glossary 6.06 messaging

7/29/2019 Glossary 6.06 Messaging

1/22

Messaging and Security:A Glossary of Terms, Resources,

Research and Standards

2006 Sendmail,Inc.All rights reserved. Sendmail and the Sendmail logo are trademarks of Sendmail,Inc. Glossary_6.06_Messag

Sendmail,Inc.

6425 Christie Avenue Emeryville, CA 94608 1-87-SENDMAIL (877-363-6245) +1 510 594 5400 www.sendmail.com


2/22 2006 Sendmail Inc.

Table of Contents

A.....................................................................................................................................................3

B .....................................................................................................................................................4

C.....................................................................................................................................................4

D ....................................................................................................................................................6

E .....................................................................................................................................................7

F .....................................................................................................................................................8

G ....................................................................................................................................................9

H ....................................................................................................................................................9

I ....................................................................................................................................................10

J ....................................................................................................................................................11

K...................................................................................................................................................11

L...................................................................................................................................................11

M..................................................................................................................................................11

N ..................................................................................................................................................12

O ..................................................................................................................................................13

P ...................................................................................................................................................13

Q..................................................................................................................................................14

R...................................................................................................................................................14

S....................................................................................................................................................15

T...................................................................................................................................................17U ..................................................................................................................................................18

V...................................................................................................................................................18

W.................................................................................................................................................18

X...................................................................................................................................................19

Z...................................................................................................................................................19

Some Email and Cryptography Standards and Publications .................................................20

Internet Drafts ............................................................................................................................21

Federal Information Processing Standards (FIPS) Publications .....................................22

Standards for Efficient Cryptography Group Documents ...............................................22

Listing of some IEEE Cryptography Publications .............................................................22

Listing of some ANSI Cryptography Standards .................................................................22

Additional Research Papers, Publications and References ...............................................22


3/22

AABNF (Augmented Backus-Naur Form)Syntax used for defining structure of various elements of IETF protocols, see[RFC2234] www.rfc.net.

Access ControlRefers to mechanisms and policies that restrict access to computer resources.

An access control list (ACL), for example, specifies what operations differentusers can perform on specific files and directories.

AccreditationA process by which an email sender can get certified by some agency that itmeets certain criteria (like a mail list with all users confirmed opt-in). Theaccreditation agency then publishes a list of accredited entities (with accredita-tion information) and/or provides accreditation confirmation by some othermeans. Getting an email certificate from certificate authority can be be a formof accreditation.

Active ContentActive content refers to material that is downloaded that makes something hap-pen, as opposed to static content, such as text or simple images that do nothingbut get displayed. Active content includes such things as JavaScript animations,

ActiveX controls, Java spreadsheets...anything that actually does something.

ActiveX

ActiveX is Microsofts answer to the Java technology from Sun Microsystems.An ActiveX control is roughly equivalent to a Java applet. ActiveX is the nameMicrosoft has given to a set of strategic object-oriented program technologiesand tools. The main thing that you create when writing a program to run inthe ActiveX environment is a component, a self-sufficient program that can berun anywhere in your ActiveX network (currently a network consisting of

Windows and Macintosh systems). This component is known as an ActiveXcontrol.

Address BookAn automated email address directory that allows you to address your messageseasily. Generally comes in personal and public versions.

Adware / SpywareSoftware that downloads and displays advertisments. This type of software isoften bundled with software that is available freely on the Internet.

AES (Advanced Encryption Standard)The Advanced Encryption Standard (AES) is a Federal Information Processing

Standard (FIPS) Publication that will specify a cryptographic algorithm for useby U.S. Government organizations to protect sensitive (unclassified) informa-tion. This standard specifies Rijndael as a FIPS-approved symmetric encryptionalgorithm that may be used by U.S. Government organizations (and others) toprotect sensitive information.

AlgorithmA sequence of steps whose order and process will solve a particular problem.Examples are mathematical formulae or a group of computer programminginstructions. This is not the same as a computer program, which is comprisedof a larger set of steps that involves many individual algorithms.

ANSIAmerican National Standards Institute, see http://www.ansi.org

Anti-Replay ServiceWith anti-replay service, each IP packet passing within the secure association istagged with a sequence number. On the receiving end, each packets sequence

number is checked to see if it falls within a specified range. If an IP packet tagnumber falls outside of the range, the packet is blocked.

AntivirusAntivirus refers to products and technology used to detect, protect and removemalicious code from your infected system. Antivirus vendors share informationand resources to ensure rapid response to malicious code outbreaks. Mostantivirus vendors participate in independent testing that certifies their productsto detect and/or disinfect viruses.

Anti-virusA software program designed to identify and remove a known or potentialcomputer virus

API (Application program interface)An API is the specific methodology by which a programmer writing an applicationprogram may make requests of the operating system or another application.

Appender / Appending virusA virus that inserts a copy of its code at the end of its target file.

Application Gateway FirewallApplication gateways look at data at the application layer of the protocol stackand serve as proxies for outside users, intercepting packets and forwardingthem to the application. Thus, outside users never have a direct connection toanything beyond the firewall. The fact that the firewall looks at this applica-tion information means that it can distinguish among such things as Telnet, file

transfer protocol (FTP), or Lotus Notes traffic. Because the application gate-way understands these protocols, it provides security for each application itsupports.

ArchiveA group of files compressed into a single file to preserve space. Commonly usedarchive file formats are ZIP, TAR, ARJ, LZH, UC2. Archives are convenient focontaining files that you want to preserve as backups or as a convenient way ofsending multiple files to someone.

ArchivingAn archive is a collection of computer files that have been packaged togetherfor backup, to transport to some other location, for saving away from the com-puter so that more hard disk storage can be made available, or for some otherpurpose. An archive can include a simple list of files or files organized under adirectory or catalog structure (depending on how a particular program supportsarchiving).

ARPA or DARPA (Defense Advanced Research Projects Agency)The organization that sponsored the development of a research-oriented net-

work in the 1960s that was originally called ARPANET. The network hasmore recently evolved into what is now called the Internet.

ARP (Address Resolution Protocol)A protocol used to obtain the physical addresses (such as MAC addresses) ofhardware units in a network environment. A host obtains such a physicaladdress by broadcasting an ARP request, which contains the IP address of thetarget hardware unit. If the request finds a unit with that IP address, the unitreplies with its physical hardware address.

ASCII (American Standard Code for Information Interchange)7 bit format consisting of 128 characters which is a de facto world-wide stan-dard used by computers to represent all the upper and lower-case Latin letters,numbers, punctuation, etc.

ASIC (Application Specific Integrated Circuit)A chip designed for a particular application. ASICs are built by connecting

existing circuit building blocks in new ways. Since the building blocks alreadyexist in a library, it is much easier to produce a new ASIC than to design a newchip from scratch.

ASN.1 (Abstract Syntax Notation One (CCITT recommendation X.208))Syntax for compact representation of structured data objects. This is the dataformat used for most PKCS objects. For more info seehttp://luca.ntop.org/Teaching/Appunti/asn1.html

ASRG (Anti-Spam Research Group)Part of the Internet Research Task Force (IRTF) that focuses on junk email,more commonly known as spam. See asrg.sp.am

ASTA (Anti-Spam Technical Alliance)A group of the largest ISPs, including AOL, Earthlink, Microsoft, and Yahoo!,which coordinate their actions to combat spam email.

Asymmetrical Key ExchangeAsymmetric or public key cryptography is based on the concept of a key pair.Each half of the pair (one key) can encrypt information so that only the otherhalf (the other key) can decrypt it. One part of the key pair, the private key, isknown only by the designated owner; the other part, the public key, is pub-lished widely but is still associated with the owner.

AttachmentAn attachment is a file that is added to an outgoing email, e.g. a picture or aWord document. Attachments are the most common carriers of viruses andyou should never open an attachment that comes from an unknown source.

AttachmentA file that a user adds to an email message to transfer it to another user.

AuthenticationThe process of determining the identity of a user that is attempting to access anetwork. Authentication occurs through challenge/response, time-based codesequences or other techniques. See CHAP and PAP.

2006 Sendmail Inc3

Messaging and Security: A Glossary of Terms, Resources, Research and Standards


4/22

Authentication Header (AH)The Authentication Header is a mechanism for providing strong integrity andauthentication for IP datagrams. It might also provide non-repudiation,depending on which cryptographic algorithm is used and how keying is per-formed. For example, use of an asymmetric digital signature algorithm, such asRSA, could provide nonrepudiation.

AuthorizationThe process of determining what types of activities or access are permitted on anetwork. Usually used in the context of authentication: once you have authen-ticated a user, they may be authorized to have access to a specific service.

