Microsoft Open Specification Promise
Microsoft irrevocably promises not to assert any Microsoft Necessary Claims against you for making, using, selling, offering for sale, importing or distributing any implementation to the extent it conforms to a Covered Specification (“Covered Implementation”), subject to the following. This is a personal promise directly from Microsoft to you, and you acknowledge as a condition of benefiting from it that no Microsoft rights are received from suppliers, distributors, or otherwise in connection with this promise. If you file, maintain or voluntarily participate in a patent infringement lawsuit against a Microsoft implementation of such Covered Specification, then this personal promise does not apply with respect to any Covered Implementation of the same Covered Specification made or used by you. To clarify, “Microsoft Necessary Claims” are those claims of Microsoft-owned or Microsoft-controlled patents that are necessary to implement only the required portions of the Covered Specification that are described in detail and not merely referenced in such Specification. “Covered Specifications” are listed below.
This promise is not an assurance either (i) that any of Microsoft’s issued patent claims covers a Covered Implementation or are enforceable or (ii) that a Covered Implementation would not infringe patents or other intellectual property rights of any third party. No other rights except those expressly stated in this promise shall be deemed granted, waived or received by implication, exhaustion, estoppel, or otherwise.
On This Page
 | Covered Specifications (the promise applies individually to each of these specifications) |
| Frequently Asked Questions |
| Feedback From Representatives of the Community |
Covered Specifications (the promise applies individually to each of these specifications)
This promise applies to the identified version of the following specifications. New versions of previously covered specifications will be separately considered for addition to the list. In connection with the specifications listed below, this Promise also applies to the required elements of optional portions of such specifications.
Web Services
This promise applies to all versions of these specifications existing as of the promise date, October 16, 2006. Many of these specifications are currently undergoing further standardization in certain standards organizations. To the extent that Microsoft is participating in those efforts, this promise will also apply to the specifications that result from those activities.
Devices Profile for Web Services (DPWS) | WS-Federation Active Requestor Profile |
Identity Selector Interoperability Profile v1.0 | WS-Federation Passive Requestor Profile |
Identity Selector Interoperability Profile v1.5 | WS-I Basic Profile |
Remote Shell Web Services Protocol | WS-Management |
SOAP | WS-Management Catalog |
SOAP 1.1 Binding for MTOM 1.0 | WS-MetadataExchange |
SOAP MTOM / XOP | WS-Policy |
SOAP-over-UDP | WS-PolicyAttachment |
Web Single Sign-On Interoperability Profile | WS-ReliableMessaging |
Web Single Sign-On Metadata Exchange Protocol | WS-RM Policy |
WS-Addressing | WS-SecureConversation |
WS-Addressing End Point References and Identity | WS-Security: Kerberos Binding |
WS-AtomicTransaction | WS-Security: Kerberos Token Profile |
WS-BusinessActivity | WS-Security: Rights Expression Language (REL) Token Profile |
WS-Coordination | WS-Security: SAML Token profile |
WS-Discovery | WS-Security: SOAP Message Security |
WSDL | WS-Security: UsernameToken Profile |
WSDL 1.1 Binding Extension for SOAP 1.2 | WS-Security: X.509 Certificate Token Profile |
WS-Enumeration | WS-SecurityPolicy |
WS-Eventing | WS-Transfer |
WS-Federation | WS-Trust |
