Messaging and Security:

A Glossary of Terms, Resources, Research and Standards

Sendmail, Inc.
6425 Christie Avenue Emeryville, CA 94608 1-87-SENDMAIL (877-363-6245) +1 510 594 5400 www.sendmail.com
2006 Sendmail, Inc. All rights reserved. Sendmail and the Sendmail logo are trademarks of Sendmail, Inc. Glossary_6.06_Messaging

Table of Contents
A .....................................................................................................................................................3 B .....................................................................................................................................................4 C.....................................................................................................................................................4 D ....................................................................................................................................................6 E .....................................................................................................................................................7 F .....................................................................................................................................................8 G ....................................................................................................................................................9 H ....................................................................................................................................................9 I ....................................................................................................................................................10 J ....................................................................................................................................................11 K...................................................................................................................................................11 L ...................................................................................................................................................11 M..................................................................................................................................................11 N ..................................................................................................................................................12 O ..................................................................................................................................................13 P ...................................................................................................................................................13 Q ..................................................................................................................................................14 R ...................................................................................................................................................14 S....................................................................................................................................................15 T ...................................................................................................................................................17 U ..................................................................................................................................................18 V ...................................................................................................................................................18 W .................................................................................................................................................18 X ...................................................................................................................................................19 Z ...................................................................................................................................................19
Some Email and Cryptography Standards and Publications .................................................20 Internet Drafts ............................................................................................................................21 Federal Information Processing Standards (FIPS) Publications .....................................22 Standards for Efficient Cryptography Group Documents ...............................................22 Listing of some IEEE Cryptography Publications .............................................................22 Listing of some ANSI Cryptography Standards .................................................................22 Additional Research Papers, Publications and References ...............................................22

2006 Sendmail Inc.

Messaging and Security: A Glossary of Terms, Resources, Research and Standards

A
ABNF (Augmented Backus-Naur Form) Syntax used for defining structure of various elements of IETF protocols, see [RFC2234] www.rfc.net. Access Control Refers to mechanisms and policies that restrict access to computer resources. An access control list (ACL), for example, specifies what operations different users can perform on specific files and directories. Accreditation A process by which an email sender can get certified by some agency that it meets certain criteria (like a mail list with all users confirmed opt-in). The accreditation agency then publishes a list of accredited entities (with accreditation information) and/or provides accreditation confirmation by some other means. Getting an email certificate from certificate authority can be be a form of accreditation. Active Content Active content refers to material that is downloaded that makes something happen, as opposed to static content, such as text or simple images that do nothing but get displayed. Active content includes such things as JavaScript animations, ActiveX controls, Java spreadsheets...anything that actually does something. ActiveX ActiveX is Microsofts answer to the Java technology from Sun Microsystems. An ActiveX control is roughly equivalent to a Java applet. ActiveX is the name Microsoft has given to a set of strategic object-oriented program technologies and tools. The main thing that you create when writing a program to run in the ActiveX environment is a component, a self-sufficient program that can be run anywhere in your ActiveX network (currently a network consisting of Windows and Macintosh systems). This component is known as an ActiveX control. Address Book An automated email address directory that allows you to address your messages easily. Generally comes in personal and public versions. Adware / Spyware Software that downloads and displays advertisments. This type of software is often bundled with software that is available freely on the Internet. AES (Advanced Encryption Standard) The Advanced Encryption Standard (AES) is a Federal Information Processing Standard (FIPS) Publication that will specify a cryptographic algorithm for use by U.S. Government organizations to protect sensitive (unclassified) information. This standard specifies Rijndael as a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information. Algorithm A sequence of steps whose order and process will solve a particular problem. Examples are mathematical formulae or a group of computer programming instructions. This is not the same as a computer program, which is comprised of a larger set of steps that involves many individual algorithms. ANSI American National Standards Institute, see http://www.ansi.org Anti-Replay Service With anti-replay service, each IP packet passing within the secure association is tagged with a sequence number. On the receiving end, each packets sequence number is checked to see if it falls within a specified range. If an IP packet tag number falls outside of the range, the packet is blocked. Antivirus Antivirus refers to products and technology used to detect, protect and remove malicious code from your infected system. Antivirus vendors share information and resources to ensure rapid response to malicious code outbreaks. Most antivirus vendors participate in independent testing that certifies their products to detect and/or disinfect viruses. Anti-virus A software program designed to identify and remove a known or potential computer virus API (Application program interface) An API is the specific methodology by which a programmer writing an application program may make requests of the operating system or another application.
3

Appender / Appending virus A virus that inserts a copy of its code at the end of its target file. Application Gateway Firewall Application gateways look at data at the application layer of the protocol stack and serve as proxies for outside users, intercepting packets and forwarding them to the application. Thus, outside users never have a direct connection to anything beyond the firewall. The fact that the firewall looks at this application information means that it can distinguish among such things as Telnet, file transfer protocol (FTP), or Lotus Notes traffic. Because the application gateway understands these protocols, it provides security for each application it supports. Archive A group of files compressed into a single file to preserve space. Commonly used archive file formats are ZIP, TAR, ARJ, LZH, UC2. Archives are convenient for containing files that you want to preserve as backups or as a convenient way of sending multiple files to someone. Archiving An archive is a collection of computer files that have been packaged together for backup, to transport to some other location, for saving away from the computer so that more hard disk storage can be made available, or for some other purpose. An archive can include a simple list of files or files organized under a directory or catalog structure (depending on how a particular program supports archiving). ARPA or DARPA (Defense Advanced Research Projects Agency) The organization that sponsored the development of a research-oriented network in the 1960s that was originally called ARPANET. The network has more recently evolved into what is now called the Internet. ARP (Address Resolution Protocol) A protocol used to obtain the physical addresses (such as MAC addresses) of hardware units in a network environment. A host obtains such a physical address by broadcasting an ARP request, which contains the IP address of the target hardware unit. If the request finds a unit with that IP address, the unit replies with its physical hardware address. ASCII (American Standard Code for Information Interchange) 7 bit format consisting of 128 characters which is a de facto world-wide standard used by computers to represent all the upper and lower-case Latin letters, numbers, punctuation, etc. ASIC (Application Specific Integrated Circuit) A chip designed for a particular application. ASICs are built by connecting existing circuit building blocks in new ways. Since the building blocks already exist in a library, it is much easier to produce a new ASIC than to design a new chip from scratch. ASN.1 (Abstract Syntax Notation One (CCITT recommendation X.208)) Syntax for compact representation of structured data objects. This is the data format used for most PKCS objects. For more info see http://luca.ntop.org/Teaching/Appunti/asn1.html ASRG (Anti-Spam Research Group) Part of the Internet Research Task Force (IRTF) that focuses on junk email, more commonly known as spam. See asrg.sp.am ASTA (Anti-Spam Technical Alliance) A group of the largest ISPs, including AOL, Earthlink, Microsoft, and Yahoo!, which coordinate their actions to combat spam email. Asymmetrical Key Exchange Asymmetric or public key cryptography is based on the concept of a key pair. Each half of the pair (one key) can encrypt information so that only the other half (the other key) can decrypt it. One part of the key pair, the private key, is known only by the designated owner; the other part, the public key, is published widely but is still associated with the owner. Attachment An attachment is a file that is added to an outgoing email, e.g. a picture or a Word document. Attachments are the most common carriers of viruses and you should never open an attachment that comes from an unknown source. Attachment A file that a user adds to an email message to transfer it to another user. Authentication The process of determining the identity of a user that is attempting to access a network. Authentication occurs through challenge/response, time-based code sequences or other techniques. See CHAP and PAP.
2006 Sendmail Inc.

Authentication Header (AH) The Authentication Header is a mechanism for providing strong integrity and authentication for IP datagrams. It might also provide non-repudiation, depending on which cryptographic algorithm is used and how keying is performed. For example, use of an asymmetric digital signature algorithm, such as RSA, could provide non- repudiation. Authorization The process of determining what types of activities or access are permitted on a network. Usually used in the context of authentication: once you have authenticated a user, they may be authorized to have access to a specific service. Autoresponse A message generated automatically by program that acts on behalf of email recipient. Examples of such responses are: information on change of email address, information on persons temporary unavailability (i.e. VACATION message), acknowledgement of receipt of an email message, etc. AV Killer A powerful tool for hackers intended to disable users Antivirus programs and personal firewalls to escape detection.

Blocklist A synonym term for BLACKLIST (the authors of this glossary prefers to use this term) BOGON IP Term bogon comes from bogus number - as applied to ip addreses it specifies ip that should not be used on public Internet (but such IP maybe used on some local networks). Those are ip addresses in unallocated, unassigned or special reserved ip address blocks and use of these ips on public Internet can often be for malicious purposes or in order to make it more difficult to find the entity responsible (since there is no whois data for the ip). See http://www.completewhois.com/bogons/ Boot sector virus A boot sector virus usually spreads via infected floppy disks. When a user unintentionally leaves the infected disk with a boot sector virus, the boot sector of the users local drive (C:\) will also be infected. Boot sector viruses simply take up memory space or may contain a malicious load. The simplest method to avoid Boot sector viruses is to alter the CMOS settings to boot from the local C:\ drive first, rather than from floppy. BOT [1] A term derived from robot and meaning automated computer system visiting websites and doing tasks on its own. Most commonly used in reference to web spiders (for example google bot) which are systems trying to visit web sites to be able to reference them in search engines. BOT [2] A term derived from robot and meaning an application running on hacked or compromised (by means of virus) computer being remotely controlled by somebody other than its owner. This use of BOT is synonymous with DRONE and ZOMBIE. For more info see http://www.nanog.org/ mtg-0410/pdf/kristoff.pdf BOTNET A large number of BOTs [2] / DRONES / ZOMBIES which are controlled by a single entity. There are now reportedly BOTNETS consisting of 100,000s of individual PCs but most often BOTNET consists of several thousands of BOTs. Many BOTNETSs are controlled from special channels on IRC and are often used for orchestrated attacks such as DDOS or for distributed generation and distribution of SPAM. Spammers and miscreants buy and sell BOTNETS on their blackmarket. Bounce If message delivery has failed for some reason then the email message should be returned back to the original sender (or an agent it designates to receive returned email) and such process of returning message after delivery failure is called BOUNCING and the message being returned is a BOUNCE. Bounce Address Also known as Return-Path, Envelope From and SMTP2821 MAIL FROM. This is an address transmitted at SMTP session during MAIL FROM command and represents an address that in case of delivery failure an MTA (or more likely an MDA) would need to send message back to. Buffer Overflow Attack A buffer overflow attack works by exploiting a known bug in one of the applications running on a server. It then causes the application to overlay system areas, such as the system stack, thus gaining administrative rights. In most cases, this gives a hacker complete control over the system. Also referred to as stack overflow. Bug A fault in a computer system, usually associated with software.