AutoresponseA message generated automatically by program that acts on behalf of emailrecipient. Examples of such responses are: information on change of emailaddress, information on persons temporary unavailability (i.e. VACATIONmessage), acknowledgement of receipt of an email message, etc.

AV KillerA powerful tool for hackers intended to disable users Antivirus programs andpersonal firewalls to escape detection.

BBackdoor

A program that allows access to a computers resources via a network connec-tion. Backdoors can create a security hole in your system that can be used toaccess your computer.

Bandwidth

Generally speaking, bandwidth is directly proportional to the amount of datatransmitted or received per unit time. In digital systems, bandwidth is propor-tional to the data speed in bits per second (bps). Thus, a modem that works at57,600 bps has twice the bandwidth of a modem that works at 28,800 bps.

BASE64An encoding of binary data, which is using only 64 characters (A-Z, a-z, 0-9, +, /and =) and can be sent as part of any text message in ASCII character set. See[RFC2045] and [RFC3548] www.rfc.net. Note that PEM format files used byOpenSSL are BASE64 representation of DER encoded X.509 certificates.

Bastion hostA specific host that is used to intercept packets entering or leaving a network.and the system that any outsider must ordinarily connect with to access a sys-tem or service that is inside the networks firewall. Typically the bastion hostmust be highly secured because it is vulnerable to attack due to its placement.See dual-homed gateway.

BATV (Bounce Address Tag Validation)Proposal to add signatures information in the local part of RFC2821 MAILFROM (known as bounce address). See [Draft-BATV] andhttp://mipassoc.org/batv/index.html

Bayesian FilterThis is an email filtering system based on Bayesian Logic, which is a mathematicsand logic theory based on work of Thomas Bayes who worked on logic of decisionmaking based on statistical probability inference. Spam filters that use this systemdetermine probability if an email message is spam by doing comparison of themessage contents to known spam messages with rating system applied to individ-ual keywords and then summed up to produce message score.

BCP (Best Current Practice RFCs)An IETF document series that specifies IETF recommended procedure that isnot directly a protocol standard. See http://www.faqs.org/rfcs/bcp-index.html

BER (Specification of Basic Encoding Rules for ASN.1 (CCITT recom-mendation X.209))

For more information see http://luca.ntop.org/Teaching/Appunti/asn1.htmlBlacklistThere are two kinds of blacklists:

IP-blacklistsPublication of a group of IP addresses known to be sources of spam. The goalof these blacklists are to provide a list of IP addresses that a network can use tofilter out undesireable traffic. However, since spammers are constantly changingtheir IP addresses, the effectiveness of IP-blacklists is limited.

r-user blacklistsLists of email addresses or domain names from which spam filters allow messages tobe received. The list can be gradually compiled over a period of time and can beedited whenever the user wants.

BlocklistA synonym term for BLACKLIST (the authors of this glossary prefers to usethis term)

BOGON IPTerm bogon comes from bogus number - as applied to ip addreses it specifies ipthat should not be used on public Internet (but such IP maybe used on some localnetworks). Those are ip addresses in unallocated, unassigned or special reserved ipaddress blocks and use of these ips on public Internet can often be for malicious pur-poses or in order to make it more difficult to find the entity responsible (since thereis no whois data for the ip). See http://www.completewhois.com/bogons/

Boot sector virusA boot sector virus usually spreads via infected floppy disks. When a user unin-tentionally leaves the infected disk with a boot sector virus, the boot sector ofthe users local drive (C:\) will also be infected. Boot sector viruses simply takeup memory space or may contain a malicious load. The simplest method toavoid Boot sector viruses is to alter the CMOS settings to boot from the localC:\ drive first, rather than from floppy.

BOT [1]A term derived from robot and meaning automated computer system visitingwebsites and doing tasks on its own. Most commonly used in reference to webspiders (for example google bot) which are systems trying to visit web sites tobe able to reference them in search engines.

BOT [2]A term derived from robot and meaning an application running on hackedor compromised (by means of virus) computer being remotely controlled bysomebody other than its owner. This use of BOT is synonymous withDRONE and ZOMBIE. For more info see http://www.nanog.org/mtg-0410/pdf/kristoff.pdf

BOTNETA large number of BOTs [2] / DRONES / ZOMBIES which are controlled bya single entity. There are now reportedly BOTNETS consisting of 100,000s ofindividual PCs but most often BOTNET consists of several thousands ofBOTs. Many BOTNETSs are controlled from special channels on IRC and areoften used for orchestrated attacks such as DDOS or for distributed generationand distribution of SPAM. Spammers and miscreants buy and sell BOTNETSon their blackmarket.

BounceIf message delivery has failed for some reason then the email message shouldbe returned back to the original sender (or an agent it designates to receivereturned email) and such process of returning message after delivery failure iscalled BOUNCING and the message being returned is a BOUNCE.

Bounce AddressAlso known as Return-Path, Envelope From and SMTP2821 MAIL

FROM. This is an address transmitted at SMTP session during MAIL FROMcommand and represents an address that in case of delivery failure an MTA (ormore likely an MDA) would need to send message back to.

Buffer Overflow AttackA buffer overflow attack works by exploiting a known bug in one of the appli-cations running on a server. It then causes the application to overlay systemareas, such as the system stack, thus gaining administrative rights. In mostcases, this gives a hacker complete control over the system. Also referred to asstack overflow.

BugA fault in a computer system, usually associated with software.

CCA (Certificate Authority)See Certificate Authority

Caller ID (CID)A Microsoft-designed email sender authentication proposal that was used onRFC2822 headers Sender, From, Resent-Sender, and Resent-From. The pro-posal used DNS XML records, but was superseded by combining it with theSPF sender authentication proposal to create Sender ID. Sender ID was for atime adopted and promoted by ASTA.

Caller ID [1]In telephony this refers to a system for displaying phone number and name ofthe calling party.

Caller ID [2]In email security this may refer to a Microsoft email authentication proposal, formore info see CID.

4 2006 Sendmail Inc.


5/22

CAN-SPAMCAN-SPAM Act of 2003 - law passed by US Congress that makes unlawful tosend unsolicited commercial email with purpose to deceive or with false sourcedata (not very effective so far in stopping even what it defined as illegal... andbecause it makes it legal to send SPAM in other cases, some have called itYou can SPAM act). See http://www.spamlaws.com/federal/108s877.html

CA SignatureA digital code that vouches for the authenticity of a digital certificate. The CA sig-nature is provided by the certificate authority (CA) that issued the certificate.

CAUCE (Coalition Against Unsolicited Commercial Email)An ad hoc volunteer organization that was created by Netizens to advocate fora legislative solution to the problem of UCE, better known as spam. See

www.cauce.org

Cavity infectorSearches for a suitably sized hole or gap in the target file, then insert its code

without increasing the length of the file, but preserving its functionality. Italters the programs entry point so the virus code runs first or makes whateverchanges to the host to gain control. This gives the virus a chance to copy itselfelsewhere in the memory before the host file uses the data area overwritten bythe virus. One of the first parasitic file infectors Lehigh, was a Cavity virus.

CBV (Call-Back Verification)A technique used by some systems to distinguish valid sender email addressesfrom invalid ones such that a receiving mail server connects back to MTA of asender domain (as identified by MX records) to verify that such address existsbefore accepting the email.

CCITT (International Telegraph and Telephone Consultative Committee)A predecessor organization of the ITU-T.

Certificate Authority (CA)A certificate authority is an authority in a network that issues and managessecurity credentials and public keys for message encryption and decryption.

As part of a public key infrastructure (PKI), a CA checks with a registrationauthority (RA) to verify information provided by the requestor of a digital cer-tificate. If the RA verifies the requestors information, the CA can then issue acertificate.

CGI exploitWhen a denial of service attack is aimed at the CGI (common gateway inter-face), it is referred to as a CGI exploit. The CGI is a standard way for a Webserver to pass a Web users request to an application program and to receivedata back to forward to the user. It is part of the Webs HTTP protocol.

Challenge-ResponseA common authentication technique whereby an individual is prompted (thechallenge) to provide some private information (the response). Most security

systems that rely on smart cards are based on challenge-response. A user isgiven a code (the challenge) which he or she enters into the smart card. Thesmart card then displays a new code (the response) that the user can presentto log in.

CHAP (Challenge-Handshake Authentication Protocol)An authentication technique where after a link is established, a server sends achallenge to the requestor. The requestor responds with a value obtained byusing a one-way hash function. The server checks the response by comparing itits own calculation of the expected hash value. If the values match, the authen-tication is acknowledged otherwise the connection is usually terminated.

Checksum or hashA checksum is a count of the number of bits in a transmission unit that isincluded with the unit so that the receiver can check to see whether the samenumber of bits arrived. If the counts match, its assumed that the completetransmission was received.

CID (Caller-ID)

In email security this refers to a Microsoft proposal for verification of emailsender based on RFC2822 headers Sender, From, Resent-Sender, Resent-From.This proposal used DNS XML records and it has now been superseded bySender-ID which uses SPF records.

Circuit-level gatewaysCircuit-level gateways run proxy applications at the session layer instead of theapplication layer. They cant distinguish different applications that run on thesame protocol stack. However, these gateways dont need a new module forevery new application, either. Circuit-level gateway is a firewall feature whichcan, when needed, serve as an alternative to packet filtering or application gate-

way functionality.

Cleanup intervalA setting in the Ravlin Node Manager that specifies how long a Ravlin unitwaits before performing automatic internal cleanup. In general, the busier thenetwork, the more often system cleanups should be performed.

ClientA client is the requesting program or user in a client/server relationship. Forexample, the user of a Web browser is effectively making client requests forpages from servers all over the Web. The browser itself is a client in its relation-ship with the computer that is getting and returning the requested HTML file.

CMS (Cryptographic Message Syntax)Standard for cryptographic email message data, see [RFC2630], [RFC3369]

www.rfc.net.

CNAME (Canonical Name)A DNS RR that is used for listing Canonical (Real) name of acertain host, this allows to alias one DNS name to another. See

http://www.dns.net/dnsrd/rr.html and [RFC1035] www.rfc.net.CollisonThis term is used in cryptography as reference to when two distinct data setsproduce identical HASH digest. A good cryptographic hash function wouldmake it very computationally difficult to purposely create a collision.

Command-line scannerA powerful scanner that disinfects malicious viruses, worms and trojans in all majorfile types. Command-line scanner is commonly used for Unix based platforms.

Community stringA character string used to identify valid sources for SNMP requests, and tolimit the scope of accessible information. Ravlin units use the communitystring like a password, allowing only a limited set of management stations toaccess its MIB

Companion VirusA companion virus will rename either itself or its target file in an attempt to

trick the user into running the virus rather than the target program. For exam-ple, a companion virus attacking a file named GAME.EXE may rename thetarget file to GAME.EX and create a copy of itself called GAME.EXE.

ComplianceMessaging and email compliance email and messaging regulatory require-ments mandated by governing entities. These include: the Health InformationPortability and Accountability Act (HIPAA), Gramm- Leach Bliley Act (GLB),and Sarbanes-Oxley Act (SOX) Act as well as others. Compliance can also bedefined in non-regulatory terms as organizational compliance for messaging:use policies, privacy, HR oversight, etc.

Content blockingThe ability to block network traffic based on actual packet content.

Content filtering, scanning or screeningThe ability to review the actual information that an end user sees when usinga specific Internet application. For example, the content of email, or emailattachments.

Content virusSee data driven attack. Commonly protected against with a virus scanner.

CookieA message given to a Web browser by a Web server. The browser stores themessage in a text file called cookie.txt. The message is then sent back to theserver each time the browser requests a page from the server.

CoS (Class of Service)Class of Service (CoS) is a way of managing traffic in a network by groupingsimilar types of traffic (for example, email, streaming video, voice, large docu-ment file transfer) together and treating each type as a class with its own levelof service priority.

C/R (Challenge/Response)A technique used by some systems to determine good senders from bad ones.Assumes that all senders are bad unless they have been verified by havingresponded to a challenge sent by receiving system the first time it got emailfrom the sender. All senders who have responded are placed on local

WHITELIST and their email is then allowed through to recipient.

CRNS (NIST Computer Security Resource Center of Computer SecurityDivision)See http://crns.nist.gov

CryptoCore

A RedCreek hardware implementation that offloads the heavy computationalload usually imposed by cryptographic tasks, freeing system resources and thusallowing rapid encryption.

CryptographyA branch of complex mathematics and engineering devoted to protecting information from unwanted access. In the context of computer networking, cryp-tography consists of encryption, authentication, and authorization.

5 2006 Sendmail Inc


6/22

CSV (Certified Server Validation (formerly Cl ient SMTP Validation))A verification of SMTP session HELO/HELO identity which involveschecking if the incoming SMTP servers IP address is listed as a valid SMTPclient based on DNS SRV record of the domain in HELO. See http://

www.csvmail.com and http://mipassoc.org/csv/and [Draft-CSV].

DDaemon

A program that runs continuously and exists for the purpose of handling peri-odic service requests that a computer system expects to receive. The daemon

program forwards the requests to other programs (or processes) as appropriate.Each server of pages on the Web has an HTTPD or Hypertext TransferProtocol daemon that continually waits for requests to come in from Webclients and their users.

Data driven attackA form of intrusion in which the attack is encoded in seemingly innocuousdata, and it is subsequently executed by a user or other software to actuallyimplement the attack.

Distinguished Encoding Rules (from CCITT recommendation X.509section 8.7)Set of encoding rules based on ASN.1. DER is often a reference to the formatof binary ASN.1 PKCS and/or X.509 objects. Seehttp://luca.ntop.org/Teaching/Appunti/asn1.html

DDOSDistributed Denial of Service - a most common form of DoS that involvesusing multiple sources (many thousands) controlled by attacker. Quite often

the sources of such attacks are either directly hacked computers or computersthat had become zombies and are now part of a BOTNET.

DES (Data Encryption Standard)A widely-used method of data encryption using a private (secret) key that wasjudged so difficult to break by the U.S. government that it was restricted forexportation to other countries. There are 72,000,000,000,000,000 (72quadrillion) or more possible encryption keys that can be used. For each givenmessage, the key is chosen at random from among this enormous number ofkeys. Like other private key cryptographic methods, both the sender and thereceiver must know and use the same private key.

Denial of Service Attack (DOS)A user or program takes up all the system resources by launching a multitudeof requests, leaving no resources and thereby denying service to other users.Typically, denial-of-service attacks are aimed at bandwidth control.

Designated Sender

A generic term for systems like RMX, DMP, SPF and Caller-ID, in whichdomain owners can designate which hosts can send email using their domainnames. Also known as Designated Sender Scheme.

DH (Diffie-Hellman Public Key Encryption Algorithm)See [RFC2631] www.rfc.net.

DHCP (Dynamic Host Configuration Protocol)DHCP enables individual computers on an IP network to extract their config-urations from a server (the DHCP server) or servers, in particular, servers thathave no exact information about the individual computers until they requestthe information. The overall purpose of this is to reduce the work necessary toadminister a large IP network. The most significant piece of information dis-tributed in this manner is the IP address.

Diffie-HellmanThe Diffie-Hellman Method For Key Agreement allows two hosts to create andshare a secret key. VPNs operating on the IPSec standard use the Diffie-Hellmanmethod for key management. Key management in IPSec begins with the overallframework called the Internet Security Association and Key ManagementProtocol (ISAKMP). Within that framework is the Internet Key Exchange (IKE)protocol. IKE relies on yet another protocol known as OAKLEY and it usesDiffie-Hellman.

DiffServ (Differentiated Services)Differential service mechanisms allow providers to allocate different levels ofservice to different users of the Internet. Broadly speaking, any traffic manage-ment or bandwidth control mechanism that treats different users differently -ranging from simple Weighted Fair Queuing to RSVP and per-session trafficscheduling - counts. However, in common Internet usage the term is coming tomean any relatively simple, lightweight mechanism that does not dependentirely on per-flow resource reservation.

Digest [1]For mail lists, newsgroups and other discussion forums this refers to a collec-tion of multiple messages on that discussion forum for a certain period of time(one-day is daily digest, one-week is weekly digest, one-month is monthlydigest, etc).

Digest [2]In cryptography digest (which is referred to as cryptographic message digest or digi-tal fingerprint) is a hash of message data, which is what is used when cryptographicsignature is created (the encrypted message digest is in fact the signature).

Digital CertificateA digital certificate is an electronic credit card that establishes your creden-tials when doing business or other transactions on the Web. It is issued by acertification authority (CA). It contains your name, a serial number, expirationdates, a copy of the certificate holders public key (used for encrypting anddecrypting messages and digital signatures), and the digital signature of the cer-tificate-issuing authority so that a recipient can verify that the certificate is real.

Digital FingerprintThis is sometimes used to refer to a cryptographic hash of email message, theother term used for this is DIGEST of email message. For more info seeDIGEST [2].

Digital SignatureA digital signature is an electronic rather than a written signature that can be usedby someone to authenticate the identity of the sender of a message or of the signerof a document. It can also be used to ensure that the original content of the mes-sage or document that has been conveyed is unchanged. Additional benefits to theuse of a digital signature are that it is easily transportable, cannot be easily repudi-ated, cannot be imitated by someone else, and can be automatically time-stamped

Directory Harvest Attack (DHA)An attack in which a Bot is set loose in an organizations network to sniff outand "harvest" email addresses and other information that can be used for spamand other malicious attacks.