Web
OpenService Format Specification |
WebSlice Format Specification |
XML Search Suggestions Format Specification |
Virtualization Specifications
Virtual Hard Disk (VHD) Image Format Specification |
Security
RFC 4406 - Sender ID: Authenticating E-Mail |
RFC 4408 - Sender Policy Framework: Authorizing Use of Domains in “Mail From” |
RFC 4407 - Purported Responsible Address in E-Mail Messages |
RFC 4405 - SMTP Service Extension for Indicating the Responsible Submitter of an E-Mail Message |
Office XML File Formats
Office 2003 XML Reference Schemas |
Office Open XML 1.0 – Ecma-376 |
Office Binary File Formats (for Word, Excel and PowerPoint) – Published February 15, 2008
Word 97-2007 Binary File Format (.doc) Specification |
PowerPoint 97-2007 Binary File Format (.ppt) Specification |
Excel 97-2007 Binary File Format (.xls) Specification |
Excel 2007 Binary File Format (.xlsb) Specification |
Office Drawing 97-2007 Binary Format Specification |
Office Binary File Formats (for Word, Excel and PowerPoint) – Published June 30, 2008
[MS-DOC]: Word Binary File Format (.doc) Structure Specification |
[MS-CTDOC]: Word Custom Toolbar Binary File Format Structure Specification |
[MS-XLS]: Excel Binary File Format (.xls) Structure Specification |
[MS-XLSB]: Excel Binary File Format (.xlsb) Structure Specification |
[MS-CTXLS] Excel Custom Toolbar Binary File Format Structure Specification |
[MS-PPT]: PowerPoint Binary File Format (.ppt) Structure Specification |
[MS-ODRAW]: Office Drawing Binary File Format Structure Specification |
[MS-OFORMS]: Office Forms Binary File Format Structure Specification |
[MS-OGRAPH]: Office Graph Binary File Format Structure Specification |
[MS-OSHARED]: Office Common Data Types and Objects Structure Specification |
[MS-OVBA]: Office VBA File Format Structure Specification |
[MS-OFFCRYPTO]: Office Document Cryptography Structure Specification |
Windows Compound Formats
Windows Compound Binary File Format Specification |
Graphics Formats
Windows Metafile Format (.wmf) Specification |
Ink Serialized Format (ISF) Specification |
Xaml Object Mapping Specification 2006 (Draft v0.1) |
WPF Xaml Vocabulary Specification 2006 (Draft v0.1) |
Robotics
Decentralized Software Services Protocol – DSSP/1.0 |
Synchronization
FeedSync v1.0 |
Published Protocols
AppleTalk | RFC 1258 and RFC 1282 – Remote LOGIN (rlogin) |
[MC-BUP]: Background Intelligent Transfer Service (BITS) Upload Protocol Specification | RFC 1332 and RFC 1877 –Internet Protocol Control Protocol (IPCP) |
[MC-CCFG]: Server Cluster: Configuration (ClusCfg) Protocol Specification | RFC 1334 – Password Authentication Protocol (PAP) |
[MC-COMQC]: Component Object Model Plus (COM+) Queued Components Protocol Specification | RFC 1393 – Trace Route |
[MC-DPL4CS]: DirectPlay 4 Protocol: Core and Service Providers Specification | RFC 1436 –Internet Gopher |
[MC-DPL4R]: DirectPlay 4 Protocol: Reliable Specification | RFC 1483, RFC 1755, and RFC 2225 –Internet Protocol over Asynchronous Transfer Mode (IP over ATM) |
[MC-DPL8CS]: DirectPlay 8 Protocol: Core and Service Providers Specification | RFC 1510 and RFC 1964 – Kerberos Network Authentication Service (v5) |
[MC-DPL8R]: DirectPlay 8 Protocol: Reliable Specification | RFC 1552 – PPP Internetwork Packet Exchange Control Protocol (IPXCP) |
[MC-DPLHP]: DirectPlay 8 Protocol: Host and Port Enumeration Specification | RFC 1661 – Point-to-Point (PPP) Protocol |
[MC-DPLNAT]: DirectPlay 8 Protocol: NAT Locator Specification | RFC 1739 Section 2.2 – Packet Internet Groper (ping) |
[MC-DPLVP]: DirectPlay Voice Protocol Specification | RFC 1889 and RFC 3550 – Real-Time Transport Protocol (RTP) |
[MC-DTCXA]: MSDTC Connection Manager: OleTx XA Protocol Specification | RFC 1939 and RFC 1734 – Post Office Protocol, v3(POP3) |
