Home / Blogs

The Rumors of Sender ID's Demise Are Exaggerated

While several news stories are reporting that Sender-ID has been killed, that is not entirely true. While Sender-ID in its current form is dead because of Purported Responsible Address (PRA), the compromise version with MAILFROM and PRA scopes is not. Also, the co-chairs want to stay away from any other alternative algorithms that do RFC2822 checking because of possible Intellectual Property Rights (IPR) claims by Microsoft on that as well.

Andrew Newton, one of two co-chairs of the working group, wrote in an email today to the group's discussion forum:

"Due to the fact that we released statements in two separate messages, there seems to be some confusion on how we intend this working group to proceed on Sender ID.

First, the PRA document is not being dropped. Instead, we are proceeding with a document set that includes a non-encumbered (as far as we know) scope, "mailfrom", in addition to the "pra" scope. As we stated before, the objection to PRA is based on questions of deployment caused by incompatibilities with open source licenses. However, there were also a significant number for responses from participants stating that they had no such deployment issues.

Second, it does not make sense to discuss alternatives to PRA if those alternatives may be reasonably inferred to be covered by the patent application (though not necessarily the license) since this working group does not wish to discount Microsoft's patent application. And since we do not know the specific claims of the patent application, construction of such an alternative would need to take into account a few things we do know:

1. The patent application covers at least -core and -pra in combination. There is no reason to think that Microsoft's application is limited to the technology in these two drafts.

2. It does not cover MAIL FROM because this question has been specifically asked of Microsoft.

3. The algorithm in -pra has changed through multiple revisions of the draft(s). This would seem to at least exclude any scopes that use 2822 headers to identify the party most recently responsible for injecting the message.

We hope to have a schedule as soon as possible."

For a good explanation of the IPR issue, read Andrew Newton's follow up posts below:


By Yakov Shafranovich, Software Architect & Consultant. More blog posts from Yakov Shafranovich can also be read here.

Related topics: Email, Spam

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

End-to-End Email Encryption - This Time For Sure?

Coordinating Attack Response at Internet Scale

Who Is Sending Email As Your Company?

When DNSBLs Go Bad

Email Vendors: Time to Build in DMARC

Related News


Industry Updates – Sponsored Posts

Non-English "IDN Email" Addresses Are Finally Working!

A Look Inside Dyn's 1.2 Billion Monthly Email Delivery Statistics

Dyn to Host Email Analytics Webinar With Ongage

Dyn Adds Claudia Santoro, Dave Connors and Andrew Sullivan to Technical Team

Dyn Receives $38M Investment from North Bridge

Nominum Launches Comprehensive Suite of DNS-Based Security Solutions for Russian Service Providers

Nominum Sets New Record for Network Speed and Efficiency

DNS on Defense, DNS on Offense

Managing Outbound Spam: A New DNS-based Approach For Stopping Abuse (Webinar)

MarkMonitor Fraud Intelligence Report, Q4 2011

MarkMonitor Fraud Intelligence Report Released for Q2 2011

Dyn Releases New Powerhouse in Enterprise Class Email Delivery

The Botnet-Counterfeit Drugs Connection

Global Company Leads the Pack as One of the First Microsoft Partners to Offer Exchange 2010

Dyn Inc. Acquires Email Delivery Provider SendLabs

Afilias and .JO Registry Bring Native Language E-mail to Arabic Internet Users

New Monthly Fraud Intelligence Report Now Available

MarkMonitor to Highlight Importance of Cross-Functional Approach to Brand Protection

Preventing Your DNS Account from Being Hacked

Paid Search Ads Can Lead to Fake Goods

Sponsored Topics


DNS Security

Sponsored by


Sponsored by


Sponsored by
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines