Home / Blogs

MARID is Dead

As long suspected by some, the IETF is going to be closing up the Mail Transfer Agent Authentication in DNS (MARID) Working Group according to today's post by Ted Hardie, co-AD for Applications. Larry Seltzer of eWeek was right on target about this:

The rest of the SID standards process will now be a waste of time thanks to Microsoft, and the other participants will afterwards pick up the pieces and get the job done with another spec.

Apparently the IETF felt even stronger than that and decided to close up the group altogether. Beside the IPR issues that Larry Seltzer mentions, the technical issues that have been bubbling since the arguments in the ASRG have resurfaced. The IPR issues also made things worse in a way by distracting participants from focusing on technical issues which is one of the things Ted mentions:

These assessments have been difficult in part because they have been moved out of the realm of pure engineering by the need to evaluate IPR and licensing related to at least one proposal in the light of a variety of licenses associated with the deployed base of MTAs.

There are already calls for moving this into a "better" standards organization such as OASIS, especially by Phil Hallam-Baker of Verisign who is not a big fan of the IETF:

Before MARID my preference was to work on the specs in OASIS which is a much more professional outfit than the IETF and actually has a track record of succeeding with short timescale proposals. We don't need a big imprimatur here, just some group that has an ISO accreditation of some form.

Of course none of the other standards organizations have the same "open to anyone" membership policy as the IETF does and if anything comes out of the other organizations, it is likely to be something done by big firms only, not to mention possible IPR. The FOSS world will probably fight that standard and continue going with SPF, and so we might end up fighting these for a while. The big thing that Phil is missing is that the IETF is not the problem here - the market is. As Paul Vixie, and many others have pointed out before, several competing proposals will be out for a while and it is better to let the market sort it out. It was too premature to send this over for standardization. I have to hand it to the IETF to be able to make the hard decision to close the group instead of letting it linger on life support - that decision is not easy to make, and it probably took some guts going against some traditions. This proves that the IETF is becoming more agile and responsive.

In a way I feel bad since this was one standard that came out of the ASRG during the time that I co-chaired it that would have went somewhere. But as the old Yiddish saying goes: "Man plans, G-d laughs".

P.S. As a feeling of deja vu, while I co-chaired the ASRG we tried unsuccessfully to merge DMP, RMX and SPF in the RMX and SMTP-VERIFY subgroups. Both efforts have failed for similar reasons that MARID did minus the IPR (although it played some role).

By Yakov Shafranovich, Software Architect & Consultant
Follow CircleID on
Related topics: DNS, Spam
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

Re: MARID is Dead Frank Hellmann  –  Oct 28, 2004 5:06 PM PDT

It takes 2 to tango! ALOAHA promotes SPF and Sender ID as complementary technologies!

ALOAHA SPAM Rejecter is the first recognized Windows based AntiSPAM Solution which makes SPF and Sender ID available as freeware for all windows based Servers such as Microsoft Exchange, Lotus Notes, iMail and others.

ALOAHA, a Madrid, SPAIN-based email protection organization, has begun shipping free versions of SPF (Sender Policy Framework) and Sender ID as well as a POP3 Connector as part of its larger AntiSPAM Framework which is able to protect basically all Windows based Mailserver.

I applaud Aloaha for releasing a solution which supports both SPF and Sender ID.  Sender authentication promises to be a major advance in the war on spam, and Aloaha's timely support for these emerging standards leverages the existing base of hundreds of thousands of existing records to offer better spam protection for their customers, said Meng Weng Wong, CTO and Founder of Pobox.com and author of SPF

To get the freeware modules, companies must download the free, 30-day trial version of Aloaha. However, modules like SPF and RBL Lists will continue to be fully operational for free even if no licenses are being purchased after 30 days.

ALOAHA and its Modules work on every Windows based Mailserver such as Microsoft Exchange, Lotus Notes and iMail. Due to its innovative transparent proxy design Aloaha rejects SPAM before it reaches the SMTP Server. Optional the customer can also opt to use it as a SINK Plug-in in Microsoft Exchange or Internet Information Server. According to Aloaha CEO Frank Hellmann, Aloaha includes a number of anti-spam features in addition to the SPF and other DNS based modules. For example, incoming emails are checked against Active Directory or other Databases to verify if the recipient exists in the organization. Aloaha brings along also other innovative technologies like relaxed greylisting to the Mailserver.

"With thousands of downloads we will contribute our share to help to stop the global SPAM Problem" Hellmann said. "Of course we hope that some of these downloads actually will become paid installations" he added later.

Contact Information:
Frank Hellmann
Aloaha
email:

To post comments, please login or create an account.

Related

Topics

New TLDs

Sponsored byAfilias

Cybersecurity

Sponsored byVerisign

DNS Security

Sponsored byAfilias

Domain Names

Sponsored byVerisign

IP Addressing

Sponsored byAvenue4 LLC