[MC-FPSEWM]: FrontPage Server Extensions: Website Management Specification | RFC 1962 – Compression Control Protocol (CCP) |
[MC-IISA]: Internet Information Services (IIS) Application Host COM Protocol Specification | RFC 1990 – Multilink Protocol (MP) |
[MC-IISIAQ]: Internet Information Services (IIS) IAQ AdminRPC Protocol Specification | RFC 1994 – MD5 Challenge Handshake Authentication Protocol (MD5-CHAP) |
[MC-MQAC]: Message Queuing (MSMQ): ActiveX Client Protocol Specification | RFC 2097 – NetBIOS Frames Control Protocol (NBFCP) |
[MC-MQSRM]: Message Queuing (MSMQ): SOAP Reliable Messaging Protocol (SRMP) | RFC 2118 – Microsoft Point-to-Point Compression (MPPC) |
[MC-NBFS]: .NET Binary Format: SOAP Data Structure | RFC 2125 – Bandwidth Allocation Protocol (BAP) |
[MC-NBFSE]: .NET Binary Format: SOAP Extension | RFC 2131, RFC 2132, and RFC 3361- Dynamic Host Configuration Protocol (DHCP) |
[MC-NBFX]: .NET Binary Format: XML Data Structure | RFC 2205, RFC 2209, and RFC 2210– Resource Reservation Setup (RSVP) |
[MC-NMF]: .NET Message Framing Protocol Specification | RFC 2222 – Simple Authentication and Security Layer (SASL) |
[MC-NPR]: .NET Packet Routing Protocol Specification | RFC 2225 - synchronous Transfer Mode |
[MC-PRCH]: Peer Channel Protocol Specification | RFC 2246 – Transport Layer Security (TLS) |
[MC-PRCR]: Peer Channel Custom Resolver Protocol Specification | RFC 2246 and RFC 2716 – PPP EAP Transport Level Security Authentication Protocol |
[MC-SMP]: Session Multiplex Protocol Specification | RFC 2251 and RFC 2256 – Lightweight Directory Access Protocol (LDAP v3) |
[MC-SQLR]: SQL Server Resolution Protocol Specification | RFC 2284 – PPP Extensible Authentication Protocol (EAP) |
1394 Serial Bus Protocol 2 (SBP2) | RFC 2364 – Point-to-Point over ATM Adaptation Layer 5 (PPPOA) |
Collaboration Data Object for Windows 2000 Protocol Library | RFC 2401, RFC 2402, RFC 2403, RFC 2404, RFC 2405, RFC 2406, RFC 2407, RFC 2408, RFC 2409, RFC 2410, RFC 2411, and RFC 2412 – Internet Protocol Security (IPsec) Protocols |
Draft-cai-ssdp-v1-00 – Simple Service Discovery Protocol | RFC 2433 – Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) |
Draft-cohen-gena-client-00 – General Event Notification Architecture (GENA) | RFC 2460 and RFC 2480 – Transmission Control Protocol/Internet Protocol v6 (TCP/IP v6) |
Draft-cooper-webi-wpad-00– Web Proxy Auto-Discovery Protocol | RFC 2474 – Differentiated Services (DIFFSERV) |
Draft-ietf-dhc-csr-06 – Classless Static Route Option for DHCP | RFC 2478 and RFC 4178 – Simple and Protected GSS-API Negotiation (SPNEGO) |
Draft-ietf-pppext-callback-cp-02– Callback Control Protocol (CBCP) | RFC 2478 and RFC 4559 – HTTP Authentication: Simple and Protected GSS_API Negotiation Mechanism (SPNEGO) |
Draft-leach-cifs-v1-spec-02 – Common Internet File System (CIFS) | RFC 2516 – Point-to-Point over Ethernet (PPPOE) |
HyperTerminal Protocols Extensions | RFC 2529 – IPv6 over IPv4 (6to4) |
IBM Data Link Control (DLC) Protocol | RFC 2616 – Hypertext Transfer Protocol (HTTP) v.1.1 |
IBM NetBIOS Extended User Interface (NetBEUI) v 3.0 | RFC 2617 – HTTP Authentication: Basic and Digest |
IEC 61883-1 | RFC 2637 – Point-to-Point Tunneling Protocol (PPTP) |
IEEE 1284 – Interface - Parallel | RFC 2661 and RFC 3193 – Layer Two Tunneling Protocol (L2TP) |
IEEE 802.1x - 2004 | RFC 2730 – Multicast Address Dynamic Client Allocation Protocol (MADCAP) |
Infrared Data Association (IrDA) Published Standards | RFC 2734, RFC 3056, and RFC 3068 – IPv4 over High Performance Serial Bus (IEEE 1394) |
Infrared Network (IrNET) Protocol | RFC 2814 – Subnet Bandwidth Manager (SBM) |
Intel Preboot Execution Environment (PXE) | RFC 2910 and RFC 2911 – Internet Printing Protocol (IPP) |
Microsoft Internet Information Services (IIS) Application Host COM Protocol | RFC 3078 – Microsoft Point-To-Point Encryption (MPPE) |
Microsoft Internet Protocol Security Protocol Extension - Internet Key Exchange (IKE) Protocol with Acknowledged Deletes | RFC 3208 – Pragmatic General Multicast (PGM) |
Microsoft Internet Protocol Security Protocol Extension - Internet Key Exchange (IKE) Protocol with Private Error Status Notification | RFC 3244 – Kerberos Change Password |
Microsoft Internet Protocol Security Protocol Extension - Kerberos (GSS-Authentication) in Internet Key Exchange (IKE) protocol with GSS-API Authentication | RFC 4214 –Intra-Site Automatic Tunnel Addressing Protocol (ISATAP) |
Microsoft Kerberos Authentication Group Membership Extensions | RFC 4556 – Public Key Cryptography for Initial Authentication in Kerberos (PKINIT) |
Microsoft Network Access Protection (NAP) Statement of Health (SoH) Messages | RFC 783 – Trivial File Transfer Protocol (TFTP) |
Microsoft Remote X/Open Directory Services Remote Protocol | RFC 791, RFC 768, RFC 792, RFC 793, and RFC 826 – Transmission Control Protocol/Internet Protocol v4 (TCP/IP v4) |
Microsoft Simple Network Time Protocol Extensions | RFC 792 – Internet Control Message Protocol (ICMP) |
Microsoft Teredo Protocols | RFC 854 – Telnet Protocol |
Microsoft Universal Plug and Play Internet Gateway Device Extensions | RFC 862 – Echo Protocol |
Microsoft VT100+ Protocol | RFC 863 – Discard Protocol |
Microsoft VT-UTF8 Protocol | RFC 864 – Character Generator Protocol |
Novell Internetwork Packet Exchange (IPX) | RFC 865 – Quote of the Day Protocol |
Novell NetBIOS over Internetwork Packet Exchange (NBIPX) | RFC 867 – Daytime Protocol |
Novell Sequenced Packet Exchange (SPX) | RFC 884 – VTNT Terminal |
Novell Service Advertising Protocol (SAP) | RFC 959 – File Transfer Protocol (FTP) |
RFC 1001 and RFC 1002 – NetBIOS over TCP (NETBT) | Secure Sockets Layer v3 (SSL) |
RFC 1034, RFC 1035, RFC 1995, RFC 2136, RFC 2181, RFC 2782, RFC 2845, RFC 2930, RFC 007, and RFC 3645 – Domain Name System (DNS) | Small Computer Systems Interface (SCSI) Multimedia Command Set – 2 (MMC-2) |
RFC 1055 – Serial Line Internet Protocol (SLIP) | Small Computer Systems Interface (SCSI) Multimedia Command Set – 3 (MMC-3) |
RFC 1058, RFC 1723, and RFC 2453 – Routing Information Protocol 1.0, 2.0 (RIP) | Small Computer Systems Interface (SCSI) Primary Command Set (SCSI-3) |
RFC 1112, RFC 2236, and RFC 3376 – Internet Group Management Protocol (IGMP) v1, v2, and v3 | Sun Microsystems Remote Procedure Call (SunRPC) |
RFC 1155, RFC 1157, RFC 1213, RFC 1289, RFC 1901, RFC 1902, RFC 1903, RFC 1904, RFC 1905, RFC 1906, RFC 1907, and RFC 1908: Simple Network Management Protocol v2 (SNMP) | T.120 |
RFC 1179 – Line Printer Daemon (LPD) | Universal Plug and Play (UPnP) |
RFC 1191, RFC 1323, RFC 2018, and RFC 2581 – TCP/IP Extensions | Universal Serial Bus (USB) Revision 2.0 |
RFC 1256 – ICMP Router Discovery Messages | |
Frequently Asked Questions
The Open Specification Promise is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement specifications through a simplified method of sharing of technical assets, while recognizing the legitimacy of intellectual property.
We listened to feedback from community representatives who made positive comments regarding the acceptability of this approach.
OSP GENERAL
Q: Why did Microsoft take this approach?
A: It was a simple, clear way, after looking at many different licensing approaches, to reassure a broad audience of developers and customers that the specification(s) could be used for free, easily, now and forever.
Q: How does the Open Specification Promise work? Do I have to do anything in order to get the benefit of this OSP?
A: No one needs to sign anything or even reference anything. Anyone is free to implement the specification(s), as they wish and do not need to make any mention of or reference to Microsoft. Anyone can use or implement these specification(s) with their technology, code, solution, etc. You must agree to the terms in order to benefit from the promise; however, you do not need to sign a license agreement, or otherwise communicate your agreement to Microsoft.
Q: What is covered and what is not covered by the Open Specification Promise?
A: The OSP covers each individual specification designated on the public list posted at http://www.microsoft.com/interop/osp/. The OSP applies to anyone who is building software and or hardware to implement one or more of those specification(s). You can choose to implement all or part of the specification(s). The OSP does not apply to any work that you do beyond the scope of the covered specification(s).
Q: If a listed specification has been approved by a standards organization, what patent rights is Microsoft providing?
A: We are providing access to necessary claims consistent with the scope of our commitments in that organization.
Q: What if I don’t implement the entire specification? Will I still get the protections under the OSP?
A: The OSP applies whether you have a full or partial implementation. You get the same irrevocable promise from us either way. In all cases, the OSP covers only your implementation of the parts of the specification(s) that you decide to use.
Q: The specification I am interested in has some required portions and some optional portions, does the OSP apply to both?
A: Yes, the OSP covers Necessary Claims for both required and optional portions of the Covered Specifications. Under the paragraph entitled “Covered Specifications” is the language that makes it clear that the OSP applied to portions of the Covered Specifications that are optional. (“This Promise also applies to the required elements of optional portions of such specifications.”)
Q: Does this OSP apply to all versions of the standard, including future revisions?
A: The Open Specification Promise applies to all existing versions of the specification(s) designated on the public list posted at http://www.microsoft.com/interop/osp/, unless otherwise noted with respect to a particular specification (see, for example, specific notes related to web services specifications).
Q: Why doesn’t the OSP apply to things that are merely referenced in the specification?
A: It is a common practice that technology licenses focus on the specifics of what is detailed in the specification(s) and exclude what are frequently called “enabling technologies.” If we included patent claims to the enabling technology, then as an extreme example, it could be argued that one needs computer and operating system patents to implement almost any information technology specification. No such broad patent licenses to referenced technologies are ever given for specific industry standards.
Q: Is this OSP sub-licensable?
A: There is no need for sublicensing. This promise is directly applicable to you and everyone else who wants to use it. Accordingly, your distributees, customers and vendors can directly take advantage of this same promise, and have the exact same protection that you have.
Q: Is this Open Specification Promise legally binding on Microsoft and will it be available in the future to me and to others?
A: Yes, the OSP is legally binding upon Microsoft. The OSP is a unilateral promise from Microsoft and unilateral promises may be enforced against the party making such a promise. Because the OSP states that the promise is irrevocable, it may not be withdrawn by Microsoft. The OSP is, and will be, available to everyone now and in the future for the specifications to which it applies. As stated in the OSP, the only time Microsoft can withdraw its promise against a specific person or company for a specific Covered Specification is if that person or company brings (or voluntarily participates in) a patent infringement lawsuit against Microsoft regarding Microsoft’s implementation of the same Covered Specification. This type of “suspension” clause is common industry practice.
Q: Is the Open Specification Promise intended to apply to open source developers and users of open source developed software?
A: Yes. The OSP applies directly to all persons or entities that make, use, sell, offer for sale, imports and/or distributes an implementation of a Covered Specification. It is intended to enable open source implementations, and in fact several parties in the open source community have specifically stated that the OSP meets their needs. Moreover there are already a significant number of implementations of Covered Specifications that have been created and/or distributed under a variety of open source licenses as well as under proprietary software development models. Because open source software licenses can vary you may want to consult with your legal counsel to understand your particular legal environment.
Q: Why does Microsoft obtain patents that apply to specifications to which the Open Specification Promise apply? Is that something that others do too?
A: Microsoft invests a significant amount of resources in research and development efforts. Like any other company that commits such resources to creating new technologies, Microsoft seeks to protect its investment by obtaining patents on the resulting innovations. At a minimum, patents have value in defending Microsoft with regard to patent infringement claims made by others. Many patent owners use their patents defensively to protect themselves against third-party law suits when they make their patents available under reasonable and non-discriminatory (RAND or RAND-Z) terms and conditions (including promises like the OSP).
Q: What is the difference between copyrights and patent rights and why doesn’t the Open Specification Promise include copyrights?