DISA (Defense Information Systems Agency)An agency within US Military responsible for providing network and informa-tion services to other military agencies, see http://www.disa.mil

DisinfectionCleaning or deleting a virus infection.

DK (Domain Keys)A proposal by Yahoo such that sending MTAs would add a special header withRSA signature which can be verified by retrieving a public key from DNS TXTrecord. See [Draft-DK] and http://antispam.yahoo.com/domainkeys

DKIM (Domain Keys Identified Mail)Is an Internet-wide, scalable, and non-proprietary, e-mail authentication system

designed to verify the DNS domain of an E-mail sender and the messageintegrity. DKIM is entirely peer-to-peer, it requires no third parties or central-ized servers. DKIM was advanced by an industry consortium in 2004 thatincluded Sendmail along with Yahoo! and Cisco who merged and enhancedDomainKeys (Yahoo!) and Identified Internet Mail (Cisco) to create DKIM.DKIM is supported by many other companies, including AOL, EarthLink,IBM, PGP Corporation, and Verisign. This merged specification is the basis foran IETF Draft and Working Group with the goal of guiding the speci-fication towards becoming an IETF standard. http://www.dkim.org

DMP (Designated Mailers Protocol)A proposal for identifying computer systems authorized to act as Simple MailTransfer Protocol (SMTP) clients for an email domain this is one of the earlierproposals that SPF is based on. For more information see http://www.pan-am.ca/dmp/

DMZ (de-militarized zone)

A network added between a protected network and an external network inorder to provide an additional layer of security. Sometimes called a perimeternetwork.

DNA (Domain Name Accreditation)One of the proposals aimed at identifying domain accreditation service.

DNS (Domain Name System)Distributed data lookup system used on the Internet as means of identifyingnetwork end-points (hosts) by name (these names are referred to as domains)and finding their attributes (these are referred to as Resource Records - most

well known of which are IP addresses and MX records). This protocol hasproven to be very robust for small size data lookups. See [RFC1035]

www.rfc.net and http://www.dns.net/dnsrd/.

DNSBL (DNS BlockList)Usually IP-addresses blocklist maintained centrally which can be checked bythe DNS protocol (returning address within 127.0.0.x if an entry is in the list)



7/22

DNS HOSTDNS HOST or HOSTNAME is a final end-point naming identifier in theDNS system which would refer to actual physical HOST system. Note that thesame HOST can have more than one hostnames.

DNS RR (DNS Resource Record)DNS record type, these include A (IP), MX, SRV, PTR, TXT andothers.

DNSSEC (DNS Security)An attempt to secure DNS system which involves cryptographic signatures forall DNSSEC secure zones.

DNS spoofing

Breaching the trust relationship by assuming the DNS name of another system.This is usually accomplished by either corrupting the name service cache of avictim system or by compromising a domain name server for a valid domain.

DNS ZONECollection of related DNS records - usually these are all DNS records for samedomain, but zones can have records that spawn multiple domains.

DomainDomain Name (or just Domain) is a very common term for Internet infrastructurethat refers to naming of all Internet end-points which have names like c.b.a, (i.e. itslong name separated by a number of ..) The naming system is hierarchical andICANN is de-jure (but not necessarily de-facto for every Internet user) authoritythat decides on the list of a or root TLDs. Name delegation in each TLD is doneby different Registrars and in the end each ISP (or directly end-user) has been dele-gated one or more Domains which user can either directly use as FQDN or set upHOSTNAMES for each system.

Domain Keys (DK)A proposal by Yahoo! in which sending MTAs would include a special header con-taining an RSA signature which can be verified by retrieving a public key from thesenders DNS TXT record. See http://antispam.yahoo.com/domainkeys

Domain Keys Identified Mail (DKIM)Is an Internet-wide, scalable, and non-proprietary, e-mail authentication systemdesigned to verify the DNS domain of an E-mail sender and the messageintegrity. DKIM is entirely peer-to-peer, it requires no third parties or central-ized servers. DKIM was advanced by an industry consortium in 2004 thatincluded Sendmail along with Yahoo! and Cisco who merged and enhancedDomainKeys (Yahoo!) and Identified Internet Mail (Cisco) to create DKIM.DKIM is supported by many other companies, including AOL, EarthLink,IBM, PGP Corporation, and Verisign. This merged specification is the basis foran IETF Draft and Working Group with the goal of guiding the speci-fication towards becoming an IETF standard. http://www.dkim.org

Domain name serverA repository of addressing information for specific Internet hosts. Name serversuse the domain name system to map IP addresses to Internet hosts.

DoS (Denial of Service Attack)An attack against a system that typically involves sending a large number ofidentical queries in order to overload the server capacity of the target system,thus denying service to legitimate users. While DoS attacks often use identicalmessages, it is the number of messages (not their content) that makes themproblematic.

DownloadableA downloadable is a file that has been transmitted from one computer systemto another, usually smaller computer system. From the Internet users point-of-view, to download a file is to request it from another computer (or from a Webpage on another computer) and to receive it.

DownloaderA program that downloads another program, usually a virus or other malware,

and runs it.Downstream post office

A post office that communicates with a mail server through another post office orother post offices.

DRIP (Designated Relays Inquiry Protocol)A sender authentication proposal similar to DMP, but which uses a differentDNS syntax. Drone (Robot Drone): A hacked or otherwise compromised com-puter being remotely controlled by someone other than its owner. Drones aremost often created by virus attacks, and are frequently used by spammers todistribute spam or for DDoS attacks. Synonymous with Hijacked PC, ZombiePC and Bot.

DroneRobot drone - in computer security this is synonymous with ZOMBIE andBOT [2] and means hacked or otherwise compromised (for example by virus)computer being remotely controlled by somebody other than its owner.

DroneArmyA large number of DRONES controlled by single entity, see BOTNET andZOMBIE ARMY

DropperAn executable file that drops a virus or Trojan onto the target computer whenthe program is run. A Dropper files intention is to create a virus or trojan andthen execute it on the users system, possibly at a later date or time.

DS [1] (Designated Sender)A generic term used to describe systems like RMX, DMP, SPF and Caller-ID,where the domain owners can designate which hosts can send email using theirdomain names.

DS [2] (Digital Signature)Generic term for any kind of cryptographic signature.

DSA (Digital Signature Algorithm)General term for algorithms used for creating digital signatures. These algo-rithms include RSA, Deffie-Hellman, ECDSA, HMAC and others.

DSL (Digital Subscriber Line)DSL (Digital Subscriber Line) is a technology for bringing high-bandwidthinformation to homes and small businesses over ordinary copper telephonelines. xDSL refers to different variations of DSL, such as ADSL, HDSL, andRADSL. A DSL line can carry both data and voice signals and the data part ofthe line is continuously connected.

DSN (Delivery Status Notification)Message delivery status (usually failure to deliver) message send by MTA tomessage sender, see [RFC3461] www.rfc.net.

DSP (Designated Sender Protocol)

An early name for DMP.DSS (Digital Signature Standard)The Digital Signature Standard (DSS) is a cryptographic standard promulgatedby the National Institute of Standards and Technology (NIST) in 1994. It hasbeen adopted as the federal standard for authenticating electronic documents,much as a written signature verifies the authenticity of a paper document.

DSS [1]Designated Sender Scheme - same as DS [1]

DSX (Dynamic Security Extension)A proprietary technology that is patented and works in the following way. Theoperating system has a system call (or vector) table that contains memoryaddress pointers for each system call. These pointers point to a location inmemory where the actual kernel code of the system calls resides. DSX storesthe address pointers for the security sensitive system calls and then redirectsthese pointers to the corresponding SECURED system call code, which is

located elsewhere in memory.Dual-homed gateway

A system that has two or more network interfaces, each of which is connected to adifferent network. In firewall configurations, a dual-homed gateway usually acts toblock or filter some or all of the traffic trying to pass between the networks.

DVCSInternet X.509 Public Key Infrastructure Data Validation and CertificationServer Protocol, see [RFC3029] www.rfc.net.

Ee-businesse-business (electronic business, derived from such terms as email ande-commerce) is the conduct of business on the Internet, not only buying andselling but also servicing customers and collaborating with business partners.

ECC (Elliptic Curve Cryptography)A public key cryptography method that uses points on an elliptic curve toderive a public key. The public key is created by agreeing on a standard genera-tor point in an elliptic curve groupand multiplying that point by a random number, which is the private key.

