Software Architect & Consultant
Joined on September 1, 2004
Total Post Views: 235,327
About |
Yakov Shafranovich is a co-founder and software architect with SolidMatrix Technologies, Inc., a software development and consulting company targeting the service industry. He is actively involved with the design and development of large-scale applications utilizing XML and other Internet standards. Mr. Shafranovich is active in the Internet community as an individual member of the New York chapter of the Internet Society (ISOC-NY) and a member of the IETF. He served as a co-chair of the Anti-Spam Research Group (ASRG) of the Internet Research Task Force (IRTF) from August 2003 until May 2004.
Except where otherwise noted, all postings by Yakov Shafranovich on CircleID are licensed under a Creative Commons License.
A few months ago, Ted Hardie (AD of Applications for the IETF) informed the MARID WG in the closure announcement as follows: "Given the importance of the world-wide email and DNS systems, it is critical that IETF-sponsored experimental proposals likely to see broad deployment contain no mechanisms that would have deleterious effects on the overall system. The Area Directors intend, therefore, to request that the experimental proposals be reviewed by a focused technology directorate..." more
As the year comes to a close, it is important to reflect on what has been one of the major actions in the anti-spam arena this year: the quest for email authentication. With email often called the "killer app" of the Internet, it is important to reflect on any major changes proposed, or implemented that can affect that basic tool that many of us have become to rely on in our daily lives. And, while many of the debates involved myriads of specialized mailing lists, standards organizations, conferences and even some government agencies, it is important for the free and open source software (FOSS) community as well as the Internet community at large, to analyze and learn lessons from the events surrounding email authentication in 2004. more
Slashdot recently ran a story about the upcoming changes to the ICANN rules governing domain transfers between registrars. A blog entry at Netcraft referenced by the story stated that: "...domain transfer requests will be automatically approved in five days unless they are explicitly denied by the account owner. This is a change from current procedure, in which a domain's ownership and nameservers remain unchanged if there is no response to a transfer request. This could mean trouble for domain owners who don't closely manage their records..." more
With the closure of IETF's MARID group a month ago, many of us have left Microsoft's Sender-ID standard for the dead. After being rejected by the Apache Foundation and the Debian Project over licensing issues, and causing the closure of MARID for some of the same issues (in addition to already long running technical ones), some thought that Microsoft may have just buried it and gone on to better things like IETF's new MAILSIG group (in formation). But just like the ghost of Hamlet's father it just refuses to die and now it looks like it is coming back to life in a new reincarnation... more
As long suspected by some, the IETF is going to be closing up the Mail Transfer Agent Authentication in DNS (MARID) Working Group according to today's post by Ted Hardie, co-AD for Applications. Larry Seltzer of eWeek was right on target about this: "The rest of the SID standards process will now be a waste of time thanks to Microsoft, and the other participants will afterwards pick up the pieces and get the job done with another spec." more
While several news stories are reporting that Sender-ID has been killed, that is not entirely true. While Sender-ID in its current form is dead because of Purported Responsible Address (PRA), the compromise version with MAILFROM and PRA scopes is not. Also, the co-chairs want to stay away from any other alternative algorithms that do RFC2822 checking because of possible Intellectual Property Rights (IPR) claims by Microsoft on that as well. Andrew Newton, one of two co-chairs of the working group, wrote in an email today to the group's discussion forum... more
While everything seemed fine and various participants in these discussions were celebrating the merger of these proposals into one, as well as the support of Microsoft in this endeavor, there was an elephant in the room so to speak, and a rather large one at that. When the original Caller-ID proposal was published, a patent license came along with it. Microsoft indicated that they were planning on filing patents on Caller-ID or some of its aspects, and offered a royalty-free license for the use of their intellectual property. There was some talk about the incompatibility of the license with open source software, including comments from Eben Moglen of FSF and Richard Stallman, but Microsoft employees assured the MARID WG that the licensing issue would be resolved in time for the San Diego meeting. Except that it wasn't. more
A long long time ago when the Internet was still young and most people were still using clunky Apples, PCs and mainframes; two documents were published by the Advanced Research Projects Agency (ARPA), part of the US Government's Department of Defense. They were called "RFC 821 - Simple Mail Transfer Protocol" and "RFC 822 - Standard for the format of ARPA Internet text messages" respectively. Written by the John Postel and Dave Crocker respectively, often referred to as some of the founding fathers of the Internet, they defined a simple text-based email system for the use of the fledging network then called the "ARPA Internet"... more