A: Patents protect the creation or improvement of a novel and useful method, device, process, or material. By contrast, copyrights protect a particular expression or implementation of an invention but not the underlying invention itself. For example, copyright protects the intellectual property rights associated with owning or distributing a copy of the specification as a document. In the particular case of the OSP, copyrights in the Covered Specifications are made available by the publisher of the particular specification. When specifications are published by standards setting organizations, those organizations provide the copyright license. When Microsoft is the publisher of the Covered Specification, a copyright license is provided either as a part of text of the Covered Specification itself, or in a separate document. Copyrights in the Covered Specifications are not provided through the OSP because, in the instances where the standards organization owns the copyright in the Covered Specifications, Microsoft does not have the ability to provide such rights.
Q: Is this Promise consistent with open source licensing, namely the GPL? And can anyone implement the specification(s) without any concerns about Microsoft patents?
A: The Open Specification Promise is a simple and clear way to assure that the broadest audience of developers and customers working with commercial or open source software can implement the covered specification(s). We leave it to those implementing these technologies to understand the legal environments in which they operate. This includes people operating in a GPL environment. Because the General Public License (GPL) is not universally interpreted the same way by everyone, we can’t give anyone a legal opinion about how our language relates to the GPL or other OSS licenses, but based on feedback from the open source community we believe that a broad audience of developers can implement the specification(s).
Q: I am a developer/distributor/user of software that is licensed under the GPL, does the Open Specification Promise apply to me?
A: Absolutely, yes. The OSP applies to developers, distributors, and users of Covered Implementations without regard to the development model that created such implementations, or the type of copyright licenses under which they are distributed, or the business model of distributors/implementers. The OSP provides the assurance that Microsoft will not assert its Necessary Claims against anyone who make, use, sell, offer for sale, import, or distribute any Covered Implementation under any type of development or distribution model, including the GPL. As stated in the OSP, the only time Microsoft can withdraw its promise against a specific person or company for a specific Covered Specification is if that person or company brings (or voluntarily participates in) a patent infringement lawsuit against Microsoft regarding Microsoft’s implementation of the same Covered Specification. This type of “suspension” clause is common industry practice.
SECURITY
Q: Why are you putting Sender ID under the OSP now?
A: In September of this year, Microsoft announced a new approach to the availability of open specifications. At the time we announced the application of the Open Specification Promise to 38 Web services specifications and earlier this month we expanded it to include the Virtual Hard Disk Image Format specification. At this point, we think we can promote further industry interoperability among all commercial software solutions that utilize email authentication, including open source solutions by making Sender ID more clearly available to the entire internet ecosystem including customers, partners, ISPs, registrars and the developer community. This approach complements Microsoft’s broader commitment to combat the spread of spam, phishing, malware and other exploits in email, as well as interoperability, which we achieve in part through enabling access to our technology.
Q: Are you making Sender ID available under the OSP because you received so much criticism for your original licensing approach to the spec?
A: We recognize that there are lingering questions from some members of the development community about Microsoft’s licensing terms and how those terms may affect developers’ ability to implement Sender ID. It is important to note that great progress has already been made on email authentication worldwide with more than 5 million domain holders adopting Sender ID as a best practice today. Sender ID helps protect brands, reduce spam, and counter email exploits. The OSP is a simple, clear way to reassure a broad audience of developers and customers that any Microsoft patents ever needed to implement all or part of the specification could be used for free, easily, now and forever.
Q: What’s the significance of the OSP for Sender ID?
A: By extending the OSP to the Sender ID format, Microsoft will help the industry combat e-mail spoofing and phishing by fostering greater interoperability among all commercial software solutions for email authentication, including open source-based solutions. Implementers of the Sender ID Framework will not need to be concerned about signing a license in order to implement the anti-spoofing and anti-phishing technology. This approach also complements Microsoft’s broader commitment to interoperability, which we achieve in part through enabling access to our technology.