ECDSA (The Elliptic Curve Digital Signature Algorithm)Cryptography algorithm used in ECC (see above).

e-commercee-commerce (electronic commerce or EC) is the buying and selling of goodsand services on the Internet, especially the World Wide Web. In practice, thisterm and e-business are often used interchangeably. For online retail selling, theterm e-tailing is sometimes used.

7 2006 Sendmail Inc


8/22

EDI (Electronic Data Interchange)Communication of business transactions such as orders, confirmations, invoices,and exchanges, between different organizations. Used mostly in supply chainand inventory management, it is usually automatically run on a computer-to-computer basis, although some interaction is possible. EDI service companiesprovide systems through which transacting entities with incompatible systemscan communicate.

EES (Escrowed Encryption Standard)Used by certain branches of US government for encryption of telecommunica-tion data intercepted for law enforcement use. Based on SKIPJACK symmetric-key encryption/decryption algorithm.

EHLO (Extended HELO)An extended format for HELO command given by the initiator of anESMTP session.

email(Electronic Mail) generic term used to describe messaging system on theInternet.

email clientAn application from which users can create, send and read email messages.

email filterA process that sorts emails based on certain criteria, typically as an attempt tosort out unwanted and bad email such as spam, viruses, and phishing attacks.

A filter may also be used to sort email relevant to a particular subject orproject.

email headerThe header placed in front of the message containing the "to" address, "from"address, subject, and "cc" and "bcc" addresses. It is normally created by theemail client when sending the message and modified by all email serversbetween the source and the destination in order to enable tracing the path ofthe message.

email serverAn application that controls the distribution and storage of email messages.

Encoding [1]As a verb this refers to a process of transforming data, usually so that arbitrarybinary data could be represented in ASCII format and as such safely includedemail. MIME format of email data may require encoding when including 8-bitdata block and BASE64 encoding is often used for this purpose

Encoding [2]As a noun this refers to format and algorithm of the system used for encodingthe data (see above). Some examples of such systems are: MIME w/BASE64,UUENCODE, BinHex

EncryptionA change made to data, code or a file so that it can no longer be read oraccessed without being decrypted. Secure email systems encrypt messages sothey cannot be read by someone without the key necessary fordecryption.Viruses may use encryption in order to avoid detection by hidingtheir viral code.Viruses can also encrypt code or data on a system as part oftheir destructive payload.

Encryption-In-Place (EIP)A security mode in which a Ravlin unit encrypts the IP packets payload only(without encrypting the packet header). Because EIP does not require encryp-tion of the IP header or encapsulation of the IP packet, overhead is lower andperformance enhanced.

End NodeThe ultimate physical destination of any data item on a network, which maybe a desktop computer, a storage unit, an outputdevice such as a printer, adatabase server, or any point at which the data transmission may end.

Endpoint GroupIn a policy enforced network, an endpoint group represents subnets or an indi-vidual host protected by a security appliance. By creating and configuring end-point groups, you can permit hosts in one subnet to exchange data securely

with hosts in another subnet. Endpoint groups along with their associated poli-cy enforcement points are generally members of a policy group.

Enterprise ObjectWithin a policy enforced network, the enterprise is the highest-level object cat-egory. It encompasses all management domains and all lower-level divisions inthe organizations secure networking environment.

ESMTP (Extended Simple Mail Transfer Protocol)Extends original SMTP (which was described in [RFC821]) with syntax thatallows additional extensions. ESMTP is what almost every SMTP server nowsupports, its base syntax is described in [RFC2821] www.rfc.net.

ESP (Encapsulated Security Payload)The Encapsulating Security Payload provides confidentiality for IP datagrams orpackets, which are the message units that the Internet Protocol deals with and thatthe Internet transports, by encrypting the payload data to be protected.

ESS (Enhanced Security Services for S/MIME)See [RFC2634] www.rfc.net.

EthernetA local-area network (LAN) protocol developed by Xerox Corporation in cooperation with DEC and Intel in 1976. Ethernet uses a bus or star topology andsupports data transfer rates of 100Mbps.

Executable

An executable is a file that contains a program - that is, a particular kind of filethat is capable of being executed or run as a program in the computer.

Executable filesA file in a format that the computer can directly execute. Executables in DOSand Windows usually have a .exe or a .com extension

EICAREICAR is a product of the European Institute for Computer AntivirusResearch and is a special test file. This dummy file is detected by antivirusproducts exactly as if it were a virus. Naturally, the file is not a virus. Whenexecuted, EICAR.COM will display the text EICAR-STANDARD-

ANTIVIRUS-TEST-FILE and exit.

Extended MAPI (Extended Messaging Application Programming Interface)An interface developed by Microsoft that provides messaging functions includ-ing addressing, sending, receiving and storing messages.

FFalse positiveIf it is claimed that a suspicious object is found when in reality it is clean, afalse positive is said to have occurred. This problem is usually fixed in the nextspam or virus signature file release.

FDDI (Fiber Distributed Data InterfaceA set of ANSI protocols for sending digital data over fiber optic cable. FDDInetworks are token-passing networks, and support data rates of up to 100Mbps (100 million bits) per second. FDDI networks are typically used as back-bones for wide-area networks.

File VirusA file virus inserts its code into executable files. When the infected fi le is beingaccessed, the virus may overwrite the entire file. Overwriting viruses cause per-manent damage to the content of the overwritten files. Infected files cannot bedisinfected and instead must be deleted and restored from backup. The most

infamous example is Loveletter, which is operated as an email worm, filevirus, and Trojan downloader. File-infecting viruses have targeted a range ofoperating systems, including Macintosh, UNIX, DOS, and Windows.

FilterA filter is a program or section of code that is designed to examine each inputor output request for certain qualifying criteria and then process or forward itaccordingly.

FingerprintIn cryptography a fingerprint is a HASH of public key. It is often used to verifythat a public key is correct.

FIPSFederal Information Processing Standards - standards set by NIST for informa-tion and telecommunication infrastructure of US Government for use in infor-mation processing systems. See http://www.itl.nist.gov/fipspubs/

Firewall

A firewall is a program that protects the resources of one network from usersfrom other networks. Typically, an enterprise with an intranet that allows its

workers access to the wider Internet will want a firewall to prevent outsidersfrom accessing its own private data resources.

Firewall denial-of serviceThe firewall is specifically subjected to a denial-of-service attack.

Forwarder: 1Any Mail Redirection Agent that redirects an email such that the senderappears to be different from the original source of the message. Email market-ing services use forwarders to make it appear that an email message originatedfrom the marketing company rather than from the service that actually sent it.2. Any Mail User Agent that redirects that users email to a different emailaddress. These are often embedded in email client software to allow users toreceive email at a different location when traveling.



9/22

FOSS (Free and Open Source Software)Open-source software is software with source code freely available and anyonehas the right to modify and redistribute such software. Seehttp://www.fsf.org/philosophy/free-sw.html

FQDN (Fully Qualified Domain Name)Refers to a properly specified domain that is a proper hostname, (i.e. its adomain that has a DNS RR other than NS). (NS is delegation record usedto identify when domain information can be found in another zone or anotherDNS server and listing such a server. )

FTC (Federal Trade Commission)A division of United States Government responsible for promoting fair tradeand making sure consumers are not hurt by bad business practices. Part of theirresponsibility includes regulations on use of email as per CAN-SPAM act.

FTP (File Transfer Protocol)FTP is the simplest way to exchange files between computers on the Internet.Like the Hypertext Transfer Protocol (HTTP), which transfers displayable Webpages and related fi les, and the Simple Mail Transfer Protocol (SMTP), whichtransfers email, FTP is an application protocol that uses the Internets TCP/IPprotocols.

GGateway

A gateway is a network point that acts as an entrance to another network. In acompany network, a proxy server acts as a gateway between the internal networkand the Internet. A gateway may also be any machine or service that passes packetsfrom one network to another network in their trip across the Internet.

GNU (Gnus Not Unix)A project by Free Software Foundation to develop Free and Open Source pro-grams and utilities for Unix operating system (including free version of Unixitself ). See http://www.gnu.org

GPG (GNU Privacy Guard)A popular open-source program for encrypting and signing email basedon PGP specification, some also use this as synonym term for PGP. Seehttp://www.gnupg.org/

GPLGNU Public License - a very very popular license often used by people whocreate free and open source programs and packages. Its features include require-ment that any modified version of program also be GNU licensed. Seehttp://www.gnu.org/licenses/licenses.html

Green Screen TerminalTerminals that are designed to be centrally-managed, configured with only

essential equipment, and devoid of CD-ROM players, diskette drives, andexpansion slots (and therefore lower in cost).

