It could get a little ugly out there in the anti-spam world and, as is so often the case, the uglifier of record is Microsoft which on Thursday announced that it would start "enforcing" the use of its Sender ID sender authentication protocol for senders of e-mail messages to Hotmail and MSN Mail systems. In a less avaricious world, that might be a good thing, but last year Microsoft made its desire to co-opt sender authentication by enforcing a patent it has on a part of the way DNS records have to be modified to comply with the protocol. The logical next step is for Microsoft to charge for its use.
A tip of the hat goes to messaging systems analyst David Ferris for predicting exactly this strategy from Microsoft (see Ferris Urges Sender ID Implementation) late last year. My own response at the time was that Microsoft was not necessarily being a very good citizen (see . . . The Rest Of You Can Go Code Up That Sender ID Stuff) because it was defying the wishes of most players in the e-mail security business and going its own way, something it has not historically been shy about doing.
I had previously pondered the poor performance of Sender ID's prospects for acceptance (see I Just Don't Get It ), and concluded that the breakup of the IETF's MARID anti-spam task force was fatal to not only Sender ID. I thought it was possibly fatal to sender authentication altogether, and that it was all Microsoft's fault because of its insistence on the patent inclusion. I urged the IETF to re-form an anti-spam working group and make another attempt to address the problem.
It didn't, and so Microsoft has. I really can't blame them for pushing ahead regardless of the acceptance issues that remain for Sender ID. It is a standard, it can work, but to be really effective and widely used, Sender ID should not require a patent license if we're to remain the Internet community, and not become some additional fiefdom in Microsoft's empire.
I'd get on board with this Sender ID strategy if Microsoft would either back off on the patent issue, or would issue some sort of legal writ that forever absolves anyone using Sender ID from having to pay for the license. That might calm things down enough to get a sender authentication protocol in place. And if it would not make things pretty, at least it would keep them from becoming ugly.