Debian Joins Apache in Rejecting Sender ID

Following the lead of the Apache Software Foundation, the Debian Linux group has announced it will not deploy the Sender ID antispam standard due to licensing concerns.

The Debian project issued a statement on Saturday, noting that the group abides by a social contract to its users that specified all software included in the operating system will be free software. This means it can be freely distributed, modified and used as defined under the group’s Debian Free Software Guidelines (DFSG).

The current Microsoft royalty-free Sender ID patent license agreement terms are a barrier to any Debian package used to implement Sender ID or to include Sender ID support, according to the Debian project.

Firm Stance

With its Sender ID license, Microsoft has noted that the technology can be distributed under an open-source license, under the condition that the source code contain a statement identifying Microsoft as a partial holder of its intellectual property.

Microsoft developed Sender ID in an effort to help companies identify and filter spam. Specifically, it focuses on domain spoofing, a strategy designed to stop the spammer technique of faking a sender’s e-mail address by verifying that each e-mail originates from its proper domain.

The Debian group noted that the current license and “resulting encumbrances” are incompatible with the DFSG, unlike other Internet standards that Debian is able to support.

“It’s important to visibly state that a large free software project cannot implement a technology based on patented technology,” Debian spokesperson Joey Schulze told LinuxInsider.

He added that, until now, the Internet and its standards were built upon free and open technology without patents or licensing issues.

“We all know the benefit,” he said. “We have a working Internet, built by various vendors and organizations that abide by these standards.”

Apache Influence

The Debian project specifically noted in its statement that it thanks the Apache Software Foundation for issuing its position, and that Debian used that position as a starting point.

Apache announced on Thursday that it would not support Sender ID because of its licensing. The foundation’s general counsel, Larry Rosen, told LinuxInsider that the group was trying to negotiate with Microsoft, but until the company comes up with more favorable terms, it will continue to reject the standard.

Although it gave this nod to Apache, Debian’s project statement included: “[W]e have arrived at our determination independently.”

The two positions have much in common. Both groups have called for better examination of intellectual property rights involved in Sender ID, and less movement toward weaving proprietary technology licenses into open-source standards.

“Free and open standards ensure that they can be implemented by any vendor or organization,” said Schulze. “Patents and licenses always bear a risk for vendors and users.”

Microsoft Rebuttal

Although Microsoft has predominantly kept quiet on the current Sender ID tussle, a spokesperson for the company told LinuxInsider that there are many companies that have voiced support for the Sender ID license offered by Microsoft.

According to Microsoft, companies on its side are AOL, Cloudmark, IronPort, VeriSign, Bell Canada and the 54 member Email Service Provider Coalition.

“There’s broad support for Sender ID technology,” said Microsoft’s spokesperson. “We encourage others to support and implement this technology so that together we can do more to tackle spam.”

More Fights Ahead?

With Apache and Debian’s rejection of Sender ID, it seems that many groups will find themselves in a position where a decision must be made.

Microsoft has named its early supporters, and Debian has as well, citing Apache, the Free Software Foundation, Postfix, Exim and Courier.

Schulze noted that he expects other groups also will announce they will not implement or use Sender ID because of licensing issues. He said that since this Internet Engineering Task Force standard should be pushed through soon, the timing of Debian’s and Apache’s statements was vital.

“It was important to release such a statement in time, before it gets ratified and released,” he said.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories

LinuxInsider Channels