B
Backdoor A program that allows access to a computers resources via a network connection. Backdoors can create a security hole in your system that can be used to access your computer. Bandwidth Generally speaking, bandwidth is directly proportional to the amount of data transmitted or received per unit time. In digital systems, bandwidth is proportional to the data speed in bits per second (bps). Thus, a modem that works at 57,600 bps has twice the bandwidth of a modem that works at 28,800 bps. BASE64 An encoding of binary data, which is using only 64 characters (A-Z, a-z, 0-9, +, / and =) and can be sent as part of any text message in ASCII character set. See [RFC2045] and [RFC3548] www.rfc.net. Note that PEM format files used by OpenSSL are BASE64 representation of DER encoded X.509 certificates. Bastion host A specific host that is used to intercept packets entering or leaving a network. and the system that any outsider must ordinarily connect with to access a system or service that is inside the networks firewall. Typically the bastion host must be highly secured because it is vulnerable to attack due to its placement. See dual-homed gateway. BATV (Bounce Address Tag Validation) Proposal to add signatures information in the local part of RFC2821 MAIL FROM (known as bounce address). See [Draft-BATV] and http://mipassoc.org/batv/index.html Bayesian Filter This is an email filtering system based on Bayesian Logic, which is a mathematics and logic theory based on work of Thomas Bayes who worked on logic of decision making based on statistical probability inference. Spam filters that use this system determine probability if an email message is spam by doing comparison of the message contents to known spam messages with rating system applied to individual keywords and then summed up to produce message score. BCP (Best Current Practice RFCs) An IETF document series that specifies IETF recommended procedure that is not directly a protocol standard. See http://www.faqs.org/rfcs/bcp-index.html BER (Specification of Basic Encoding Rules for ASN.1 (CCITT recommendation X.209)) For more information see http://luca.ntop.org/Teaching/Appunti/asn1.html Blacklist There are two kinds of blacklists: IP-blacklists Publication of a group of IP addresses known to be sources of spam. The goal of these blacklists are to provide a list of IP addresses that a network can use to filter out undesireable traffic. However, since spammers are constantly changing their IP addresses, the effectiveness of IP-blacklists is limited. r-user blacklists Lists of email addresses or domain names from which spam filters allow messages to be received. The list can be gradually compiled over a period of time and can be edited whenever the user wants.

C
CA (Certificate Authority) See Certificate Authority Caller ID (CID) A Microsoft-designed email sender authentication proposal that was used on RFC2822 headers Sender, From, Resent-Sender, and Resent-From. The proposal used DNS XML records, but was superseded by combining it with the SPF sender authentication proposal to create Sender ID. Sender ID was for a time adopted and promoted by ASTA. Caller ID [1] In telephony this refers to a system for displaying phone number and name of the calling party. Caller ID [2] In email security this may refer to a Microsoft email authentication proposal, for more info see CID.

2006 Sendmail Inc.

CAN-SPAM CAN-SPAM Act of 2003 - law passed by US Congress that makes unlawful to send unsolicited commercial email with purpose to deceive or with false source data (not very effective so far in stopping even what it defined as illegal... and because it makes it legal to send SPAM in other cases, some have called it You can SPAM act). See http://www.spamlaws.com/federal/108s877.html CA Signature A digital code that vouches for the authenticity of a digital certificate. The CA signature is provided by the certificate authority (CA) that issued the certificate. CAUCE (Coalition Against Unsolicited Commercial Email) An ad hoc volunteer organization that was created by Netizens to advocate for a legislative solution to the problem of UCE, better known as spam. See www.cauce.org Cavity infector Searches for a suitably sized hole or gap in the target file, then insert its code without increasing the length of the file, but preserving its functionality. It alters the programs entry point so the virus code runs first or makes whatever changes to the host to gain control. This gives the virus a chance to copy itself elsewhere in the memory before the host file uses the data area overwritten by the virus. One of the first parasitic file infectors Lehigh, was a Cavity virus. CBV (Call-Back Verification) A technique used by some systems to distinguish valid sender email addresses from invalid ones such that a receiving mail server connects back to MTA of a sender domain (as identified by MX records) to verify that such address exists before accepting the email. CCITT (International Telegraph and Telephone Consultative Committee) A predecessor organization of the ITU-T. Certificate Authority (CA) A certificate authority is an authority in a network that issues and manages security credentials and public keys for message encryption and decryption. As part of a public key infrastructure (PKI), a CA checks with a registration authority (RA) to verify information provided by the requestor of a digital certificate. If the RA verifies the requestors information, the CA can then issue a certificate. CGI exploit When a denial of service attack is aimed at the CGI (common gateway interface), it is referred to as a CGI exploit. The CGI is a standard way for a Web server to pass a Web users request to an application program and to receive data back to forward to the user. It is part of the Webs HTTP protocol. Challenge-Response A common authentication technique whereby an individual is prompted (the challenge) to provide some private information (the response). Most security systems that rely on smart cards are based on challenge-response. A user is given a code (the challenge) which he or she enters into the smart card. The smart card then displays a new code (the response) that the user can present to log in. CHAP (Challenge-Handshake Authentication Protocol) An authentication technique where after a link is established, a server sends a challenge to the requestor. The requestor responds with a value obtained by using a one-way hash function. The server checks the response by comparing it its own calculation of the expected hash value. If the values match, the authentication is acknowledged otherwise the connection is usually terminated. Checksum or hash A checksum is a count of the number of bits in a transmission unit that is included with the unit so that the receiver can check to see whether the same number of bits arrived. If the counts match, its assumed that the complete transmission was received. CID (Caller-ID) In email security this refers to a Microsoft proposal for verification of email sender based on RFC2822 headers Sender, From, Resent-Sender, Resent-From. This proposal used DNS XML records and it has now been superseded by Sender-ID which uses SPF records. Circuit-level gateways Circuit-level gateways run proxy applications at the session layer instead of the application layer. They cant distinguish different applications that run on the same protocol stack. However, these gateways dont need a new module for every new application, either. Circuit-level gateway is a firewall feature which can, when needed, serve as an alternative to packet filtering or application gateway functionality. Cleanup interval A setting in the Ravlin Node Manager that specifies how long a Ravlin unit waits before performing automatic internal cleanup. In general, the busier the network, the more often system cleanups should be performed.
5

Client A client is the requesting program or user in a client/server relationship. For example, the user of a Web browser is effectively making client requests for pages from servers all over the Web. The browser itself is a client in its relationship with the computer that is getting and returning the requested HTML file. CMS (Cryptographic Message Syntax) Standard for cryptographic email message data, see [RFC2630], [RFC3369] www.rfc.net. CNAME (Canonical Name) A DNS RR that is used for listing Canonical (Real) name of a certain host, this allows to alias one DNS name to another. See http://www.dns.net/dnsrd/rr.html and [RFC1035] www.rfc.net. Collison This term is used in cryptography as reference to when two distinct data sets produce identical HASH digest. A good cryptographic hash function would make it very computationally difficult to purposely create a collision. Command-line scanner A powerful scanner that disinfects malicious viruses, worms and trojans in all major file types. Command-line scanner is commonly used for Unix based platforms. Community string A character string used to identify valid sources for SNMP requests, and to limit the scope of accessible information. Ravlin units use the community string like a password, allowing only a limited set of management stations to access its MIB Companion Virus A companion virus will rename either itself or its target file in an attempt to trick the user into running the virus rather than the target program. For example, a companion virus attacking a file named GAME.EXE may rename the target file to GAME.EX and create a copy of itself called GAME.EXE. Compliance Messaging and email compliance email and messaging regulatory requirements mandated by governing entities. These include: the Health Information Portability and Accountability Act (HIPAA), Gramm- Leach Bliley Act (GLB), and Sarbanes-Oxley Act (SOX) Act as well as others. Compliance can also be defined in non-regulatory terms as organizational compliance for messaging: use policies, privacy, HR oversight, etc. Content blocking The ability to block network traffic based on actual packet content. Content filtering, scanning or screening The ability to review the actual information that an end user sees when using a specific Internet application. For example, the content of email, or email attachments. Content virus See data driven attack. Commonly protected against with a virus scanner. Cookie A message given to a Web browser by a Web server. The browser stores the message in a text file called cookie.txt. The message is then sent back to the server each time the browser requests a page from the server. CoS (Class of Service) Class of Service (CoS) is a way of managing traffic in a network by grouping similar types of traffic (for example, email, streaming video, voice, large document file transfer) together and treating each type as a class with its own level of service priority. C/R (Challenge/Response) A technique used by some systems to determine good senders from bad ones. Assumes that all senders are bad unless they have been verified by having responded to a challenge sent by receiving system the first time it got email from the sender. All senders who have responded are placed on local WHITELIST and their email is then allowed through to recipient. CRNS (NIST Computer Security Resource Center of Computer Security Division) See http://crns.nist.gov CryptoCore A RedCreek hardware implementation that offloads the heavy computational load usually imposed by cryptographic tasks, freeing system resources and thus allowing rapid encryption. Cryptography A branch of complex mathematics and engineering devoted to protecting information from unwanted access. In the context of computer networking, cryptography consists of encryption, authentication, and authorization.

2006 Sendmail Inc.

CSV (Certified Server Validation (formerly Client SMTP Validation)) A verification of SMTP session HELO/HELO identity which involves checking if the incoming SMTP servers IP address is listed as a valid SMTP client based on DNS SRV record of the domain in HELO. See http:// www.csvmail.com and http://mipassoc.org/csv/and [Draft-CSV].

Digest [1] For mail lists, newsgroups and other discussion forums this refers to a collection of multiple messages on that discussion forum for a certain period of time (one-day is daily digest, one-week is weekly digest, one-month is monthly digest, etc). Digest [2] In cryptography digest (which is referred to as cryptographic message digest or digital fingerprint) is a hash of message data, which is what is used when cryptographic signature is created (the encrypted message digest is in fact the signature). Digital Certificate A digital certificate is an electronic credit card that establishes your credentials when doing business or other transactions on the Web. It is issued by a certification authority (CA). It contains your name, a serial number, expiration dates, a copy of the certificate holders public key (used for encrypting and decrypting messages and digital signatures), and the digital signature of the certificate-issuing authority so that a recipient can verify that the certificate is real. Digital Fingerprint This is sometimes used to refer to a cryptographic hash of email message, the other term used for this is DIGEST of email message. For more info see DIGEST [2]. Digital Signature A digital signature is an electronic rather than a written signature that can be used by someone to authenticate the identity of the sender of a message or of the signer of a document. It can also be used to ensure that the original content of the message or document that has been conveyed is unchanged. Additional benefits to the use of a digital signature are that it is easily transportable, cannot be easily repudiated, cannot be imitated by someone else, and can be automatically time-stamped. Directory Harvest Attack (DHA) An attack in which a Bot is set loose in an organizations network to sniff out and "harvest" email addresses and other information that can be used for spam and other malicious attacks. DISA (Defense Information Systems Agency) An agency within US Military responsible for providing network and information services to other military agencies, see http://www.disa.mil Disinfection Cleaning or deleting a virus infection. DK (Domain Keys) A proposal by Yahoo such that sending MTAs would add a special header with RSA signature which can be verified by retrieving a public key from DNS TXT record. See [Draft-DK] and http://antispam.yahoo.com/domainkeys DKIM (Domain Keys Identified Mail) Is an Internet-wide, scalable, and non-proprietary, e-mail authentication system designed to verify the DNS domain of an E-mail sender and the message integrity. DKIM is entirely peer-to-peer, it requires no third parties or centralized servers. DKIM was advanced by an industry consortium in 2004 that included Sendmail along with Yahoo! and Cisco who merged and enhanced DomainKeys (Yahoo!) and Identified Internet Mail (Cisco) to create DKIM. DKIM is supported by many other companies, including AOL, EarthLink, IBM, PGP Corporation, and Verisign. This merged specification is the basis for an IETF Draft and Working Group <https://datatracker.ietf.org/public/idindex.cgi?command=show_wg_id&id=1671> with the goal of guiding the specification towards becoming an IETF standard. http://www.dkim.org DMP (Designated Mailers Protocol) A proposal for identifying computer systems authorized to act as Simple Mail Transfer Protocol (SMTP) clients for an email domain this is one of the earlier proposals that SPF is based on. For more information see http://www.panam.ca/dmp/ DMZ (de-militarized zone) A network added between a protected network and an external network in order to provide an additional layer of security. Sometimes called a perimeter network. DNA (Domain Name Accreditation) One of the proposals aimed at identifying domain accreditation service. DNS (Domain Name System) Distributed data lookup system used on the Internet as means of identifying network end-points (hosts) by name (these names are referred to as domains) and finding their attributes (these are referred to as Resource Records - most well known of which are IP addresses and MX records). This protocol has proven to be very robust for small size data lookups. See [RFC1035] www.rfc.net and http://www.dns.net/dnsrd/. DNSBL (DNS BlockList) Usually IP-addresses blocklist maintained centrally which can be checked by the DNS protocol (returning address within 127.0.0.x if an entry is in the list).