GreylistingA technique where for some (or all) email SMTP connections an MTAresponds with temporary failure error requiring delivery to be retried at latertime. Normally this is used so that delivery attempts from previously unknownsource could be correlated to better decide if that new source is likely to begood or bad. See http://www.greylisting.org/

GW-MTAGateway Message Transfer Agent - a gateway MTA that accepts a message andfurther retransmits it to a foreign mail system outside of the Internet protocolspace.

HHackerHacker is a term used by some to mean a clever programmer and by others,especially journalists or their editors, to mean someone who tries to break intocomputer systems.

HarvestingA covert act in which email addresses are collected for compilation of emaildatabases to be used for unsolicited mailings.

HashIn math hash function refers to a way of converting a large data block into amuch smaller data block that represents the original and which is then called aHASH. For cryptography its important that given a hash data one could noteasily find another data that would produce the same hash. Currently the most

widely used cryptographic hash function algorithms are MD5and SHA-1.

Headend or Head EndA central control device required by some networks (e.g., LANs or VPNs) toprovide such centralized functions as administration, diagnostic control, andnetwork access.

HeaderA temporary data record added to the beginning of the transmitted text in orderto transfer a message over a network. Typically a header contains source and desti-nation locations as well as data that describe the content of the message.

HELOThe command that initiates an SMTP conversation. New extended versionof this command used in ESMTP is EHLO. See [RFC821] and [RFC2821]

www.rfc.net.

Heuristics analysisAnalysis instructions contained within a program or macro to determinewhether the program is likely to be a virus.

Heuristic scannerA scanning technique that looks for patterns, activities or suspicious code that mayindicate a new virus. Most leading antivirus packages incorporate a heuristic scan-ning technique to detect new or previously undetected viruses in the wild.

Highjacking or hijackingIn computer security this term describes taking computer resource(s) by somebodyother than its legal owner without resource owners permission or consent - this issimilar to stealing but applied to computer resources. This may be done either to beable to directly control and use the resource or as a way to pretend to be theresource owner possibly to get access to important information.

Hijacked IPsThis term describes group of IP addresses (an IP block) that are being controlledand/or used without permission by somebody other than the legal entity to whichthe IP block was allocated. See http://www.completewhois.com/hijacked/.

Hijacked PCHijacked Personal Computer - this is synonymous with Zombie PC anddescribes a computer where special BOT [2] program has been installed (oftenas a result of virus infection) which allows the system to be remotely controlledby somebody else than computer owner. Such computers are often used to dis-tribute spam (see zombies and botnet) or used as a source for DDOS attacks.

HMAC (Header Message Authentication Codes )Keyed-Hash Message Authentication Code - it is a type of message authentica-tion using both cryptographic hash together in combination with secret KEY.HMAC-MD5 (based on MD5 hash algorithm) and more recently HMAC-SHA1 (based on SHA1) are used in IPSec and TLS

HoaxHoax warnings are typically scare alerts started by malicious people and passed

on by innocent users who think they are helping the community by spreadingthe warning. If you receive a warning about a security threat, please look into ifurther before you forward it to other users.

HostA computer attached to the Internet. A host may have one or more DNSnames (hostnames) and may have one or more IP addresses. Hosts with morethan one interface and IP addresses in different networks can function as arouter or a gateway.

HostnameSynonym for DNS Host.

HTML (HyperText Markup Language)A standard set of commands used to structure documents and format text sothat it can be used on the Web.

HTTP (HyperText Transfer Protocol)HTTP is the set of rules for exchanging files (text, graphic images, sound,

video, and other multimedia files) on the World Wide Web. Relative to theTCP/IP suite of protocols (which are the basis for information exchange on theInternet), HTTP is an application protocol.

HTTPS (Secure Hypertext Transfer Protocol)The secure hypertext transfer protocol (HTTPS) is a communications protocoldesigned to transfer encrypted information between computers over the World

Wide Web. HTTPS is http using a Secure Socket Layer (SSL).

Hybrid AuthThe Hybrid Auth extension allows the asymmetric use of digital certificatesbetween client and server. The client verifies the authenticity of the servers cre-dentials (certificate), and the server verifies the authenticity of the clients cre-dentials. Companies benefit from the interoperability of standards-based IPSec

with IKE as well as the increased security of the PKI at the central site, with nodisruption to remote users.

9 2006 Sendmail Inc


10/22

IIANA (Internet Assigned Numbers Authority)They maintain a list of unique Internet identifiers, including protocolnumbers, service numbers, DNS parameters, etc. - see http://www.iana.org

IBE (Identity-Based Encryption)An encryption scheme that uses some form of a users identity, such as anemail address, as the key in a public key system. First proposed by Shamir (co-founder of the widely-used RSA encryption algorithm) in 1984, its first practi-cal implementation was derived in 2000 at Stanford University and UC Davis.

ICANN (Internet Corporation for Assigned Names and Numbers)The parent organization for IANA and organization responsible for generalInternet policies - see http://www.icann.org

ICSA (International Computer Security Association)An organization with the mission to continually improve commercial computersecurity through certification of firewalls, anti-virus products and web sites. ICSAalso shares and disseminates information concerning information security.

IEEE (Institute of Electrical and Electronics Engineers)Ssee http://www.ieee.org

IETF (Internet Engineering Task Force)Organization of engineers who develop Internet protocol standards, seehttp://www.ietf.org

IETF BOFBoF is an acronym for birds of feather - a term used to describe group ofpeople with common interests. At IETF a BOF is a meeting on which forma-

tion of the new IETF Working Group is discussed.IETF WG (IETF Work Group)

A group of engineers within IETF working on standard in specific area asdefined by WG Charter (all work within IETF is done in WGs).

II2O (Intelligent Input/Output)Intelligent Input/Output (I2O) is a hardware specification that describes amodel for offloading I/O processing from the CPU. The model is after thestyle of what has been used in very large mainframes for years. It is not areplacement for the PCI architecture.

IIM (Identified Internet Mail)A proposal by Cisco such that sending MTAs would add a special header withRSA signature and public key and they key can be verified by looking up itsfingerprint in a special key registration server database. See [Draft-IIM] andhttp://www.identifiedmail.com

IKE (Internet Key Exchange)

Refers to protocol or service for exchanging public keys between differentInternet end-notes and used for IPSEC, see [RFC2409] www.rfc.net.

IM (Instant Messaging)A form of messaging service where small text messages can be sent directlyfrom one persons computer to another. See http://www.jabber.org,http://www.icq.com, http://www.aim.com and http://messenger.msn.com

IMAP (Internet Mail Access Protocol)A protocol that can be used by MUA to get access to email box located atISP mail server where MDA has delivered email, currently used version of thisprotocol is IMAP4, for more info see [RFC3501] www.rfc.net.

Insider attackAn attack originating from inside a protected network.

InternetTerm comes from Interconnected Network and refers to a network that con-nects many other networks (run by ISPs) and end-points to make one global

network (as such some people now refer to Internet as InternationalNetwork).

Internet DraftA working document of IETF, usually a proposal for protocol extension or newprotocol. Not all Internet Drafts become RFCs but all new RFCs were onceInternet Drafts.

IKE (Internet Key Exchange)A hybrid protocol whose purpose is to negotiate, and provide authenticatedkeying material for, security associations in a protected manner. Processes

which implement this protocol can be used for negotiating virtual private net-works (VPNs) and also for providing a remote user from a remote site (whoseIP address need not be known beforehand) access to a secure host or network.

Internet wormUnlike a virus, an Internet worm does not infect other files. It creates copies of itselover and over again until it exhausts system resources. The best known Internet

worm was Loveletter, which was actually a mixed threat: a mass-mailing Internetworm, an overwriting file virus, and a password-stealing Trojan.

Intrusion detectionDetection of break-ins or break-in attempts by reviewing logs or other informa-tion available on a network.

IP (Internet Protocol)The Internet Protocol is the method or protocol by which data is sent fromone computer to another on the Internet. Each computer (known as a host) onthe Internet has at least one address that uniquely identifies it from all othercomputers on the Internet.

IP AddressIP Addresses are identifiers of end-point network nodes for systems connected tothe Internet. There are two types of ip addresses - 32bit ip addresses used withIPv4 and 128bit addresses for IPv6.

IP hijackingAn attack where an active, established session is intercepted and taken over bythe attacker. May take place after authentication has occurred which allows theattacker to assume the role of an already authorized user.

IPR (Intellectual Property Rights)Patent or patent application for some technology or algorithm. IPR have nega-tive effect if they apply to technology that becomes standard as license is thenrequired to use the technology which often limits its use only to companiesthat agree to terms imposed by such license.

IPSEC (Internet Protocol Security )A developing standard for security at the network or packet processing layer ofnetwork communication. IPSEC provides two choices of security service:

Authentication Header (AH), which essentially allows authentication of thesender of data, and Encapsulating Security Payload (ESP), which supports bothauthentication of the sender and encryption of data as well.

