree with Debian that no company should be permitted IP rights over core Internet infrastructure. But especially not a predatory company like Microsoft.

And for those of you wondering what it is... (4, Informative)

the pickle (261584) | more than 10 years ago | (#10162018)

Description of the Sender ID Framework [microsoft.com] from Microsoft.

It would be so much nicer if people writing/editing these stories would link to stuff that isn't blindingly obvious to everyone.

p

Your sig (1)

penguinoid (724646) | more than 10 years ago | (#10162194)

All "Redundant" mods will be meta-modded "Unfair" until the mods can prove they know what "redundant" means.

You mean,
All "Redundant" meta-modded "Un" 'til mods prove know what means.
It's still legible, and has less words! Less repetitive redundancy! :-P

good on them (3, Insightful)

auzy (680819) | more than 10 years ago | (#10162024)

They were right to reject it. The open source world often stands together in such issues, and the only end result that could happen is a truly free standard that will take on the world. Now that issues have been raised, it means every other distro will analyse it, and probably not include it either but help work on a "free" one, and the internet in reality runs off Unix, so we have a VERY good chance of getting a strongly supported standard out there.. Very few major mail servers run off Windows, hotmail is probably the only one I'd imagine.

Just one question, has there been any work on a open standard yet?

Re:good on them (0)

Anonymous Coward | more than 10 years ago | (#10162208)

Hotmail? Windows? When they bought out hotmail, didn't it have a Sun backend that they tried to convert to W2k or W2k3 a couple times with no success? It's pretty bad when you can't convert servers even when you own the OS.

Microsoft buying new ideas is like me sitting on the pot. It always ends up crappy.

In related news (-1, Flamebait)

RdsArts (667685) | more than 10 years ago | (#10162026)

The sky was discovered to be a blueish hue.

Sender-ID implementation and patent infringement (3, Funny)

cortana (588495) | more than 10 years ago | (#10162036)

Is there any way one can actualy find out what Sender ID _is_, without increasing one's exposure to patent infringement lawsuits?

A moment's pity for Microsoft, please (4, Insightful)

ites (600337) | more than 10 years ago | (#10162127)

Apart from the fact that Microsoft are an incredibly wealthy and successful company, they deserve a moment's silent respect for their utter failure to understand the way the IT market is evolving.

The attempt to inject patents into anti-SPAM tools is well-founded for a company that wants to find new business models, but it's incredibly offensive to the Internet community. Not just "nerds" and "fanatics" exposing some radical political viewpoint, but the hundreds of thousands of hard-working people who actually built the servers that run the web.

Technology gets ever cheaper and this inevitably destroys old markets. For the world's largest software company to _still_ earn the bulk of its money from operating systems and office suites is quite amazing. These are commodity products and only sell through brute-force tactics that are eventually self-defeating.

Microsoft should step back from trying to control essential domains such as email, and focus on what they are really good at: providing the unwashed masses with easy-to-use, pretty front-ends. It's a market with huge potential but its success depends on a reliable and expanding back-end infrastructure, exactly the domain that Microsoft is incapable of delivering.

A message to Microsoft: please understand that open source is the key to your long term survival. Embrace it, or die. Open source is the cornucopia of software technology: it will create a hundred million new software consumers, and most of these will be potential new clients.

Just produce software they actually want, not software they are forced into buying by your devious political games.

When the Internet first became popular, Bill Gates announced that the Microsoft Network would be better. He was wrong, and after a couple of years, forced Microsoft to embrace the net rather than fight it.

The same is true of open source. It's only a conflict because Microsoft is refusing to face the inevitability of the situation.

A moment's pity, therefore. They may be rich. That does not make them either smart, or right.

Re:A moment's pity for Microsoft, please (2, Funny)

Tim Browse (9263) | more than 10 years ago | (#10162610)

A message to Microsoft: please understand that open source is the key to your long term survival. Embrace it, or die. Open source is the cornucopia of software technology: it will create a hundred million new software consumers, and most of these will be potential new clients.

I'm sure Bill and Steve paused in their reading of slashdot to make a note of your message.

Mozilla? (2, Insightful)

sbaker (47485) | more than 10 years ago | (#10162160)

The big push here needs to be for Mozilla to refuse to support it.

We heard here yesterday that Mozilla has a far bigger market share than Debian does - and Mozilla actually does read mail and reject spam. So their refusal to participate in a Microsoft takeover of the world wide email system would have some real meaning.

It's good that Apache came out against it...what about 'sendmail'?

There also needs to be some promotion of a good alternative that's not IP-encumbered and which would hopefully have technical merits too...it's easy to refuse to support a proposed standard - but it's better to have a good reason to recommend a solid alternative.

Re:Mozilla? (0)

Anonymous Coward | more than 10 years ago | (#10162206)

SPAM isn't a difficult problem to solve. Could it be people aren't really serious about solving it despite all the noise. The owner of the company I work for (>300 staff) would rather receive the SPAM than spend a penny trying to prevent it.

Re:Mozilla? (0)

Anonymous Coward | more than 10 years ago | (#10162641)

holy FUCK an you people please stop capitalizing the word SPAM please?