D
Daemon A program that runs continuously and exists for the purpose of handling periodic service requests that a computer system expects to receive. The daemon program forwards the requests to other programs (or processes) as appropriate. Each server of pages on the Web has an HTTPD or Hypertext Transfer Protocol daemon that continually waits for requests to come in from Web clients and their users. Data driven attack A form of intrusion in which the attack is encoded in seemingly innocuous data, and it is subsequently executed by a user or other software to actually implement the attack. Distinguished Encoding Rules (from CCITT recommendation X.509 section 8.7) Set of encoding rules based on ASN.1. DER is often a reference to the format of binary ASN.1 PKCS and/or X.509 objects. See http://luca.ntop.org/Teaching/Appunti/asn1.html DDOS Distributed Denial of Service - a most common form of DoS that involves using multiple sources (many thousands) controlled by attacker. Quite often the sources of such attacks are either directly hacked computers or computers that had become zombies and are now part of a BOTNET. DES (Data Encryption Standard) A widely-used method of data encryption using a private (secret) key that was judged so difficult to break by the U.S. government that it was restricted for exportation to other countries. There are 72,000,000,000,000,000 (72 quadrillion) or more possible encryption keys that can be used. For each given message, the key is chosen at random from among this enormous number of keys. Like other private key cryptographic methods, both the sender and the receiver must know and use the same private key. Denial of Service Attack (DOS) A user or program takes up all the system resources by launching a multitude of requests, leaving no resources and thereby denying service to other users. Typically, denial-of-service attacks are aimed at bandwidth control. Designated Sender A generic term for systems like RMX, DMP, SPF and Caller-ID, in which domain owners can designate which hosts can send email using their domain names. Also known as Designated Sender Scheme. DH (Diffie-Hellman Public Key Encryption Algorithm) See [RFC2631] www.rfc.net. DHCP (Dynamic Host Configuration Protocol) DHCP enables individual computers on an IP network to extract their configurations from a server (the DHCP server) or servers, in particular, servers that have no exact information about the individual computers until they request the information. The overall purpose of this is to reduce the work necessary to administer a large IP network. The most significant piece of information distributed in this manner is the IP address. Diffie-Hellman The Diffie-Hellman Method For Key Agreement allows two hosts to create and share a secret key. VPNs operating on the IPSec standard use the Diffie-Hellman method for key management. Key management in IPSec begins with the overall framework called the Internet Security Association and Key Management Protocol (ISAKMP). Within that framework is the Internet Key Exchange (IKE) protocol. IKE relies on yet another protocol known as OAKLEY and it uses Diffie-Hellman. DiffServ (Differentiated Services) Differential service mechanisms allow providers to allocate different levels of service to different users of the Internet. Broadly speaking, any traffic management or bandwidth control mechanism that treats different users differently ranging from simple Weighted Fair Queuing to RSVP and per-session traffic scheduling - counts. However, in common Internet usage the term is coming to mean any relatively simple, lightweight mechanism that does not depend entirely on per-flow resource reservation.

2006 Sendmail Inc.

DNS HOST DNS HOST or HOSTNAME is a final end-point naming identifier in the DNS system which would refer to actual physical HOST system. Note that the same HOST can have more than one hostnames. DNS RR (DNS Resource Record) DNS record type, these include A (IP), MX, SRV, PTR, TXT and others. DNSSEC (DNS Security) An attempt to secure DNS system which involves cryptographic signatures for all DNSSEC secure zones. DNS spoofing Breaching the trust relationship by assuming the DNS name of another system. This is usually accomplished by either corrupting the name service cache of a victim system or by compromising a domain name server for a valid domain. DNS ZONE Collection of related DNS records - usually these are all DNS records for same domain, but zones can have records that spawn multiple domains. Domain Domain Name (or just Domain) is a very common term for Internet infrastructure that refers to naming of all Internet end-points which have names like c.b.a, (i.e. its long name separated by a number of ..) The naming system is hierarchical and ICANN is de-jure (but not necessarily de-facto for every Internet user) authority that decides on the list of a or root TLDs. Name delegation in each TLD is done by different Registrars and in the end each ISP (or directly end-user) has been delegated one or more Domains which user can either directly use as FQDN or set up HOSTNAMES for each system. Domain Keys (DK) A proposal by Yahoo! in which sending MTAs would include a special header containing an RSA signature which can be verified by retrieving a public key from the senders DNS TXT record. See http://antispam.yahoo.com/domainkeys Domain Keys Identified Mail (DKIM) Is an Internet-wide, scalable, and non-proprietary, e-mail authentication system designed to verify the DNS domain of an E-mail sender and the message integrity. DKIM is entirely peer-to-peer, it requires no third parties or centralized servers. DKIM was advanced by an industry consortium in 2004 that included Sendmail along with Yahoo! and Cisco who merged and enhanced DomainKeys (Yahoo!) and Identified Internet Mail (Cisco) to create DKIM. DKIM is supported by many other companies, including AOL, EarthLink, IBM, PGP Corporation, and Verisign. This merged specification is the basis for an IETF Draft and Working Group <https://datatracker.ietf.org/public/idindex.cgi?command=show_wg_id&id=1671> with the goal of guiding the specification towards becoming an IETF standard. http://www.dkim.org Domain name server A repository of addressing information for specific Internet hosts. Name servers use the domain name system to map IP addresses to Internet hosts. DoS (Denial of Service Attack) An attack against a system that typically involves sending a large number of identical queries in order to overload the server capacity of the target system, thus denying service to legitimate users. While DoS attacks often use identical messages, it is the number of messages (not their content) that makes them problematic. Downloadable A downloadable is a file that has been transmitted from one computer system to another, usually smaller computer system. From the Internet users point-ofview, to download a file is to request it from another computer (or from a Web page on another computer) and to receive it. Downloader A program that downloads another program, usually a virus or other malware, and runs it. Downstream post office A post office that communicates with a mail server through another post office or other post offices. DRIP (Designated Relays Inquiry Protocol) A sender authentication proposal similar to DMP, but which uses a different DNS syntax. Drone (Robot Drone): A hacked or otherwise compromised computer being remotely controlled by someone other than its owner. Drones are most often created by virus attacks, and are frequently used by spammers to distribute spam or for DDoS attacks. Synonymous with Hijacked PC, Zombie PC and Bot. Drone Robot drone - in computer security this is synonymous with ZOMBIE and BOT [2] and means hacked or otherwise compromised (for example by virus) computer being remotely controlled by somebody other than its owner.
7

DroneArmy A large number of DRONES controlled by single entity, see BOTNET and ZOMBIE ARMY Dropper An executable file that drops a virus or Trojan onto the target computer when the program is run. A Dropper files intention is to create a virus or trojan and then execute it on the users system, possibly at a later date or time. DS [1] (Designated Sender) A generic term used to describe systems like RMX, DMP, SPF and Caller-ID, where the domain owners can designate which hosts can send email using their domain names. DS [2] (Digital Signature) Generic term for any kind of cryptographic signature. DSA (Digital Signature Algorithm) General term for algorithms used for creating digital signatures. These algorithms include RSA, Deffie-Hellman, ECDSA, HMAC and others. DSL (Digital Subscriber Line) DSL (Digital Subscriber Line) is a technology for bringing high-bandwidth information to homes and small businesses over ordinary copper telephone lines. xDSL refers to different variations of DSL, such as ADSL, HDSL, and RADSL. A DSL line can carry both data and voice signals and the data part of the line is continuously connected. DSN (Delivery Status Notification) Message delivery status (usually failure to deliver) message send by MTA to message sender, see [RFC3461] www.rfc.net. DSP (Designated Sender Protocol) An early name for DMP. DSS (Digital Signature Standard) The Digital Signature Standard (DSS) is a cryptographic standard promulgated by the National Institute of Standards and Technology (NIST) in 1994. It has been adopted as the federal standard for authenticating electronic documents, much as a written signature verifies the authenticity of a paper document. DSS [1] Designated Sender Scheme - same as DS [1] DSX (Dynamic Security Extension) A proprietary technology that is patented and works in the following way. The operating system has a system call (or vector) table that contains memory address pointers for each system call. These pointers point to a location in memory where the actual kernel code of the system calls resides. DSX stores the address pointers for the security sensitive system calls and then redirects these pointers to the corresponding SECURED system call code, which is located elsewhere in memory. Dual-homed gateway A system that has two or more network interfaces, each of which is connected to a different network. In firewall configurations, a dual-homed gateway usually acts to block or filter some or all of the traffic trying to pass between the networks. DVCS Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocol, see [RFC3029] www.rfc.net.

E
e-business e-business (electronic business, derived from such terms as email and e-commerce) is the conduct of business on the Internet, not only buying and selling but also servicing customers and collaborating with business partners. ECC (Elliptic Curve Cryptography) A public key cryptography method that uses points on an elliptic curve to derive a public key. The public key is created by agreeing on a standard generator point in an elliptic curve group and multiplying that point by a random number, which is the private key. ECDSA (The Elliptic Curve Digital Signature Algorithm) Cryptography algorithm used in ECC (see above). e-commerce e-commerce (electronic commerce or EC) is the buying and selling of goods and services on the Internet, especially the World Wide Web. In practice, this term and e-business are often used interchangeably. For online retail selling, the term e-tailing is sometimes used.

2006 Sendmail Inc.

EDI (Electronic Data Interchange) Communication of business transactions such as orders, confirmations, invoices, and exchanges, between different organizations. Used mostly in supply chain and inventory management, it is usually automatically run on a computer-tocomputer basis, although some interaction is possible. EDI service companies provide systems through which transacting entities with incompatible systems can communicate. EES (Escrowed Encryption Standard) Used by certain branches of US government for encryption of telecommunication data intercepted for law enforcement use. Based on SKIPJACK symmetrickey encryption/decryption algorithm. EHLO (Extended HELO) An extended format for HELO command given by the initiator of an ESMTP session. email (Electronic Mail) generic term used to describe messaging system on the Internet. email client An application from which users can create, send and read email messages. email filter A process that sorts emails based on certain criteria, typically as an attempt to sort out unwanted and bad email such as spam, viruses, and phishing attacks. A filter may also be used to sort email relevant to a particular subject or project. email header The header placed in front of the message containing the "to" address, "from" address, subject, and "cc" and "bcc" addresses. It is normally created by the email client when sending the message and modified by all email servers between the source and the destination in order to enable tracing the path of the message. email server An application that controls the distribution and storage of email messages. Encoding [1] As a verb this refers to a process of transforming data, usually so that arbitrary binary data could be represented in ASCII format and as such safely included email. MIME format of email data may require encoding when including 8-bit data block and BASE64 encoding is often used for this purpose Encoding [2] As a noun this refers to format and algorithm of the system used for encoding the data (see above). Some examples of such systems are: MIME w/BASE64, UUENCODE, BinHex Encryption A change made to data, code or a file so that it can no longer be read or accessed without being decrypted. Secure email systems encrypt messages so they cannot be read by someone without the key necessary for decryption.Viruses may use encryption in order to avoid detection by hiding their viral code.Viruses can also encrypt code or data on a system as part of their destructive payload. Encryption-In-Place (EIP) A security mode in which a Ravlin unit encrypts the IP packets payload only (without encrypting the packet header). Because EIP does not require encryption of the IP header or encapsulation of the IP packet, overhead is lower and performance enhanced. End Node The ultimate physical destination of any data item on a network, which may be a desktop computer, a storage unit, an outputdevice such as a printer, a database server, or any point at which the data transmission may end. Endpoint Group In a policy enforced network, an endpoint group represents subnets or an individual host protected by a security appliance. By creating and configuring endpoint groups, you can permit hosts in one subnet to exchange data securely with hosts in another subnet. Endpoint groups along with their associated policy enforcement points are generally members of a policy group. Enterprise Object Within a policy enforced network, the enterprise is the highest-level object category. It encompasses all management domains and all lower-level divisions in the organizations secure networking environment. ESMTP (Extended Simple Mail Transfer Protocol) Extends original SMTP (which was described in [RFC821]) with syntax that allows additional extensions. ESMTP is what almost every SMTP server now supports, its base syntax is described in [RFC2821] www.rfc.net.

