But the move was steeped in politics, and does not appear to resolve potential incompatibilities between the two specs, which have been traveling down a rocky road at the Internet Engineering Task Force, of which the IESG is a key committee.
SIDF and SPF both propose ways to reduce the amount of email junk and fraud by strengthening a weakness in SMTP that allows email senders to spoof their domains. Phishers and spammers use this technique all the time.
By designating the specs as Experimental, the IESG has essentially put an official stamp on both of them that says ‘This is not a standard, but we’ve had a look at it and it seems okay but could use some work, so go play with it for a while and see what you think.’
Officially, the IETF says the usage of a protocol with the ‘Experimental’ designation should generally be limited to those actively involved with the experiment, as opposed to the broader internet community.
The IESG said in a statement yesterday that it takes no position about which approach [SPF or SIDF] is to be preferred and cautions the reader that there are serious open issues for each approach and concerns about using them in tandem.
The IESG believes that documenting the different approaches does less harm than not documenting them, the group said. After the specs have been implemented and observed for a couple of years, there may be the opportunity to revisit the standards track.
There are two parts to each spec. An email sender publishes the IP addresses of their outgoing mail transfer agents in their domain name system records, and the recipient uses the DNS to check the IP address matches the domain.
Where the two specs diverge is on the receive side. The difference is a technical one, but has been likened to the difference between checking the return address on an envelope and checking the address on the letterhead within.
The process of converging the two specs fell apart last fall, when Microsoft refused to budge on its license plans, which envisaged a royalty-free spec, but using terms that many said were incompatible with open-source licenses.
The IETF dissolved the working group, known as MARID, that was tackling the problem, and Microsoft and the SPF project submitting their respective specs to be assigned the Experimental designation.
The politics did not end with MARID, however. The SPF community is currently fairly suspicious that Microsoft is trying to co-opt SPF, which SIDF does in fact support, in its SIDF marketing and published adoption metrics.
There are far more SPF records published on the internet than there are organizations explicitly supporting SIDF, but Microsoft has substantial power to push SIDF as a de facto internet standard.
The company has already started promoting SIDF through the Hotmail and MSN email services. Users are now alerted when they receive and email that is not compliant with SIDF/SPF, and are encouraged to learn more.
SPF, nominally led by independent developers Meng Weng Wong and Wayne Schlitt, has itself been internally split on whether to take the political route of trying to appease Microsoft and the IESG and thus get a spec published, or to stick to its technical guns.
Schlitt has publicly expressed disappointment at what he sees as political moves — the IESG giving experimental status to SIDF and SPF at the same time, not acknowledging some incompatibilities between the two, and not allowing 18 months of SPF deployment to count towards the two-year Experimental timeframe.