Re:Mozilla? (1)

Chandon Seldon (43083) | more than 10 years ago | (#10162449)

I'd have to bet that Debian's market share in the mail server arena is greater than Mozilla's.

what took so long, i wonder (1)

l3v1 (787564) | more than 10 years ago | (#10162195)

I was waiting for such a statement from the Debian project (it being my favouritve flavour for many years now and following what's happening) since the Apache statement.

This is the correct way to go (and this is not just the opensource guy in me speaking, but also the IT subconcious).

Go Debian.

they said also... (1)

MohammedSameer (810593) | more than 10 years ago | (#10162241)

That this is against the Debian FreeSoftware Guidelines, And that the core internet technologies should Not be controlled by a comp. Or A comp. can have a patent on them.
I think the current sitution is not good, What I'm afraid of is that it might be wide spreaded all of a sudden, Though I doubt it, As apache is the leade when it comes to webservers. Or am I wrong ?

Re:they said also... (1)

doctormetal (62102) | more than 10 years ago | (#10162484)

I think the current sitution is not good, What I'm afraid of is that it might be wide spreaded all of a sudden, Though I doubt it, As apache is the leade when it comes to webservers. Or am I wrong ?

Webservers? It's all about email servers and has nothing to do with webservers.

go!At (-1, Troll)

Anonymous Coward | more than 10 years ago | (#10162246)

Truth, forM all kill myself like

Re:go!At (0)

Anonymous Coward | more than 10 years ago | (#10162602)

This just goes to prove that all those stories about terrorists posting encrypted messages on websites aren't all bunk...

I fed this message into the Bat-Super-Computer in my top-secret underground lair, and I now present the unencrypted version:

"Truth is, I'd kill for a mall like this!"

It appears that the message is from Osama Bin Laden himself, though it is unclear which mall he was talking about. We are recommending that people set their homeland security wall chart to off-mauve (or "Moderate") risk of terrorist attack, and shop at the downmarket mall on the other side of town where all the gangsters hang out, until further notice.

This message brought to you by the Dept. of Homeland Hysteria, and the letters G, W, and B.

I don't get it... (1)

jafiwam (310805) | more than 10 years ago | (#10162297)

Even being familiar with DNS, SPF, Spam Filters of all kinds I don't get what's different about Microsoft's plan and the general SPF plan.

Someone want to clear that up?

That article Microsoft has is just SPF with a different name on it as far as I can tell.

(Or did they invent SPF in the first place...)

Re:I don't get it... (2, Informative)

WoodstockJeff (568111) | more than 10 years ago | (#10162334)

Sender ID adds checking of the header FROM field to SPF. SPF just checks the domains mentioned in the SMTP protocol exchange (HELO/EHLO, MAIL FROM), while Sender/Caller ID check the optional FROM header found in the DATA portion.

Re:I don't get it... (1)

cortana (588495) | more than 10 years ago | (#10162566)

For this they went to the Patent Office? Hezeus, the US patent system gets more fucked up every day!

Missing from the rejection notices... (3, Interesting)

WoodstockJeff (568111) | more than 10 years ago | (#10162314)

... is whether or not any of the projects are going to implement the unemcumbered SPF portion [pobox.com] of Sender ID, or if they're throwing that out with Microsoft's enhancements.

You can implement handling the setup of the DNS TXT records without touching anything Microsoft claims ownership of. You can implement the checking of the HELO/EHLO and MAIL FROM via SPF with no patent concerns. Will Apache, Debian, et al dismiss this, simply because the most popular implementations of SPF also support checking the header FROM field, which is supposedly Microsoft's idea?

Re:Missing from the rejection notices... (1)

Zocalo (252965) | more than 10 years ago | (#10162384)

It doesn't take much digging to find out. The ASF is still supporting Meng Wong's "Classic SPF" via a plugin in SpamAssassin, I'd assume something similar will apply to JAMES. I don't see any licensing concerns that would stop Debian and the rest adopting a similar stance. Also, since Classic SPF is appears to be gaining momentum [infinitepenguins.net] at a considerable rate, even if it is most by spammers, it would be sensible to discard all that effort in the official standard.

Re:Missing from the rejection notices... (1)

Zocalo (252965) | more than 10 years ago | (#10162396)

Gah! I meant "not to discard" of course...

Would you like some fries with that elitism? (0)

Anonymous Coward | more than 10 years ago | (#10162315)

So? Sender-Id was bad but so what? If you reject something you got to come up with an alternative.

I know there is such but unless if Groupwise/Notes and other premium commercial products start supporting the stuff, it doesn't matter.

If you really think that something that Debian project actually does matters, lol.. You are deceiving yourself. It's just one niche project that most of the people never have even heard of.

MS's stance goes clear to the top on this (5, Informative)

optimus2861 (760680) | more than 10 years ago | (#10162416)

Browsing the mailing list, I came across this [imc.org] message from Matt Sergeant of MessageLabs, about a conversation he had with Craig Spietzle of MS. Notable excerpt:

I pressed him: "Will you fix the license?". I never really got a confirmed yes or no, but my feeling was "no" when we ended the conversation. I suggested that they give their IP to the IETF (such as I believe there is precedence of - I know that IBM has committed patents to the public domain before in a similar act of openness), to which I was told that Craig believed this was a reasonable idea, but that
Bill Gates himself had vetoed that idea because of the current focus on patent gathering and IPR issues at Microsoft.

(emphasis added)

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?