ESP (Encapsulated Security Payload) The Encapsulating Security Payload provides confidentiality for IP datagrams or packets, which are the message units that the Internet Protocol deals with and that the Internet transports, by encrypting the payload data to be protected. ESS (Enhanced Security Services for S/MIME) See [RFC2634] www.rfc.net. Ethernet A local-area network (LAN) protocol developed by Xerox Corporation in cooperation with DEC and Intel in 1976. Ethernet uses a bus or star topology and supports data transfer rates of 100Mbps. Executable An executable is a file that contains a program - that is, a particular kind of file that is capable of being executed or run as a program in the computer. Executable files A file in a format that the computer can directly execute. Executables in DOS and Windows usually have a .exe or a .com extension EICAR EICAR is a product of the European Institute for Computer Antivirus Research and is a special test file. This dummy file is detected by antivirus products exactly as if it were a virus. Naturally, the file is not a virus. When executed, EICAR.COM will display the text EICAR-STANDARDANTIVIRUS-TEST-FILE and exit. Extended MAPI (Extended Messaging Application Programming Interface) An interface developed by Microsoft that provides messaging functions including addressing, sending, receiving and storing messages.

F
False positive If it is claimed that a suspicious object is found when in reality it is clean, a false positive is said to have occurred. This problem is usually fixed in the next spam or virus signature file release. FDDI (Fiber Distributed Data Interface A set of ANSI protocols for sending digital data over fiber optic cable. FDDI networks are token-passing networks, and support data rates of up to 100 Mbps (100 million bits) per second. FDDI networks are typically used as backbones for wide-area networks. File Virus A file virus inserts its code into executable files. When the infected file is being accessed, the virus may overwrite the entire file. Overwriting viruses cause permanent damage to the content of the overwritten files. Infected files cannot be disinfected and instead must be deleted and restored from backup. The most infamous example is Loveletter, which is operated as an email worm, file virus, and Trojan downloader. File-infecting viruses have targeted a range of operating systems, including Macintosh, UNIX, DOS, and Windows. Filter A filter is a program or section of code that is designed to examine each input or output request for certain qualifying criteria and then process or forward it accordingly. Fingerprint In cryptography a fingerprint is a HASH of public key. It is often used to verify that a public key is correct. FIPS Federal Information Processing Standards - standards set by NIST for information and telecommunication infrastructure of US Government for use in information processing systems. See http://www.itl.nist.gov/fipspubs/ Firewall A firewall is a program that protects the resources of one network from users from other networks. Typically, an enterprise with an intranet that allows its workers access to the wider Internet will want a firewall to prevent outsiders from accessing its own private data resources. Firewall denial-of service The firewall is specifically subjected to a denial-of-service attack. Forwarder: 1 Any Mail Redirection Agent that redirects an email such that the sender appears to be different from the original source of the message. Email marketing services use forwarders to make it appear that an email message originated from the marketing company rather than from the service that actually sent it. 2. Any Mail User Agent that redirects that users email to a different email address. These are often embedded in email client software to allow users to receive email at a different location when traveling.

2006 Sendmail Inc.

FOSS (Free and Open Source Software) Open-source software is software with source code freely available and anyone has the right to modify and redistribute such software. See http://www.fsf.org/philosophy/free-sw.html FQDN (Fully Qualified Domain Name) Refers to a properly specified domain that is a proper hostname, (i.e. its a domain that has a DNS RR other than NS). (NS is delegation record used to identify when domain information can be found in another zone or another DNS server and listing such a server. ) FTC (Federal Trade Commission) A division of United States Government responsible for promoting fair trade and making sure consumers are not hurt by bad business practices. Part of their responsibility includes regulations on use of email as per CAN-SPAM act. FTP (File Transfer Protocol) FTP is the simplest way to exchange files between computers on the Internet. Like the Hypertext Transfer Protocol (HTTP), which transfers displayable Web pages and related files, and the Simple Mail Transfer Protocol (SMTP), which transfers email, FTP is an application protocol that uses the Internets TCP/IP protocols.

Headend or Head End A central control device required by some networks (e.g., LANs or VPNs) to provide such centralized functions as administration, diagnostic control, and network access. Header A temporary data record added to the beginning of the transmitted text in order to transfer a message over a network. Typically a header contains source and destination locations as well as data that describe the content of the message. HELO The command that initiates an SMTP conversation. New extended version of this command used in ESMTP is EHLO. See [RFC821] and [RFC2821] www.rfc.net. Heuristics analysis Analysis instructions contained within a program or macro to determine whether the program is likely to be a virus. Heuristic scanner A scanning technique that looks for patterns, activities or suspicious code that may indicate a new virus. Most leading antivirus packages incorporate a heuristic scanning technique to detect new or previously undetected viruses in the wild. Highjacking or hijacking In computer security this term describes taking computer resource(s) by somebody other than its legal owner without resource owners permission or consent - this is similar to stealing but applied to computer resources. This may be done either to be able to directly control and use the resource or as a way to pretend to be the resource owner possibly to get access to important information. Hijacked IPs This term describes group of IP addresses (an IP block) that are being controlled and/or used without permission by somebody other than the legal entity to which the IP block was allocated. See http://www.completewhois.com/hijacked/. Hijacked PC Hijacked Personal Computer - this is synonymous with Zombie PC and describes a computer where special BOT [2] program has been installed (often as a result of virus infection) which allows the system to be remotely controlled by somebody else than computer owner. Such computers are often used to distribute spam (see zombies and botnet) or used as a source for DDOS attacks. HMAC (Header Message Authentication Codes ) Keyed-Hash Message Authentication Code - it is a type of message authentication using both cryptographic hash together in combination with secret KEY. HMAC-MD5 (based on MD5 hash algorithm) and more recently HMACSHA1 (based on SHA1) are used in IPSec and TLS Hoax Hoax warnings are typically scare alerts started by malicious people and passed on by innocent users who think they are helping the community by spreading the warning. If you receive a warning about a security threat, please look into it further before you forward it to other users. Host A computer attached to the Internet. A host may have one or more DNS names (hostnames) and may have one or more IP addresses. Hosts with more than one interface and IP addresses in different networks can function as a router or a gateway. Hostname Synonym for DNS Host. HTML (HyperText Markup Language) A standard set of commands used to structure documents and format text so that it can be used on the Web. HTTP (HyperText Transfer Protocol) HTTP is the set of rules for exchanging files (text, graphic images, sound, video, and other multimedia files) on the World Wide Web. Relative to the TCP/IP suite of protocols (which are the basis for information exchange on the Internet), HTTP is an application protocol. HTTPS (Secure Hypertext Transfer Protocol) The secure hypertext transfer protocol (HTTPS) is a communications protocol designed to transfer encrypted information between computers over the World Wide Web. HTTPS is http using a Secure Socket Layer (SSL). Hybrid Auth The Hybrid Auth extension allows the asymmetric use of digital certificates between client and server. The client verifies the authenticity of the servers credentials (certificate), and the server verifies the authenticity of the clients credentials. Companies benefit from the interoperability of standards-based IPSec with IKE as well as the increased security of the PKI at the central site, with no disruption to remote users.

G
Gateway A gateway is a network point that acts as an entrance to another network. In a company network, a proxy server acts as a gateway between the internal network and the Internet. A gateway may also be any machine or service that passes packets from one network to another network in their trip across the Internet. GNU (Gnus Not Unix) A project by Free Software Foundation to develop Free and Open Source programs and utilities for Unix operating system (including free version of Unix itself ). See http://www.gnu.org GPG (GNU Privacy Guard) A popular open-source program for encrypting and signing email based on PGP specification, some also use this as synonym term for PGP. See http://www.gnupg.org/ GPL GNU Public License - a very very popular license often used by people who create free and open source programs and packages. Its features include requirement that any modified version of program also be GNU licensed. See http://www.gnu.org/licenses/licenses.html Green Screen Terminal Terminals that are designed to be centrally-managed, configured with only essential equipment, and devoid of CD-ROM players, diskette drives, and expansion slots (and therefore lower in cost). Greylisting A technique where for some (or all) email SMTP connections an MTA responds with temporary failure error requiring delivery to be retried at later time. Normally this is used so that delivery attempts from previously unknown source could be correlated to better decide if that new source is likely to be good or bad. See http://www.greylisting.org/ GW-MTA Gateway Message Transfer Agent - a gateway MTA that accepts a message and further retransmits it to a foreign mail system outside of the Internet protocol space.

H
Hacker Hacker is a term used by some to mean a clever programmer and by others, especially journalists or their editors, to mean someone who tries to break into computer systems. Harvesting A covert act in which email addresses are collected for compilation of email databases to be used for unsolicited mailings. Hash In math hash function refers to a way of converting a large data block into a much smaller data block that represents the original and which is then called a HASH. For cryptography its important that given a hash data one could not easily find another data that would produce the same hash. Currently the most widely used cryptographic hash function algorithms are MD5 and SHA-1.

2006 Sendmail Inc.

I
IANA (Internet Assigned Numbers Authority) They maintain a list of unique Internet identifiers, including protocol numbers, service numbers, DNS parameters, etc. - see http://www.iana.org IBE (Identity-Based Encryption) An encryption scheme that uses some form of a users identity, such as an email address, as the key in a public key system. First proposed by Shamir (cofounder of the widely-used RSA encryption algorithm) in 1984, its first practical implementation was derived in 2000 at Stanford University and UC Davis. ICANN (Internet Corporation for Assigned Names and Numbers) The parent organization for IANA and organization responsible for general Internet policies - see http://www.icann.org ICSA (International Computer Security Association) An organization with the mission to continually improve commercial computer security through certification of firewalls, anti-virus products and web sites. ICSA also shares and disseminates information concerning information security. IEEE (Institute of Electrical and Electronics Engineers) Ssee http://www.ieee.org IETF (Internet Engineering Task Force) Organization of engineers who develop Internet protocol standards, see http://www.ietf.org IETF BOF BoF is an acronym for birds of feather - a term used to describe group of people with common interests. At IETF a BOF is a meeting on which formation of the new IETF Working Group is discussed. IETF WG (IETF Work Group) A group of engineers within IETF working on standard in specific area as defined by WG Charter (all work within IETF is done in WGs). II2O (Intelligent Input/Output) Intelligent Input/Output (I2O) is a hardware specification that describes a model for offloading I/O processing from the CPU. The model is after the style of what has been used in very large mainframes for years. It is not a replacement for the PCI architecture. IIM (Identified Internet Mail) A proposal by Cisco such that sending MTAs would add a special header with RSA signature and public key and they key can be verified by looking up its fingerprint in a special key registration server database. See [Draft-IIM] and http://www.identifiedmail.com IKE (Internet Key Exchange) Refers to protocol or service for exchanging public keys between different Internet end-notes and used for IPSEC, see [RFC2409] www.rfc.net. IM (Instant Messaging) A form of messaging service where small text messages can be sent directly from one persons computer to another. See http://www.jabber.org, http://www.icq.com, http://www.aim.com and http://messenger.msn.com IMAP (Internet Mail Access Protocol) A protocol that can be used by MUA to get access to email box located at ISP mail server where MDA has delivered email, currently used version of this protocol is IMAP4, for more info see [RFC3501] www.rfc.net. Insider attack An attack originating from inside a protected network. Internet Term comes from Interconnected Network and refers to a network that connects many other networks (run by ISPs) and end-points to make one global network (as such some people now refer to Internet as International Network). Internet Draft A working document of IETF, usually a proposal for protocol extension or new protocol. Not all Internet Drafts become RFCs but all new RFCs were once Internet Drafts. IKE (Internet Key Exchange) A hybrid protocol whose purpose is to negotiate, and provide authenticated keying material for, security associations in a protected manner. Processes which implement this protocol can be used for negotiating virtual private networks (VPNs) and also for providing a remote user from a remote site (whose IP address need not be known beforehand) access to a secure host or network.