IP spoofingAn attack where the attacker impersonates a trusted system by using its IP net-work address.

IPv4Internet Protocol version 4 (in this case 4 is protocol number, its not really 4thgeneration of protocol). Its one major drawback is the use of 32-bit ip address-es which will not be enough given the number of people who want to useInternet. Protocol core specification is described in [RFC791] www.rfc.net.

IPv6Internet Protocol version 6 (6 is protocol number, it is actually the 2nd genera-

tion Internet protocol and as such was referred to as IP-NG) which is currentlybeginning to get deployed. It uses 128-bit ip addresses system unlike 32-bit

with IPv4 and also includes a number of other advanced features. See[RFC2460] www.rfc.net.

IRC (Internet Relay Chat)A protocol used for real-time user chat computer networks (which are hencecalled irc networks), largest networks have tens of thousands of users chattingconnected to series of interconnected servers. See http://www.irchelp.org

IRTF (Internet Research Task Force)A sister organization to IETF which does research in areas of Internet technologies and can often involve early work that later is picked up by IETF WG. Seehttp://www.irtf.org

ISDN (Integrated Services Digital NetworkA set of communications standards allowing a single wire or optical fibre tocarry voice, digital network services and video. ISDN gives a user up to 56

kbps of data bandwidth on a phone line that is also used for voice, or up to128 kbps if the line is only used for data.

ISO (International Standards Organization)Official name is actually International Organization for Standardization - seehttp://www.iso.org

ISOC (Internet Society)An open organization whose mission is developing the Internet for the benefitof people throughout the world, they sponsor activities of IETF and RFCEditor. See http://www.isoc.org

ISP (Internet Service Provider)A term used to describe a company providing Internet access to the public.Each ISP runs its own network and connected together (with other organiza-tions networks) they all make up what we call Internet.



11/22

ITU (International Telecommunication Union)An UN organization that sets policies, procedures and standards for interna-tional telecommunications. See http://www.itu.int

ITU-T (International Telecommunication Union Standardization Bureau)The telecommunications standardization sector of the ITU.

JJavaJava is a programming language expressly designed for use in the distributedenvironment of the Internet. It was designed to have the look and feel of the

C++ language, but it is simpler to use than C++ and enforces a completelyobject-oriented view of programming. Java can be used to create completeapplications that may run on a single computer or be distributed among serversand clients in a network. It can also be used to build small application modulesor applets for use as part of a Web page. Applets make it possible for a Webpage user to interact with the page.

JOE-JOBThis term is used to describe what happens when a spammer chooses the emailaddress of an unsuspecting user as the spoofed source email. The spoofed userthen receives bounces (from failed delivery attempts) and angry complaintsfrom people who did not want to receive those emails.

KKEA (Key Exchange Algorith)

A general term used to describe various proposals for automated exchange of

cryptographic keys such as ones used for IKE.KerberosKerberos was created by MIT as a solution to network security problems. TheKerberos protocol uses strong cryptography so that a client can prove its identi-ty to a server (and vice versa) across an insecure network connection. After aclient and server has used Kerberos to prove their identity, they can alsoencrypt all of their communications to assure privacy and data integrity as theygo about their business.

KeyIn cryptography, a key is a variable value that is applied using an algorithm to astring or block of unencrypted text to produce encrypted text. The length ofthe key generally determines how difficult it will be to decrypt the text in agiven message.

Key ManagementThe establishment and enforcement of message encryption and authenticationprocedures, in order to provide privacy-enhanced mail (PEM) services for elec-tronic mail transfer over the Internet.

LLDA (Local Delivery Agent)Mail system component that delivers the message to the local message store.This is used either as a synonym for MDA or to describe an actual mail deliv-ery component of it.

LDAP (Lightweight Directory Access Protocol)LDAP is an emerging software protocol for enabling anyone to locate organiza-tions, individuals, and other resources such as files and devices in a network,

whether on the Internet or on a corporate intranet. LDAP is a lightweight(smaller amount of code) version of DAP (Directory Access Protocol), which ispart of X.500, a standard for directory services in a network.

Litigation Protection

Litigation protection is both the review and recording of Internet, intranet andextranet communications that is done in order to avoid litigation or the docu-mentation of the communications parties and content in the event of litigation.

LMAP (Lightweight MTA Authentication Protocol)Refers to working group within ASRG that took place at the end of 2003 totry to unify multiple proposals (RMX, DMP, SPF, DRIP, MTAMARK) thatfocused on per-hop authentication based on SMTP client IP. While no unifiedprotocol was agreed upon, the result was a draft discussing this approach toemail authentication.

MAAWG (Messaging Anti-Abuse Working Group)A group comprised of messaging service providers (primarily ISPs) and compa-nies that provide them with services and software whose purpose is to addressand create strategies to defeat several forms of messaging abuse including spam,virus attacks, denial-of-service attacks, and others.

MMAC (Media Access Control)On a network, the MAC address is your computers unique hardware number.The MAC address is used by the Media Access Control sublayer of the Data-Link Control (DLC) layer of telecommunication protocols. There is a differentMAC sublayer for each physical device type. The Data-Link Layer is the proto-col layer in a program that handles the moving of data in and out across aphysical link in a network.

Macro VirusMacro viruses are small programs written using the internal programming language

of a specific application program that replicate within documents created by theapplication program. Common examples of application programs that use macrosinclude word processors such as Word and spreadsheets such as Excel.

MadridMTA Authorization Records In DNS - an IETF WG that existed between Apriland September 2004 to discuss standardization of LMAP / Designated Senderrelated proposals. It came close to standardizing SPF, but was disbanded because opressure from Microsoft to standardize SenderID which had technical problemsthat were never resolved and had Microsoft claimed intellectual property rights

with a license offered all incompatible with Open Source software.

Mail BombA type of DOS attack that involves sending a large number of email messagesto the victims email address or to the victims email server in an attempt tooverload the server or to make email box unusable and difficult to find goodmessages among the bad ones.

Mail ListWhile it means simply a list of email addresses, usually it refers to discussionforum where each person on mail list can send an email that would be forwardedto every other person on the same list.

Mail FromThe dialogue between the sending and receiving MTAs, and executes the emailmessage transmission. The command contains the information necessary todetermine where the email came from, including information contained in thePurported Responsible Address.

Malicious CodeMalicious code is any code added, changed, or removed from a software systemin order to intentionally cause harm or subvert the intended function of thesystem. Traditional examples of malicious code include viruses, worms, TrojanHorses, and attack scripts, while more modern examples include Java attackapplets and dangerous ActiveX controls.

Malware

Software that includes any threatening programs that are meant to be destruc-tive, such as viruses and worms.

Management DomainIn a policy enforced network, a management domain consists of one or morepolicy groups. A management domain usually encompasses a large category ofusers. For example, a management domain might contain all users who work

with an organizations financial data or with an insurance companys patientrecords. Management domains may also be specific to business relationshipssuch as extranet partnerships or branch-office data transfer.

MAPI (Messaging Application Programming Interface)An interface developed by Microsoft that provides messaging functions includ-ing addressing, sending, receiving and storing messages. Simple MAPI includessome of these functions. Extended MAPI includes all of these functions.

MAPS (Mail Anti-abuse Prevention System)A first blacklist originally started by Pail Vixie and now operated by independ-

ent company as commercial reputation service. See http://www.mail-abuse.orgMass (Mail Authentication Signature Service)

An IETF BoF and possible future WG. BoF proceedings and presentations areat http://www.ietf.org/ proceedings/04aug/230.htm and comparison of propos-als is at http://www.elan.net/~william/ emailsecurity/emailsignatures-compar-isonmatrix.htm. For public mail list subscription info seehttp://www.imc.org/ietf-mailsig/index.html

Mass-mailerMass mailers are worms that attach themselves to malicious email sent auto-matically to contacts in an address book or corresponding list. Mass mailersoften harvest these email addresses from the hard drives of infected computers.Typically a mass mailer arrives at a computer attached to an email message. Insome cases such an infected attachment can start automatically, in other cases auser has to run the attachment in order to become infected.

11 2006 Sendmail Inc


12/22

MD5Message Digest #5 Algorithm (designed by Ronald Rivest along with RSAencryption), see [RFC1321] www.rfc.net.

MDA (Mail Delivery Agent)System that is the end-point of SMTP transmission. It delivers email messageinto a storage device where it can then be picked up or directly accessed by anMUA.

MDN (Mail Disposition Notification)A type of DSN that can be sent indicating successful delivery.

Messaging Gateway ApplianceA server-class computer that enhances MTA services by filtering incoming and

outgoing mail for spam, viruses, and other malware. The device is oftendesigned to also serve as the MTA.

