Note: Nilesh's weblog is accessible to all versions of every browser. However, this browser may not support basic Web standards, preventing the display of our site's design details. We support the mission of the Web Standards Project in the campaign encouraging Internet users to upgrade their browsers. (Read More)

Nilesh's Weblog

«« ISACA Mumbai Conference | Main | Down South »»

PRA - Purposefully Regressive Algorithm

September 16, 2004 06:08 PM


Microsoft is again doing what it is best at - impeding progress of open Internet standards. The IETF has rejected Microsoft's draft proposal for the SenderID Framework (something to do with anti-spam) because of the patent issues surrounding the PRA algorithm. But does that affect Microsoft's efforts to push forth their agenda? No, not even the Internet's premier body can do that.

Microsoft had released the algorithm under a "non-transferable & non-sublicensable" license which locks out open source implementations of the algorithms since they now cannot sub-license their implementations under the GPL/Apache/BSD licenses. This affects about 60% of the mail relay servers on the Internet! And what do Microsoft have to say on this? "We don't care". If you check the link, the second para tells you all -

…it does not make sense to discuss alternatives to PRA if those alternatives may be reasonably inferred to be covered by the patent application (though not necessarily the license) since this working group does not wish to discount Microsoft's patent application…

Don't forget to read the whole thread. So finally, Microsoft will go ahead with PRA's incorporation and will not use the other alternative MAILFROM method for checking incoming mails. Another quote from the above link -

While Microsoft plans to incorporate both mailfrom and PRA checking information in the records it maintains, it has no plans to use mailfrom to check incoming e-mails, saying PRA is the superior technology.

Pretty roguish attitude!

So what is the SenderID Framework?
The SenderID Framework is a method to authenticate whether a mail server sending mail for say, yahoo.com is indeed yahoo.com server. This is verified by asking the DNS servers of yahoo.com on who are its mail servers and comparing the returned information with the connecting server. If the IP address is listed in the DNS information, the mail is accepted. Now there are two proposals on how this can be implemented. One is SPF and the other is well, PRA. SPF has been freely available for quite sometime, but not PRA.

So does the SenderID Framework kill all spam? The answer has always been NO. Authentication Is Not an Anti-Spam System. Some more links - one, two.



Comments

1 comment has been added. Add your comments.

1. casey said...

first time here. you've got a really nice site going here, i'm quite jealous.

on Sep 20, 07:09 AM | link to this comment


Your Comments
* Please do not put off-topic comments. We reserve right to delete them at our discretion. You can post anonymously. If you are unable to see your posted comment immediately, it may have been queued for moderation. So do not submit it again. HTML formatting is allowed (only a, b, i, br, p, strong, em, ul, li & blockquote are allowed). Do not put paragraph tags. They are automatically inserted.

Name


Email


Homepage


Comments (required)


Remember Me??







nilesh.org
© 2000-2003. Nilesh Chaudhari (mail AT nilesh.org)