Internet worm Unlike a virus, an Internet worm does not infect other files. It creates copies of itself over and over again until it exhausts system resources. The best known Internet worm was Loveletter, which was actually a mixed threat: a mass-mailing Internet worm, an overwriting file virus, and a password-stealing Trojan. Intrusion detection Detection of break-ins or break-in attempts by reviewing logs or other information available on a network. IP (Internet Protocol) The Internet Protocol is the method or protocol by which data is sent from one computer to another on the Internet. Each computer (known as a host) on the Internet has at least one address that uniquely identifies it from all other computers on the Internet. IP Address IP Addresses are identifiers of end-point network nodes for systems connected to the Internet. There are two types of ip addresses - 32bit ip addresses used with IPv4 and 128bit addresses for IPv6. IP hijacking An attack where an active, established session is intercepted and taken over by the attacker. May take place after authentication has occurred which allows the attacker to assume the role of an already authorized user. IPR (Intellectual Property Rights) Patent or patent application for some technology or algorithm. IPR have negative effect if they apply to technology that becomes standard as license is then required to use the technology which often limits its use only to companies that agree to terms imposed by such license. IPSEC (Internet Protocol Security ) A developing standard for security at the network or packet processing layer of network communication. IPSEC provides two choices of security service: Authentication Header (AH), which essentially allows authentication of the sender of data, and Encapsulating Security Payload (ESP), which supports both authentication of the sender and encryption of data as well. IP spoofing An attack where the attacker impersonates a trusted system by using its IP network address. IPv4 Internet Protocol version 4 (in this case 4 is protocol number, its not really 4th generation of protocol). Its one major drawback is the use of 32-bit ip addresses which will not be enough given the number of people who want to use Internet. Protocol core specification is described in [RFC791] www.rfc.net. IPv6 Internet Protocol version 6 (6 is protocol number, it is actually the 2nd generation Internet protocol and as such was referred to as IP-NG) which is currently beginning to get deployed. It uses 128-bit ip addresses system unlike 32-bit with IPv4 and also includes a number of other advanced features. See [RFC2460] www.rfc.net. IRC (Internet Relay Chat) A protocol used for real-time user chat computer networks (which are hence called irc networks), largest networks have tens of thousands of users chatting connected to series of interconnected servers. See http://www.irchelp.org IRTF (Internet Research Task Force) A sister organization to IETF which does research in areas of Internet technologies and can often involve early work that later is picked up by IETF WG. See http://www.irtf.org ISDN (Integrated Services Digital Network A set of communications standards allowing a single wire or optical fibre to carry voice, digital network services and video. ISDN gives a user up to 56 kbps of data bandwidth on a phone line that is also used for voice, or up to 128 kbps if the line is only used for data. ISO (International Standards Organization) Official name is actually International Organization for Standardization - see http://www.iso.org ISOC (Internet Society) An open organization whose mission is developing the Internet for the benefit of people throughout the world, they sponsor activities of IETF and RFC Editor. See http://www.isoc.org ISP (Internet Service Provider) A term used to describe a company providing Internet access to the public. Each ISP runs its own network and connected together (with other organizations networks) they all make up what we call Internet.

2006 Sendmail Inc.

10

ITU (International Telecommunication Union) An UN organization that sets policies, procedures and standards for international telecommunications. See http://www.itu.int ITU-T (International Telecommunication Union Standardization Bureau) The telecommunications standardization sector of the ITU.

M
MAC (Media Access Control) On a network, the MAC address is your computers unique hardware number. The MAC address is used by the Media Access Control sublayer of the DataLink Control (DLC) layer of telecommunication protocols. There is a different MAC sublayer for each physical device type. The Data-Link Layer is the protocol layer in a program that handles the moving of data in and out across a physical link in a network. Macro Virus Macro viruses are small programs written using the internal programming language of a specific application program that replicate within documents created by the application program. Common examples of application programs that use macros include word processors such as Word and spreadsheets such as Excel. Madrid MTA Authorization Records In DNS - an IETF WG that existed between April and September 2004 to discuss standardization of LMAP / Designated Sender related proposals. It came close to standardizing SPF, but was disbanded because of pressure from Microsoft to standardize SenderID which had technical problems that were never resolved and had Microsoft claimed intellectual property rights with a license offered all incompatible with Open Source software. Mail Bomb A type of DOS attack that involves sending a large number of email messages to the victims email address or to the victims email server in an attempt to overload the server or to make email box unusable and difficult to find good messages among the bad ones. Mail List While it means simply a list of email addresses, usually it refers to discussion forum where each person on mail list can send an email that would be forwarded to every other person on the same list. Mail From The dialogue between the sending and receiving MTAs, and executes the email message transmission. The command contains the information necessary to determine where the email came from, including information contained in the Purported Responsible Address. Malicious Code Malicious code is any code added, changed, or removed from a software system in order to intentionally cause harm or subvert the intended function of the system. Traditional examples of malicious code include viruses, worms, Trojan Horses, and attack scripts, while more modern examples include Java attack applets and dangerous ActiveX controls. Malware Software that includes any threatening programs that are meant to be destructive, such as viruses and worms. Management Domain In a policy enforced network, a management domain consists of one or more policy groups. A management domain usually encompasses a large category of users. For example, a management domain might contain all users who work with an organizations financial data or with an insurance companys patient records. Management domains may also be specific to business relationships such as extranet partnerships or branch-office data transfer. MAPI (Messaging Application Programming Interface) An interface developed by Microsoft that provides messaging functions including addressing, sending, receiving and storing messages. Simple MAPI includes some of these functions. Extended MAPI includes all of these functions. MAPS (Mail Anti-abuse Prevention System) A first blacklist originally started by Pail Vixie and now operated by independent company as commercial reputation service. See http://www.mail-abuse.org Mass (Mail Authentication Signature Service) An IETF BoF and possible future WG. BoF proceedings and presentations are at http://www.ietf.org/ proceedings/04aug/230.htm and comparison of proposals is at http://www.elan.net/~william/ emailsecurity/emailsignatures-comparisonmatrix.htm. For public mail list subscription info see http://www.imc.org/ietf-mailsig/index.html Mass-mailer Mass mailers are worms that attach themselves to malicious email sent automatically to contacts in an address book or corresponding list. Mass mailers often harvest these email addresses from the hard drives of infected computers. Typically a mass mailer arrives at a computer attached to an email message. In some cases such an infected attachment can start automatically, in other cases a user has to run the attachment in order to become infected.

J
Java Java is a programming language expressly designed for use in the distributed environment of the Internet. It was designed to have the look and feel of the C++ language, but it is simpler to use than C++ and enforces a completely object-oriented view of programming. Java can be used to create complete applications that may run on a single computer or be distributed among servers and clients in a network. It can also be used to build small application modules or applets for use as part of a Web page. Applets make it possible for a Web page user to interact with the page. JOE-JOB This term is used to describe what happens when a spammer chooses the email address of an unsuspecting user as the spoofed source email. The spoofed user then receives bounces (from failed delivery attempts) and angry complaints from people who did not want to receive those emails.

K
KEA (Key Exchange Algorith) A general term used to describe various proposals for automated exchange of cryptographic keys such as ones used for IKE. Kerberos Kerberos was created by MIT as a solution to network security problems. The Kerberos protocol uses strong cryptography so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server has used Kerberos to prove their identity, they can also encrypt all of their communications to assure privacy and data integrity as they go about their business. Key In cryptography, a key is a variable value that is applied using an algorithm to a string or block of unencrypted text to produce encrypted text. The length of the key generally determines how difficult it will be to decrypt the text in a given message. Key Management The establishment and enforcement of message encryption and authentication procedures, in order to provide privacy-enhanced mail (PEM) services for electronic mail transfer over the Internet.

L
LDA (Local Delivery Agent) Mail system component that delivers the message to the local message store. This is used either as a synonym for MDA or to describe an actual mail delivery component of it. LDAP (Lightweight Directory Access Protocol) LDAP is an emerging software protocol for enabling anyone to locate organizations, individuals, and other resources such as files and devices in a network, whether on the Internet or on a corporate intranet. LDAP is a lightweight (smaller amount of code) version of DAP (Directory Access Protocol), which is part of X.500, a standard for directory services in a network. Litigation Protection Litigation protection is both the review and recording of Internet, intranet and extranet communications that is done in order to avoid litigation or the documentation of the communications parties and content in the event of litigation. LMAP (Lightweight MTA Authentication Protocol) Refers to working group within ASRG that took place at the end of 2003 to try to unify multiple proposals (RMX, DMP, SPF, DRIP, MTAMARK) that focused on per-hop authentication based on SMTP client IP. While no unified protocol was agreed upon, the result was a draft discussing this approach to email authentication. MAAWG (Messaging Anti-Abuse Working Group) A group comprised of messaging service providers (primarily ISPs) and companies that provide them with services and software whose purpose is to address and create strategies to defeat several forms of messaging abuse including spam, virus attacks, denial-of-service attacks, and others.

11

2006 Sendmail Inc.

MD5 Message Digest #5 Algorithm (designed by Ronald Rivest along with RSA encryption), see [RFC1321] www.rfc.net. MDA (Mail Delivery Agent) System that is the end-point of SMTP transmission. It delivers email message into a storage device where it can then be picked up or directly accessed by an MUA. MDN (Mail Disposition Notification) A type of DSN that can be sent indicating successful delivery. Messaging Gateway Appliance A server-class computer that enhances MTA services by filtering incoming and outgoing mail for spam, viruses, and other malware. The device is often designed to also serve as the MTA. META [1] General term that comes from Greek and means with or about, in computer systems it is usually used to mean additional information or related information. META [2] Message Enhancements for Transmission Authorization - META Signatures is a proposal for automated email cryptographic signatures that are to be added by MTAs with flexible syntax to support signatures that can be verified after common email modifications (such as with mail lists) and authorization support for DNS and http verification of public key or fingerprint or based on existing X.509 certificate or from PGP key server. See http://www.metasignatures.org META TAG [1] In HTML <META> tags are used in the <HEAD> section and provide references to and short description of topic(s) that are related to content of the web page. META TAG [2] When used to refer to subject of email messages this is a reference to topic of discussion which is usually put inside [ ...] in Subject: header, mail lists often add this automatically. MIB (Management Information Base) A database of objects that can be monitored by an SNMP-based network management system. Standardized MIB formats allow any SNMP tool to monitor any device defined by a MIB. MIME (Multipurpose Internet Mail Extensions) IETF standard for email content allowing multiple types of objects to be included as part of text data message, see [RFC2045], [RFC2046], [RFC2047], [RFC2048], [RFC2049] www.rfc.net. Monitoring A view of individual user activity on a network, generally in real time. Provides administrators with the ability to view the content of user utilized applications. MOSS (MIME Objects Security Services) First, now obsolete IETF standard for encryption of MIME emails. MRA (Mail Redirection Agent) An intermediate MTA or other SMTP participating entity that changes destination or source of email message in transit. Forwarders and Mail Lists are two well known types of Mail Redirection Systems. MSA (Mail Submission Agent) Program on the sender side that initiates email transmission. MTA (Mail Transfer Agent) Any server utilizing SMTP protocol to send and receive email messages. MTAMARK Proposal that allows ip address owners to mark (indicate) in INADDR by means of TXT record if a particular ip address can or can not be the source of SMTP transmission. MTS (Message Tracking Server) A tracking server provides messages tracking data to a tracking client and is a repository of the information about a message passing through a particular MTA. See [RFC3885], [RFC3886], [RFC3887], [RFC3888] www.rfc.net. MUA (Mail User Agent) Program used by users to read email (same program is also usually an MSA). Multipartite virus Infects both program and files, master boot records, boot sector and it must be cleaned away. Use a clean, write-protected boot disk to boot your system from drive A:\ to make sure that it is being cleaned. MX (Mail Exchange) A type of DNS RR that identifies MTAs that are supposed to receive email destined to addresses in particular domain.