| • | Microsoft is committed to working with the IT industry and businesses to help protect consumers and businesses from the blight of online threats. The Sender ID Framework is an e-mail authentication specification that helps address domain spoofing – a common tactic used for the spread of spam, phishing, malware and other exploits in email – by verifying the domain name from which an e-mail is sent. |
| • | After nearly two years of worldwide deployment to over 600 million users, Sender ID already enjoys broad industry support, with approximately 36% of all legitimate email sent worldwide Sender ID compliant and an estimated 5.5 million domains worldwide protected by Sender ID. Adoption of the Fortune 500 has increased from 7% a year ago to over 23% today |
| • | Email authentication and the ability of validating the identity has become critical in the face of the increase sophistication and online threats being propagated. With Sender ID senders and receiving networks are afforded an additional layer of safety and security from these exploits. |
| • | Sender ID provides significant business value at no cost and impact to performance. Today business throughout the world are realizing enhanced brand and user protection while realizing improved deliverability of legitimate email. With the addition of Sender ID and the sender’s reputation, false positive are able to be reduced to nearly zero while false negatives being reduced by over 80%. |
Q: Where can I download the Sender ID specifications?
A:
RFC 4406 - Sender ID: Authenticating E-Mail
RFC 4408 - Sender Policy Framework: Authorizing Use of Domains in “Mail From”
RFC 4407 - Purported Responsible Address in E-Mail Messages
RFC 4405 - SMTP Service Extension for Indicating the Responsible Submitter of an E-Mail Message
Office XML File Formats
Q: What are you doing by adding Ecma Office Open XML to the OSP?
A: We are giving potential implementers of Ecma Office Open XML the ability to take advantage of either the CNS or the OSP, at their choice. Microsoft had already stated that it offers an irrevocable covenant not to sue (CNS) to anyone wishing to implement the formats. We understand that some may prefer the new OSP, which we’d like to facilitate.
Q: Why are you doing this now?
A: In September, the Ecma Technical Committee created the Final Draft of the Office Open XML v1.0 formats so we want to address any questions people may have with respect to their ability to use our patent rights that are necessary to implement Ecma Office Open XML. We don’t want there to be any open issues with respect to access to necessary Microsoft patent claims.
Q: Why are you applying both the CNS and the OSP?
A: Some have asked whether we would apply the OSP to Ecma Office Open XML. We don’t know whether some will choose the OSP over the CNS, but we want to make that an option.
Feedback From Representatives of the Community
OSP GENERAL
“Red Hat believes that the text of the OSP gives sufficient flexibility to implement the listed specifications in software licensed under free and open source licenses. We commend Microsoft’s efforts to reach out to representatives from the open source community and solicit their feedback on this text, and Microsoft's willingness to make modifications in response to our comments.”
Mark Webbink
Deputy General Counsel
Red Hat, Inc.
“The Microsoft open specification promise is a very positive development. In the university and open source communities, we need to know that we can implement specifications freely. This promise will make it easier for us to implement Web Services protocols and information cards and for them to be used in our communities.”
RL "Bob" Morgan
Chair, Middleware Architecture Committee for Education (MACE)
Senior Technology Architect, University of Washington
SECURITY
“Microsoft's extension of their Open Specification Promise to Sender ID is a positive step for the email community. It eases licensing concerns when considering email authentication methods and helps email senders and receivers to focus on the technology.”
David Cole
Senior Vice President
AOL Network and Data Center Operations
“E-mail security is critical to safeguarding consumer confidence online. It’s important that the entire community adopt interoperable, easy-to-implement and low-cost platforms to encourage broad adoption of tools to combat e-mail spoofing and phishing scams. We commend Microsoft in its effort to foster improved industry cooperation.”
Ramesh Lakshmi Ratan
Executive Vice President and Chief Operating Officer
Direct Marketing Association (DMA)
“The ESPC members have long recognized the need for strong spam solutions that help ensure the delivery of legitimate e-mail, and we welcome Microsoft’s announcement today as another positive step for the delivery of safe and authentic e-mails.”
Trevor Hughes
Executive Director
Email Sender & Provider Coalition (ESPC)
“As a leading Internet gateway security provider, we are interested in seeing the best anti-spam products get to market to improve trust and confidence in e-mail. Moving the Sender ID specification under the OSP is an important move by Microsoft, and we hope it will result in widespread adoption across the industry.”
Patrick Peterson
Vice President, Technology
IronPort Systems Inc.
“Sender authentication technologies like Sender ID are important tools that help ensure e-mail security, and by making Sender ID available under the OSP, Microsoft is addressing the interoperability needs of heterogeneous e-mail infrastructures. We’re pleased to see this development and believe it’s a positive step in the fight against spoofing, phishing and other categories of unwanted messaging.”
Eric Allman
Chief Science Officer
Sendmail Inc.