CircleID

This whole debate is silly. There will never be a universal standard for e-mail authorship verification, no matter what IETF MARID or Microsoft do. Let a thousand flowers bloom. SPF works. Jim Miller's MAIL-FROM (which I documented here) works. Domain holders can put in metadata for all the verification styles they consider relevant, and mailserver administrators can look up the ones they consider relevant. Let's stop debating this and start implementing it. We're bogging down on questions of IPR and authorship when the fact is that a single standard isn't necessary (or possible). It's clear that IETF just can't settle this kind of controversy—but we all know that market forces can.

As suspected, Microsoft's Harry Katz confirmed that the PRA algorithm itself is what the IPR claims are on. The rest of Sender-ID is unencumbered by IPR claims.

Looks like Sender-ID has been basically killed in its current form according to a post from MARID chairs. More coverage at InternetNews.com and GrokLaw.

As Paul Vixie points out, the world gets very difficult when IETF, a body of engineers, is called on to make decisions on intellectual property rights issues.

But that doesn't quite support the "let a thousand flowers bloom" argument for me. The thousand flowers that already exist in the area of email standards, conflicting algorithms in spam filtering services, blacklists, whitelists, grey lists, and varying authentication systems has resulted in a garden full of weeds which is choking a lot of legitimate email.

I've used the MARID exercise in a case study in my Internet Analysis Report 2004. (see www.internetmark2.org for details). It's instructive in terms of the difficulties we face when IETF has to make policy decisions which are essentially non-technical.