Microsoft: Your Spam is Our Competitive Advantage
Ever since Bill Gates said the spam problem would be solved by the start of
2006 (a prediction I pooh-poohed in this very
column at the time), Microsoft has been making moves in the anti-spam space. One
of the ideas near and dear to their heart is that you can cut down on the amount
of spam if you can somehow prevent mail with forged return addresses from
getting through, since a lot of spam these days comes from hijacked
machines. After a suitable amount of time, the Redmond folks churned out a
spec that they called Caller ID.
Of course, they're not the only ones with this idea. By the time that Caller
ID was on the scene, an open source alternative named Sender Policy Framework was already on the
scene. You can implement SPF today, and pretty soon major e-mail providers like
AOL will be using it to whitelist incoming mail. As far as I've been able to
find out, the SPF specification is free and anyone can implement it without
worrying about licensing issues.
Microsoft's response has been to work with the folks behind SPF, as well as
some of the Internet protocol wonks, to come up with a merged combination of
Caller ID and SPF that's called Sender ID. And herein lies the problem.
Microsoft has offered up a license for
Sender ID that they claim is
royalty-free, reasonable, and non-discriminatory. It may be all of those things,
but it's also incompatible with some major free software licenses - including
the General Public License (GPL).
At issue is a section of the Microsoft license that doesn't allow
sublicensing. Everyone who wants to use the patent-pending technologies that
Microsoft proposes to license royalty-free in to Sender ID must execute their
own separate license with Microsoft. The GPL, on the other hand, says that any
code you distribute can be used by the people you distribute it to.
So, here's where things end up: Microsoft can implement both SPF and Sender
ID in their products such as Exchange and Outlook. Open source alternatives can
implement SPF, but not Sender ID (unless they engage in jumping-through-hoops,
such as producing a separate Sender ID add-on that's not distributed alongside
GPL software). Thus, the Microsoft products should be able to do a better job of
blocking spam than the open-source alternatives. One can't help thinking that
this is the deliberate purpose of the license, rather than a side-effect of the
licensing decisions taken for other reasons.
Is there an alternative? Sure. Microsoft could take out their patent
and then put the technology into the public domain, so anyone could implement it
in any product. That would help cut down on spam, but it would also eliminate
the competitive advantage. Or we could just abolish the whole silly system of
software patents. But I'm not holding my breath waiting for either one of those
things to happen.