N
NANAE (News.Admin.Net-Abuse.Email) A USENET newsgroup dedicated to discussions of email abuse and spam, see http://groups.google.com/group/news.admin.net-abuse.email and http://www.nanae.org NANOG (North American Network Operators Group) A discussion forum for network operators involved in running Internet Infrastructure. Despite that email security and spam issues are off-topic, such discussions happen there almost every day. See http://www.nanog.org NAPT (Network Address Port Translation NAPT is a special case of NAT, where many IP numbers are hidden behind a number of addresses, but in contrast to the original NAT this does not mean there can be only that number of connections at a time. In NAPT an almost arbitrary number of connections is multiplexed using TCP port information. The number of simultaneous connections is limited by the number of addresses multiplied by the number of TCP ports available. NAR (Network Address Retention) A simplified IP addressing capability that eliminates the need to establish an intermediate IP address between a router and a firewall. Sometimes called Proxy-ARP. This feature allows the implementation of a firewall into an existing network without having to establish a new IP address scheme. NAT (Network Address Translation) Allows your Intranet to use addresses that are different from what the outside Internet thinks you are using. It permits many users to share a single external IP address at the same time. The NAT provides what some people call address hiding, which is, as it suggests, security through obscurity at best. Network Service Access Policy A high level, issue specific policy which defines those services that will be allowed or explicitly denied from a restricted network, the way in which these services will be used, and the conditions for exceptions to the policy. NDN (Non-Delivery Notification) A type of DSN that is sent when email can not be delivered. NIST (National Institute of Standards and Technology) US government organization responsible for setting and publishing standards and researching technologies used by US government. They published specifications for several cryptography algorithms such as DES or AES. See http://www.nist.gov NNTP (Network News Transfer Protocol) The predominant protocol used by computers (servers and clients) for managing the notes posted on newsgroups. NNTP replaced the original Usenet protocol, UNIX-to-UN. Node A network junction or connection point. Every terminal, server, computer,hub and switch in any network is a node. NOFWS (No Folding White Space) A canonicalization algorithm used in DK, IIM and META Signatures when creating the message digest. Using this algorithm allows message digest verification to work even after some common transformations (additions and deletions of extra empty line before message body is common with mail lists for example) that sometimes happen at MTA message handling. Nonrepudiation The goal of nonrepudiation is to prove that a message has been sent and received. This is extremely important in networks where commands and status must be issued and responded to, where financial transactions must be verifiably completed, and where signed contracts are transmitted. NSA (National Security Agency) An agency in US government responsible for collection and analysis of communication and security in US government and military communications. They have sponsored developments of number of cryptographic algorithms. See http://www.nsa.gov NSF (National Science Foundation) An agency in US Government that sponsored development of early Internet in 1980s and early 1990s as way to connect research networks of different universities. See http://www.nsf.gov NSSN (National Standards System Network) Affiliated with ANSI, see http://www.nssn.org

2006 Sendmail Inc.

12

O
ODBC (Open Database Connectivity) ODBC is a standard or open application programming interface (API) for accessing a database. By using ODBC statements in a program, you can access files in a number of different databases, including Access, dBase, DB2, Excel, and Text. In addition to the ODBC software, a separate module or driver is needed for each database to be accessed. OpenPGP An Open Specification for Pretty Good Privacy - IETF standard for PGP signed messages. Extends PGP to do encryption on MIME parts similar to S/MIME, see [RFC2440], [RFC3156]. Also used to refer to IETF WG with same name, see http://www.ietf.org/html.charters/openpgp-charter.html. www.rfc.net. Open Relay This refers to a RELAY system that does not have any authorization in place to decide on which messages should be retransmitted. While such systems are now rare, previously they were present in abundance (no authorization for relaying was default installation 5-10 years ago) and were often misused for purposes of helping to redistribute unwanted email. OPT-IN A general term used to indicate when a person has agreed to receive emails from some mail list or other type of discussion forum, ie. when he/she has asked to be subscribed OPT-IN, Confirmed A term indicating that opt-in subscription was confirmed by the user. Typically it involves sending a verification email to the user requesting some action. Positive action from the user is interpreted as a decision to subscribe. OPT-IN, Double A term primarily used by companies sending large amount of email who insist that users have requested to be on their list - in most of the cases this is not so and users receive email unsolicited. OSI [1] (Open Systems Interconnect Reference Model) Developed by ISO in 1984 it is now considered primary architectural model of intercomputer communications. It describes how information from an application on one system moves through a network to another system and separates tasks involved in that process into several layers: Application, Presentation, Session, Transport, Network, Data Link and Physical connection. See http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/introint.htm OSI [2] (Open Source Initiative) An effort to promote development and use of free and open software products, see http://www.opensource.org OSS (Open Source Software) Usually used in the same context as F/OSS although technically it just means the software which source code is available and can be used and modified by somebody other than its original author but not that its necessarily free.

Password-based attacks An attack where repetitive attempts are made to duplicate a valid log-in and/or password sequence. Path Email path is an ordered list of mail systems that some message can pass through on the way from sender to recipient. Email path may consist of just two servers or may involve many MTAs and MRAs (i.e. mail lists, forwarding and other systems). Path Authentication A technical name used to describe the type of email authentication seen in proposals like RMX, DMP, CID and its successors SPF and SID. In this authentication each system on the email message PATH authenticates the previous system on the PATH based on the attributes of that system (rather than on attributes of the message itself ) and together this forms complete scheme. PEM Privacy Enhancement for Internet Electronic Mail - first (and no longer used) IETF standard for email encryption, see [RFC1421], [RFC1422], [RFC1423], [RFC1424] www.rfc.net. Perimeter network See DMZ. PGP (Pretty Good Privacy) A cryptographic product family that enables people to securely exchange messages, and to secure files, disk volumes and network connections with both privacy and strong authentication. PGP/MIME Often used as reference to OpenPGP (PGP/MIME is MIME type for PGP signatures) PHISHING Internet scam where spoofed emails are sent that trick consumers into going to criminal-run website that looks like some other official site (like a bank site) and asks users to provide account information, username and passwords, bank account numbers, social security numbers, etc. Ping of Death Attack A notorious exploit that (when first discovered) could be easily used to crash a wide variety of machines by overrunning the size limits in their TCP/IP stacks. The term is now used to refer to any nudge delivered by hackers over the network that causes bad things to happen on the system being nudged. PKCS (Public-Key Cryptography Standards) The Public-Key Cryptography Standards are specifications produced by RSA Laboratories in cooperation with secure systems developers worldwide for the purpose of accelerating the deployment of public-key cryptography. First published in 1991 as a result of meetings with a small group of early adopters of public-key technology, the PKCS documents have become widely referenced and implemented. PKCS1 (Public-Key Cryptography Standard #1) RSA Encryption, see info on RSA below, see [RFC2313] www.rfc.net. PKCS7 (Public-Key Cryptography Standard #7) Standard for cryptographic messages, see CMS above, see [RFC2315] www.rfc.net. PKCS10 (Public-Key Cryptography Standard #10) Certificate Request Syntax, see [RFC2314]. www.rfc.net PKI (Public Key Infrastructure) A PKI (public key infrastructure) enables users of a basically unsecure public network such as the Internet to securely and privately exchange data and money through the use of a public and a private cryptographic key pair that is obtained and shared through a trusted authority. PKIX An IETF WG that focuses on creating standards for X.509 based public key infrastructure, see http://www.ietf.org/html.charters/pkix-charter.html. Platform attack An attack that is focuses on vulnerabilities in the operating system hosting the firewall. PEN (Policy Enforced Network) A Policy Enforced Network is a management architecture in which the creation, delivery and enforcement of business rules in an information network are defined and automated. Policy Enforced Networking is designed to bring structure and organization to information networks whether they are within a campus or are distributed around the globe.

P
Packet A packet is the unit of data that is routed between an origin and a destination on the Internet or any other packet-switched network. When any file (email message, HTML file, GIF file, URL request, and so forth) is sent from one place to another on the Internet, the Transmission Control Protocol (TCP) layer of TCP/IP divides the file into chunks of an efficient size for routing. Each of these packets is separately numbered and includes the Internet address of the destination. The individual packets for a given file may travel different routes through the Internet. When they have all arrived, they are reassembled into the original file (by the TCP layer at the receiving end). Packet Filters Packet filters keep out certain data packets based on their source and destination addresses and service type. Filters can be used to block connections from or to specific hosts, networks or ports. Packet filters are simple and fast. However, they make decisions based on a very limited amount of information. Packet Sniffing Intercepting packets of information (including such things for example as a credit card number ) that are traveling between locations on the Internet. PAP (Password Authentication Procedure) A procedure used to validate a connection request. After the link is established, the requestor sends a password and an id to the server. The server either validates the request and sends back an acknowledgement, terminates the connection, or offers the requestor another chance.
13

2006 Sendmail Inc.

PEP (Policy Enforcement Points) In a policy enforced network, a policy enforcement point represents a security appliance used to protect one or more endpoints. PEPs are also points for monitoring the health and status of a network. PEPs are generally members of a policy group. Policy Groups In a policy enforced network (PEN), a policy group represents endpoint groups and their associated policy enforcement points. A policy group also contains business rules concerning membership, access privileges, and traffic flow (including data authentication, encryption, and address translation). In most cases, a policy groups members are related to each other in ways useful to the organization. Policy groups are generally members of a management domain. PMZ (Policy Management Zone) The Policy Management Zone protects communications between trusted parties and firewalls access to untrusted domains in an information network. Policy Rules In a policy enforced network (PEN), policy rules determine how the members and endpoint groups of a policy group communicate. Polymorphic virus A type of virus that changes its code segments so that it appears different from one infected file to another, thereby making detection more difficult. POP [1] (Post Office Protocol) A protocol by which an MUA can download emails stored on ISP or organization mail server. Current version is POP3 and it is widely used supported by MUAs, see [RFC1939] www.rfc.net. POP [2] (Point of Presence) Network node setup by an ISP to handle connectivity in a particular city or region. POP3 (Post Office Protocol Version 3) A standard protocol used to allow users to download their email from the mail server to their computer. Postmaster Email address of the mail service administrator - all domains are required to have postmaster PPP (Point-to-Point Protocol). PPPoE (Point-to-Point Protocol over Ethernet) PPP over Ethernet (PPPoE) provides the ability to connect a network of hosts over a simple bridging access device to a remote Access Concentrator (Server). PPTP (Point-to-Point Tunneling Protocol) Point-to-Point Tunneling Protocol (PPTP) is a network protocol that enables the secure transfer of data from a remote client to a private enterprise server by creating a virtual private network (VPN) across TCP/IP-based data networks. PPTP supports on-demand, multi-protocol, virtual private networking over public networks, such as the Internet. PRA (Purported Responsible Address) An email address from Resent-Sender: header or if not found then from Resent-From: or if not found then from Sender: or if not found then from From: header. As specified in RFC2822 this should provide an email address of the user responsible for initiating the current email transmission. Its notable that Microsoft has incorrectly taken this to be an address associated with the last MTA mail message passed through and is improperly using in its CID and SID proposals to provide per-hop authentication of the MTA based on its ip address. www.rfc.net Private Key In cryptography, a private or secret key is an encryption/decryption key known only to the party or parties that exchange secret messages. In traditional secret key cryptography, a key would be shared by the communicators so that each could encrypt and decrypt messages. The risk in this system is that if either party loses the key or it is stolen, the system is broken. A more recent alternative is to use a combination of public and private keys. In this system, a public key is used together with a private key. Protocol A special set of rules for communicating that the end points in a telecommunication connection use when they send signals back and forth. Protocols exist at several levels in a telecommunication connection. There are hardware telephone protocols. There are protocols between the end points in communicating programs within the same computer or at different locations. Both end points must recognize and observe the protocol. Protocols are often described in an industry or international standard.

