News 

The problem is that Microsoft is itself part of this same group, under the auspices of the Internet Engineering Task Force (IETF), and is very keen to have its patent-applied-for Caller ID code, which also comes with a 'free' licence, accepted as part of Sender ID. If successful, Sender ID will be ratified as an Internet standard. As such it would be a security measure adopted by all mail servers in the future.

However, a number of Open Source software companies - notably Apache and Debian - have said that they will not use the Microsoft code because its terms of use and patent risks are incompatible with the licences with which they distribute their software. And a vote on Friday to conclude discussions on the framework of the proposals foundered over what the patent covered and what alternatives could be used.

Co-chair of the group Andrew Newton wrote in a mailing list on Friday that the group 'should not undertake work on alternate algorithms reasonably thought to be covered by the patent application. We do feel that future changes regarding the patent claim or its associated license could significantly change the consensus of the working group, and at such a time it would be appropriate to consider new work of this type.'

However,

ADVERTISEMENT

a later message to the list from Newton said that this does not mean Microsoft's technology has been dropped from Sender ID. Rather the group is to include Microsoft's controversial PRA (Purported Responsible Address) technology, which checks the most recent address from which a mail was sent, and an alternative that doesn't appear to be encumbered by intellectual property claims: 'mailfrom' - which checks where the mail originally came from.

This way, developers that don't agree with or are unable to offer the PRA option in the software they build, can adopt the alternative without having to worry about patent infringements or licence breaches.

But other members of the group still aren't satisfied with the continued use of PRA. 'I think continuing with the PRA is a very poor use of this working group's time,' said one. 'If I didn't know better, I would say that this is an attempt to force acceptance of something that would otherwise be quickly rejected,' said another.

However, the co-chairs of the group are adamant that attempting to work on other alternatives will prove fruitless until the scope of Microsoft's patent is revealed.

But the mailing list contributors are equally unhappy about this. According to one, implementing the 'mailfrom' alternative would require another alternative - the 'helo' domain record - to be used in the Sender Policy Framework (SPF) specification, in any case.

And others suggest that just as Microsoft said they were clear to use the 'mailfrom' checks, it seems an overkill to prohibit investigating alternatives that Microsoft may also approve of, when all one needed to do was ask.

Microsoft, for its part, has said it would continue to develop its Caller ID technology and that its email software would use both PRA and SPF records but would only check for PRA.