META [1]General term that comes from Greek and means with or about, in computersystems it is usually used to mean additional information or related information.

META [2]Message Enhancements for Transmission Authorization - META Signatures is aproposal for automated email cryptographic signatures that are to be added byMTAs with flexible syntax to support signatures that can be verified after com-mon email modifications (such as with mail lists) and authorization support forDNS and http verification of public key or fingerprint or based on existing

X.509 certificate or from PGP key server. See http://www.metasignatures.org

META TAG [1]In HTML tags are used in the section and provide refer-ences to and short description of topic(s) that are related to content of the web page.

META TAG [2]When used to refer to subject of email messages this is a reference to topic ofdiscussion which is usually put inside [ ...] in Subject: header, mail listsoften add this automatically.

MIB (Management Information Base)A database of objects that can be monitored by an SNMP-based network man-agement system. Standardized MIB formats allow any SNMP tool to monitorany device defined by a MIB.

MIME (Multipurpose Internet Mail Extensions)IETF standard for email content allowing multiple types of objects to beincluded as part of text data message, see [RFC2045], [RFC2046], [RFC2047],[RFC2048], [RFC2049] www.rfc.net.

MonitoringA view of individual user activity on a network, generally in real time. Providesadministrators with the ability to view the content of user utilized applications.

MOSS (MIME Objects Security Services)First, now obsolete IETF standard for encryption of MIME emails.

MRA (Mail Redirection Agent)An intermediate MTA or other SMTP participating entity that changes desti-nation or source of email message in transit. Forwarders and Mail Lists aretwo well known types of Mail Redirection Systems.

MSA (Mail Submission Agent)Program on the sender side that initiates email transmission.

MTA (Mail Transfer Agent)Any server utilizing SMTP protocol to send and receive email messages.

MTAMARKProposal that allows ip address owners to mark (indicate) in INADDR bymeans of TXT record if a particular ip address can or can not be the source ofSMTP transmission.

MTS (Message Tracking Server)A tracking server provides messages tracking data to a tracking client and is arepository of the information about a message passing through a particularMTA. See [RFC3885], [RFC3886], [RFC3887], [RFC3888] www.rfc.net.

MUA (Mail User Agent)Program used by users to read email (same program is also usually an MSA).

Multipartite virusInfects both program and files, master boot records, boot sector and it mustbe cleaned away. Use a clean, write-protected boot disk to boot your systemfrom drive A:\ to make sure that it is being cleaned.

MX (Mail Exchange)A type of DNS RR that identifies MTAs that are supposed to receive emaildestined to addresses in particular domain.

NNANAE (News.Admin.Net-Abuse.Email)

A USENET newsgroup dedicated to discussions of email abuse and spam, seehttp://groups.google.com/group/news.admin.net-abuse.email andhttp://www.nanae.org

NANOG (North American Network Operators Group)A discussion forum for network operators involved in running InternetInfrastructure. Despite that email security and spam issues are off-topic, suchdiscussions happen there almost every day. See http://www.nanog.org

NAPT (Network Address Port TranslationNAPT is a special case of NAT, where many IP numbers are hidden behind anumber of addresses, but in contrast to the original NAT this does not meanthere can be only that number of connections at a time. In NAPT an almostarbitrary number of connections is multiplexed using TCP port information.The number of simultaneous connections is limited by the number of addressesmultiplied by the number of TCP ports available.

NAR (Network Address Retention)A simplified IP addressing capability that eliminates the need to establish anintermediate IP address between a router and a firewall. Sometimes calledProxy-ARP. This feature allows the implementation of a firewall into an exist-ing network without having to establish a new IP address scheme.

NAT (Network Address Translation)Allows your Intranet to use addresses that are different from what the outsideInternet thinks you are using. It permits many users to share a single externalIP address at the same time. The NAT provides what some people call addresshiding, which is, as it suggests, security through obscurity at best.

Network Service Access PolicyA high level, issue specific policy which defines those services that will beallowed or explicitly denied from a restricted network, the way in which theseservices will be used, and the conditions for exceptions to the policy.

NDN (Non-Delivery Notification)A type of DSN that is sent when email can not be delivered.

NIST (National Institute of Standards and Technology)US government organization responsible for setting and publishing standardsand researching technologies used by US government. They published specifi-cations for several cryptography algorithms such as DES or AES. Seehttp://www.nist.gov

NNTP (Network News Transfer Protocol)The predominant protocol used by computers (servers and clients) for manag-ing the notes posted on newsgroups. NNTP replaced the original Usenet pro-

tocol, UNIX-to-UN.Node

A network junction or connection point. Every terminal, server, computer,huband switch in any network is a node.

NOFWS (No Folding White Space)A canonicalization algorithm used in DK, IIM and META Signatures when creat-ing the message digest. Using this algorithm allows message digest verification to

work even after some common transformations (additions and deletions of extraempty line before message body is common with mail lists for example) thatsometimes happen at MTA message handling.

NonrepudiationThe goal of nonrepudiation is to prove that a message has been sent andreceived. This is extremely important in networks where commands and statusmust be issued and responded to, where financial transactions must be verifi-ably completed, and where signed contracts are transmitted.

NSA (National Security Agency)An agency in US government responsible for collection and analysis of communication and security in US government and military communications. Theyhave sponsored developments of number of cryptographic algorithms. Seehttp://www.nsa.gov

NSF (National Science Foundation)An agency in US Government that sponsored development of early Internet in1980s and early 1990s as way to connect research networks of different univer-sities. See http://www.nsf.gov

NSSN (National Standards System Network)Affiliated with ANSI, see http://www.nssn.org



13/22

OODBC (Open Database Connectivity)ODBC is a standard or open application programming interface (API) foraccessing a database. By using ODBC statements in a program, you can accessfiles in a number of different databases, including Access, dBase, DB2, Excel,and Text. In addition to the ODBC software, a separate module or driver isneeded for each database to be accessed.

OpenPGPAn Open Specification for Pretty Good Privacy - IETF standard for PGPsigned messages. Extends PGP to do encryption on MIME parts similar to

S/MIME, see [RFC2440], [RFC3156]. Also used to refer to IETF WG withsame name, see http://www.ietf.org/html.charters/openpgp-charter.html.

www.rfc.net.

Open RelayThis refers to a RELAY system that does not have any authorization in place todecide on which messages should be retransmitted. While such systems are nowrare, previously they were present in abundance (no authorization for relaying

was default installation 5-10 years ago) and were often misused for purposes ofhelping to redistribute unwanted email.

OPT-INA general term used to indicate when a person has agreed to receive emailsfrom some mail list or other type of discussion forum, ie. when he/she hasasked to be subscribed

OPT-IN, ConfirmedA term indicating that opt-in subscription was confirmed by the user. Typicallyit involves sending a verification email to the user requesting some action.Positive action from the user is interpreted as a decision to subscribe.

OPT-IN, DoubleA term primarily used by companies sending large amount of email who insistthat users have requested to be on their list - in most of the cases this is not soand users receive email unsolicited.

OSI [1] (Open Systems Interconnect Reference Model)Developed by ISO in 1984 it is now considered primary architectural model ofintercomputer communications. It describes how information from an applica-tion on one system moves through a network to another system and separatestasks involved in that process into several layers: Application, Presentation,Session, Transport, Network, Data Link and Physical connection. Seehttp://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introint.htm

OSI [2] (Open Source Initiative)An effort to promote development and use of free and open software products,see http://www.opensource.org

OSS (Open Source Software)Usually used in the same context as F/OSS although technically it just meansthe software which source code is available and can be used and modified bysomebody other than its original author but not that its necessarily free.

PPacket

A packet is the unit of data that is routed between an origin and a destination onthe Internet or any other packet-switched network. When any file (email message,HTML file, GIF file, URL request, and so forth) is sent from one place to anotheron the Internet, the Transmission Control Protocol (TCP) layer of TCP/IP dividesthe file into chunks of an efficient size for routing. Each of these packets is sepa-rately numbered and includes the Internet address of the destination. The individ-ual packets for a given file may travel different routes through the Internet. Whenthey have all arrived, they are reassembled into the original file (by the TCP layerat the receiving end).

Packet FiltersPacket filters keep out certain data packets based on their source and destina-tion addresses and service type. Filters can be used to block connections fromor to specific hosts, networks or ports. Packet filters are simple and fast.However, they make decisions based on a very limited amount of information.

Packet SniffingIntercepting packets of information (including such things for example as acredit card number ) that are traveling between locations on the Internet.

PAP (Password Authentication Procedure)A procedure used to validate a connection request. After the link is established,the requestor sends a password and an id to the server. The server either