Protocol Attacks A protocol attack is when the characteristics of network services are exploited by the attacker. Examples include the creation of infinite protocol loops which result in denial of services (e.g., echo packets under IP), the use of information packets under the Network News Transfer Protocol to map out a remote site, and use of the Source Quench protocol element to reduce traffic rates through select network paths. Proxy An agent that acts on behalf of a user, typically accepting a connection from a user and completing a connection on behalf of the user with a remote host or service. See also gateway and proxy server. Proxy server A server that acts as an intermediary between a computer and the Internet to ensure security, administrative control, and caching service. Caching speeds up Internet access. If an Internet site is frequently requested, it is kept in the proxys cache, so that when you request it again, it is delivered directly from the proxys cache instead of from the original Internet site. Proxy Server A proxy server is one that acts on behalf of one or more other servers, usually for screening, firewall, caching, or a combination of these purposes. Gateway is often used as a synonym for proxy server. Typically, a proxy server is used within a company or enterprise to gather all Internet requests, forward them out to Internet servers, and then receive the responses and in turn forward them to the original requestor within the company. PTR (Domain Name Pointer) A DNS RR that is used primarily to associate an ip address with a hostname (which is then sometimes called a reverse DNS [host]name for IP). Public Key A public key is a value provided by some designated authority as a key that, combined with a private key derived from the public key, can be used to effectively encrypt and decrypt messages and digital signatures. The use of combined public and private keys is known as asymmetric encryption. A system for using public keys is called a public key infrastructure (PKI).

Q
QoS (Quality of Service) On the Internet and in other networks, QoS is the idea that transmission rates, error rates, and other characteristics can be measured, improved, and, to some extent, guaranteed in advance. QoS is of particular concern for the continuous transmission of high-bandwidth video and multimedia information.

R
RA (Registration Authority) An RA is an authority in a network that verifies user requests for a digital certificate and tells the certificate authority (CA) to issue it. RAs are part of a public key infrastructure (PKI), a networked system that enables companies and users to exchange information and money safely and securely. RADIUS (Remote Authentication Dial-In User Service) A client/server protocol and software that enables remote access servers to communicate with a central server to authenticate dial-in users and authorize their access to the requested system or service. RADIUS allows a company to maintain user profiles in a central database that all remote servers can share. RAS (Remote Access Services) A feature built into Windows NT that enables users to log into an NT-based LAN using a modem, X.25 connection or WAN link. RAS works with several major network protocols, including TCP/IP, IPX, and NetBEUI. RBL (Real Time BlockList) Blacklist with access to it available to other parties through the Internet. RCPT TO An SMTP processing command that informs the receiving MTA ofwhich email address the message is being sent to.The sending MTA waits forverification that the receiving MTA will authorize receipt of a message to thataddress.There may be an unlimited number of RCPT TO commands in anyone SMTP message transmission dialogue. Real-time Scanner One of the scanning options that only operates in the background. It automatically monitors the computer system to provide high security against unknown threats. The Real-time Scanners uses minimal memory usage allows users to continue working at a normal speed.

2006 Sendmail Inc.

14

REGEX (Regular Expressions) A standard system for expressing pattern matching formulas that are widely supported by many libraries. For more info see http://sitescooper.org/tao_regexps.html. Relay In email this refers to a MTA system that without any modification to email message or its destination or source addresses retransmits the message to another MTA system. Replay Prevention To provide protection against replay attacks in which a message is stored and re-used later, replacing or repeating the original. See also Anti-replay service. Replication Replication is a well-known behavior of a virus. It allows plenty of time to replicate before it activates. Reputation Reputation is data collected by independent party on various email senders, what kind of email messages they sent and what are their policies dealing with abuse. This independent party (reputation provider) then makes the data available to recipients who can make more informed decision on acceptance or rejection of email messages from authenticated sender based on their reputation. Responsible Submitter An entity that is most recently responsible for injecting or re-injecting message into transport stream - this is not necessarily the original submitter but includes forwarders and redirecting agents that re-inject the message. An SMTP extension of SUBMITTER has been proposed to have this information passed along as part of SMTP2821 session. RFC (Request for Comments) Refers to IETF RFCs which are not really requests for comments but rather a publication usually specifying some technical standard or specification on how various technologies are to be used on the Internet. www.rfc.net. Rijndael Rijndael is a block cipher, designed by Joan Daemen and Vincent Rijmen (its name is derived from their last names). It became base algorithm for AES, see http://csrc.nist.gov/CryptoToolkit/aes/rijndael/ RIP (Routing Information Protocol) The oldest routing protocol on the Internet and the most commonly used routing protocol on local area IP networks. Routers use RIP to periodically broadcast which networks they know how to reach. RMX (Reverse MX) A proposal by Hadmut Danisch for a new DNS RR to be used to indicate the list of ip addresses of systems authorized to use a given domain in SMTP2821 MAIL FROM address, this proposal became the basis for more comprehensive SPF protocol. For more information see http://www.danisch.de/work/security/antispam.html. Rootkit Software that conceals logins, processes, files, logs or system data. Rootkits are often used to hide malware or other unwanted processes that are installed on, or operating on a system. Routing Agent On the Internet, an agent (also called an intelligent agent) is a program that gathers information or performs some other service without your immediate presence and on some regular schedule. Typically, an agent program, using parameters you have provided, searches all or some part of the Internet, gathers information youre interested in, and presents it to you on a daily or other periodic basis. RSA (Rivest-Shamir-Adleman) One of the fundamental encryption algorithms or series of mathematical actions developed in 1977 by Ron Rivest, Adi Shamir, and Leonard Adleman. The RSA algorithm is the most commonly used encryption and authentication algorithm and is included as part of the Web browsers from Netscape and Microsoft. RSACi (Recreational Software Advisory Council on the Internet) A computer software ratings system of Web site content developed by RSACI in response to the passage of US federal legislation prohibiting the transmittal of offensive, or indecent, materials over the Internet. RSACi was developed with the express intent of providing a simple, yet effective rating system for web sites which protect both children, by providing and empowering parents with detailed information about site content, and the rights of free speech of everyone who publishes on the World Wide Web.

Rules Criteria that are used to organize and control incoming messages automatically. When you set up a rule, you designate the criteria that selects a specific class of messages and then you select one or more actions to handle the messages that meet the criteria.

S
SBL (Spamhaus Block List) See http://www.spamhaus.org/sbl/ Scan engine Software that scans computer systems for security threats such as viruses and worms. Antivirus scan engines use virus signature files to receive updates on the latest security threats. Antivirus scan engines also need to be upgraded once in a while. Scanner A virus detection program that searches, prevents and removes any malicious code on your system. See also Antivirus. Screening router A router configured to permit or deny traffic based on a set of permission rules installed by the administrator. SCV (Sender Callout Verification) This is the same as Callback Verification, see CBV SCVP (Simple Certificate Validation Protocol) SECG (Standards for Efficient Cryptography Group) See http://www.secg.org. Security Association (SA) A Security Association (SA) is a relationship between two or more entities that describes how the entities will utilize security services to communicate securely. This relationship is represented by a set of information that can be considered a contract between the entities. The information must be agreed upon and shared between all the entities. Secure Hash Algorithm-1 (SHA-1) A one-way cryptographic function which takes a message produces a 160-bit message digest. A message digest is a value generated for a message or document that is unique to that message, and is sometimes referred to as a fingerprint of that message or data. Once a message digest is computed, any subsequent change to the original data will, with a very high probability, cause a change in the message digest, and the signature will fail to verify. This process is used to compress large data strings to a 20-byte length which is used in a cryptographic process. The reduced data length relieves computational requirements for data encryption. Self-signed Certificate A self-signed certificate uses its own certificate request as a signature rather than the signature of a CA. A self-signed certificate will not provide the same functionality as a CA-signed certificate. A self-signed certificate will not be automatically recognized by users browsers, and a self-signed certificate does not provide any guarantee concerning the identity of the organization that is providing the website. Sender Authentication Verification of the source of an email message transmission. This technique has been proposed as a way of reducing or eliminating spam by requiring some type of sender authentication scheme that is communicated between sending and receiving email systems. See Caller ID, DKIM, DRIP, IIM, Path Authentication, PRA, Sender ID, SES, SID, and SPF. Sender ID Microsoft sponsored email authentication proposal based on CID but uses SPF records, see SID. Sendmail The Mail Transfer Agent (MTA) initially responsible for the routing of Internet Mail. Approximately 70% of the worlds email traffic crosses a sendmail MTA. Invented by co-founder Eric Allman, the sendmail MTA is available as an Open Source product or available in commercial software. www.sendmail.com. SES (Signed Envelope Sender) A proposal that describes how cryptographic message signature can be added in envelope MAIL FROM address. The signature is not based on public key cryptography but on HMAC and requires the use of a special verification server. See http://ses.codeshare.ca.

