IP Battle Lines Drawn in Spam Wars
|Main||Elsewhere||The Week in CrossNodes||The Week in Network News|
Once more with feeling.
We've made our interest in Sender ID for E-Mail no secret, from pointing out its potential value to upbraiding Microsoft for playing patent games with it. Elsewhere, we've addressed why the standard needs to be as unencumbered as possible.
The Apache Software Foundation, best know for its Apache Web server (define) but also the host to a variety of software projects, weighed in this week on the matter of Sender ID for E-Mail, and why no Apache Foundation project will utilize the technology:
"We believe the current license is generally incompatible with open source, contrary to the practice of open Internet standards, and specifically incompatible with the Apache License 2.0. Therefore, we will not implement or deploy Sender ID under the current license terms."
Microsoft's rebuttal? "... our intentions are 100 percent pure."
Unfortunately, that won't cut a lot of mustard with developers working under the ASF's umbrella, including the developers with the SpamAssassin project, which is currently featured in our series on building a Linux-based anti-spam/anti-virus gateway (see parts one and two).
The good news is that the non-Microsoft part of the specification features no patent encumbrances, and it's still fairly useful on its own. Microsoft's contribution isn't mandatory.
We have one other comment on the SPF matter before leaving it to our upcoming series on deploying and using it under Windows and Linux:
Recent reports have noted that spammers are eagerly setting up SPF records for their domains at a rate exceeding that of even legitimate domains. This is occasionally taken as some sign that Sender ID/SPF are somehow dead out of the gate.
It's important to remember, as with any technology, that no one in their right mind would claim Sender ID will "solve" the spam problem. What it does do is create a layer through which all mail must pass. If a known spammer is making a pest of himself, then proof that he's sending from a given domain makes filtering that domain a beneficial and useful step in screening him. If he moves to an unregistered domain, tools like SpamAssassin and others can be taught to weight the "credibility" of such a domain when assessing whether a given message is spam or not. When you're building the better mousetrap, you need more than just the piece of wood, the cheese, or the big spring: You need all the pieces working together.
SenderID is one of those pieces.
Now if only we could work out the whole patent problem.
» The MIT team behind the Kerberos network authentication protocol has announced a pair of vulnerabilities that could render systems using the protocol vulnerable to remote denial of service attacks.
» Scientists report they've set a new Internet2 land speed record by transferring 859 gigabytes of data in less than 17 minutes: a rate of 6.63 gigabits per second. Next up: overcoming the limitations on trans-oceanic transfers.
» You might have been happy with your storage situation up to now, but Gartner says regulatory requirements are probably going to have you buying more soon.
» "The Wi-Fi Alliance , the non-profit industry consortium that tests and certifies wireless LAN products for interoperability, announced this week the first round of products certified to support WPA2 (define)."
Building an Anti-Virus/Anti-Spam Gateway (Part 2): With ClamAV, your Linux-based secure mail gateway can feed on viruses before they get to your users. Here's how to do it quickly and easily, and without looking like a bozo to the rest of the 'net.
SIP promises improved VoIP, two-way video, and chat. Is the world ready for it?
Network News Break is CrossNodes' weekly summary of networking news and opinion. Please send your comments and suggestions to the editor.