15

2006 Sendmail Inc.

Session In the Open Systems Interconnection (OSI) communications model, the Session layer (sometimes called the port layer) manages the setting up and taking down of the association between two communicating end points that is called a connection. A connection is maintained while the two end points are communicating back and forth in a conversation or session of some duration. Some connections and sessions last only long enough to send a message in one direction. However, other sessions may last longer, usually with one or both of the communicating parties able to terminate it. SGML (Standard Generalized Markup Language) A format and syntax for text documents that allows to add special meaning and processing semantics. SGML is derived from work on IBM Generalized Markup language and is now an ISO standard (ISO8879), it is most often used as a way to construct other markup languages each for their own field or for specific purpose, for example both HTML and XML are derivatives of SGML. See http://www.w3.org/MarkUp/SGML/Shared POP3 mailbox. SHA (Secure Hash Algorithm) This refers to standards for creating a cryptographic digest as set out by NIST. SHA-1 (Secure Hash Algorithm #1) A superior and more secure hash/digest algorithm that is now starting to be used as replacement for MD5. The #1 comes from FIPS180 as it was the FIPS180-1 that first specified this standard and algorithm (original FIPS180 had what some now call SHA0 but that algorithm was found to have flaws). SHA1 is a 160-bit digest algorithm and for IETF standards some of which are now based on SHA1, the technical details are described in [RFC3174] www.rfc.net. SHA-2 SHA224, SHA256, SHA384 and SHA512 are new more secure versions that use the same algorithm as SHA1 to produce longer digest (thus less prone to possible collisions). 224, 256, 384 and 512 refer to number of bits in the resulting digest. SHA-2 refers to that they all were first mentioned in FIPS1802 document (the last and current version of SHA standard). Shared Secret An authentication method used to establish trust between computers in a VPN that utilizes a password, also termed pre-shared authentication keys, for establishing trustnot for application data packet protection. SHS (Secure Hash Standard) Usually used as synonym for SHA. SID Sender-ID - in email security this refers to a Microsoft proposal for verification of email sender based on PRA address derived from headers Sender, From, Resent-Sender, Resent-From, which unlike its predecessor Caller-ID is using SPF DNS records. The proposal has serious flaws both in how it is using PRA (which provides original email sender and not address of last hop) and in that it is using SPF v1 records that are published specifically for MAIL FROM (bounce address) authentication. Another controversy regarding SID revolves in that Microsoft claims intellectual property rights and license they proposed is not compatible with GPL and most other open-source software licenses. Signature File A file of virus patterns that can be compared with the content of existing files, as well as files downloaded or received in email messages, to determine if they are infected with a virus. Vendors of anti-virus software update these signatures frequently as new viruses are discovered Signatures Viruses employ signatures by which they identify themselves to themselves and thereby avoid corrupting their own code. Standard viruses, including most macro viruses, use character-based signatures. More complex viruses, such as polymorphic viruses, use algorithmic signatures. Skipjack An encryption algorithm developed by NSA and proposed for clipper chip and also in some key exchange algorithm proposals. See http://csrc.nist.gov/encryption/skipjack/skipjack.pdf . Slip SLIP is a TCP/IP protocol used for communication between two machines that are previously configured for communication with each other. SLIP has been largely supplanted by PPP. Smart Card About the size of a credit card, a smart card is a plastic card with an embedded microchip that can be loaded with data, used for telephone calling, electronic cash payments, and other applications, and then periodically recharged for additional use. Currently used to establish your identity when logging on to an Internet access provider.

SMF (Standard Message Format) A message file format established by Novell and used by many email applications. S/MIME (Secure/ Multipurpose Mail Extensions) S/MIME is an E-mail security protocol. It was designed to prevent the interception and forgery of E-mail by using encryption and digital signatures. S/MIME builds security on top of the MIME protocol and is based on technology originally developed by RSA Data Security, Inc. S/MIME v2 S/MIME version 2.0 - S/MIME standard for email signing and encryption using RSA algorithm for encryption and MD5 algorithm for hash, see [RFC2311], [RFC2312], [RFC2313], [RFC2314], [RFC2315] www.rfc.net. S/MIME v3 S/MIME version 3.0 - S/MIME standard for email signing and encryption using Deffie-Hellman algorithm for encryption and SHA-1 algorithm for hash, see [RFC2633], [RFC2634] www.rfc.net. SMTP (Simple Mail Transfer Protocol) A protocol used in sending and receiving email. Most email systems that send mail over the Internet use SMTP to send messages from one server to another; the messages can then be retrieved with an email client using either POP3 or IMAP . SNMP (Simple Network Management Protocol) The protocol governing network management and the monitoring of network devices and their functions. SOA (Start Of Authority) This is DNS record that marks the beginning of a zone and contains information about zone including hostmaster address, and caching information such as TTL and expire time. Social engineering An attack based on tricking or deceiving users or administrators into revealing passwords or other information that compromises a target systems security. Social engineering attacks are typically carried out by telephoning users or operators and pretending to be an authorized user. Source-Routing Normal IP packets have only source and destination addresses in their headers, leaving the actual route taken to the routers in between the source and the destination. Source-routed IP packets have additional information in the header that specifies the route the packet should take. This additional routing is specified by the source host, hence the name source-routed. Source-Route Attack A form of spoofing whereby the routing, as indicated in the source routed packet, is not coming from a trusted source and therefore the packet is being routed illicitly. Spam Spam is unsolicited junk email. From the senders point of view, it is a form of bulk mail. To the receiver, it is usually considered to be junk email. Its roughly equivalent to unsolicited telephone marketing calls except that the user pays for part of the message since everyone shares the cost of maintaining the Internet. Spammers typically send an email to a distribution list with millions of addresses, expecting only a tiny number of readers to respond to their offer. Spam has become a major problem for all Internet users. Spamhaus [1] Organization finding and exposing spammers who are doing it as their primary business activity. Some people believe that although billions of spam emails are sent every day the number of organizations and people responsible for 99% of all that is only several hundred. See http://www.spamhaus.org. Spam-l Old and quite popular mail list dedicated to discussions of email abuse and spam, see http://www.claws-and-paws.com/spam-l/. Spam Trap 1 A list of nonexistent email addresses placed on a Web page or a discussion board that are likely to be harvested by spammers using Web crawlers to look for addresses. Spam sent to these addresses will be rejected, as they are fake. The term for a check box on a Web order form is defaulted to yes or I agree, but positioned on the page so that it will most likely be overlooked. When it remains checked the user is placed on a spammers target list. SPEWS (Spam Prevention Early Warning System) An anonymous group dedicated to exposing and stopping spammers and those organizations that provide them services. See http://www.spews.org

2006 Sendmail Inc.

16

SPF [1] (Sender Policy Framework (previously known as Sender Permitted From) Specification of format for DNS records that allows domain owner and SMTP operator to specify policies that are followed by those using that domain in email messages and the list of MTA IP addresses that can be source of such email. Based largely on DMP and RMX proposals. See http://spf.pobox.com . SPF [2] (Shortest Path First) Algorithm (Dijkstra SPF algorithm) - used in some routing protocols (such as OSPF) to determine best routing path for network traffic. Spoofing The term for establishing a connection with a forged sender address. This normally involves exploiting a trust relationship that exists between source and destination addresses/systems. Spyware Software that gathers information about a users Web surfing habits and sends that data to its home website. While it is usually intended to track habits in order to build marketing profiles, spyware is often used for nefarious purposes, and many consider it an invasion of privacy. Spyware is often included in free or commercial downloads, and may be downloaded to a users computer merely as the result of visiting a website. SRS (Sender Rewriting Scheme) A system of retaining original bounce address within new bounce address added by MRA when it wants to become directly responsible for receiving bounces. This is needed for SPF to work with all forwarders. For more information see http://spf.pobox.com/srs.html and http://www.libsrs.org/ and http://www.libsrs2.org/. SRV (DNS Service Records) For a domain or host this is a general DNS RR type which can be used as mechanism for locating services it supports and finding which hosts and protocols are to be used for such services. See [RFC2052] www.rfc.net. SSH (Secure Shell) A protocol which permits secure remote access over a network from one computer to another. SSH negotiates and establishes an encrypted connection between an SSH client and an SSH server. SSL (Secure Sockets Layer) A program layer created by Netscape for managing the security of message transmissions in a network. Netscapes idea is that the programming for keeping your messages confidential ought to be contained in a program layer between an application (such as your Web browser or HTTP) and the Internets TCP/IP layers. The sockets part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer. Stateful Stateful and stateless are adjectives that describe whether a computer or computer program is designed to note and remember one or more preceding events in a given sequence of interactions with a user, another computer or program, a device, or other outside element. Stateful means the computer or program keeps track of the state of interaction, usually by setting values in a storage field designated for that purpose. Stealth virus A virus that hides itself in the boot sector so it remains undetected, making it difficult to disinfect. It has the ability to alter data to hide the virus by intercepting the boot sector. Stateful inspection Analysis of data within the lowest levels of the protocol stack and comparing the current session to previous ones in order to detect suspicious activity. Unlike application level gateways, stateful inspection uses business rules defined by the user and therefore does not rely on predefined application information. Stateful inspection also takes less processing power than application level analysis. Stateful inspection firewalls do not recognize specific applications and thus are unable to apply different rules to different applications. Stealth Virus Stealth viruses hide the modifications they make to your files or boot records, attempting to defeat anti-virus programs. STOP (Stack Overflow Protection) Stack or buffer overflow attacks continue to be a favorite technique used by hackers for breaking into servers. STOP reallocates the location of the system stack. The stack is the area to which the attacker is trying to have the data overflow. This is like reshuffling the cards in a deck, making it very difficult for the attacker to predict the location for the overflow data. This simple and transparent approach renders overflow attacks unsuccessful. Submitter A person or entity that submits mail to an MSA (i.e. the very first entity that starts mail transmission).
17

S/WAN (Secure Wide Area Network) An initiative to promote the deployment of Internet based Virtual Private Networks (VPN). Symmetric Key A symmetric key is one that can be used for both encryption and decryption of the same message. This is also sometimes called single key and private key (but this one can be confusing with private keys in public key cryptography, see above). For message signing it would be necessary for both sender and recipient to know this key and to have kept it private from everyone else. SYN Flood Attack A TCP connection is initiated when a client issues a request to a server with the SYN flag set in the TCP header. Normally the server will issue a SYN/ACK back to the client identified by the 32-bit source address in the IP header. The client will then send an ACK to the server and data transfer can commence. When the client IP address is spoofed (changed) to be that of an unreachable host, however, the targeted TCP cannot complete the three-way hand-shake and will keep trying until it times out. That is the basis for the attack.

T
Tarpit Tuning an MTA system to purposely respond slowly (instead of immediately rejecting it and closing connection) when it identifies an incoming email as undesirable. Some use it as a way to cause spammer server(s) to slow down so they are no longer able to send large amounts of email. TCP (Transmission Control Protocol) Protocol that most of Internet other protocols use for intercommunications, it provides a system for negotiating a data transmission channel between two network end-points with error correction and retransmission on failure. [RFC793] www.rfc.net. TCP/IP (Transmission Control Protocol/Internet Protocol) The standard family of protocols for communicating with Internet devices.TCP over IP protocol - UDP is also often considered to be part of it and together the provide the base set of protocols of todays Internet. [RFC791], [RFC793], [RFC768] www.rfc.net. Telnet A terminal emulation program for TCP/IP networks such as the Internet. The Telnet program runs on your computer and connects your PC to a server on the network. You can then enter commands through the Telnet program and they will be executed as if you were entering them directly on the server console. Time bomb A time bomb uses some specific date or time to trigger the activation. TLD (Top Level Domain) On the Internet all domains have naming system like d.c.b.a where a, b, c, d are levels in domain naming tree. The a part is the first level and thus called top level domain. Some well known top level domains are .com, .net, .org, .uk, .de, .name, .biz, etc. TLS (Transport Layer Security) A standard for providing encryption of cryptography based security for TCP/IP communication channel (usually TCP session). Other protocols use this as layer to provide secure connection such as with HTTPS. See [RFC2246] www.rfc.net. 3DES (Triple DES) Triple DES is simply another mode of DES operation. It takes three 64-bit keys, for an overall key length of 192 bits. The procedure for encryption is exactly the same as regular DES, but it is repeated three times. Hence the name Triple DES. The data is encrypted with the first key, decrypted with the second key, and finally encrypted again with the third key. Trojan Horse A term from Greek mythology which in computer security is used as reference to a distractive or malicious program that is disguised as legitimate software or part of it. This is one of the ways a system can become a zombie - it may involve hacking a website carrying good software and replacing it (or adding to it) a trojan zombie code, or a person may receive an email attachment which lists itself as good software (like virus cleaning software) but in reality is zombie trojan. Token Ring A type of computer network in which all the computers are arranged (schematically) in a circle. A token, which is a special bit pattern, travels around the circle. To send a message, a computer catches the token, attaches a message to it, and then lets it continue to travel around the network. Tracking The logging of inbound and outbound messages based on a predefined criteria. Logging is usually done to allow for further analysis of the data at a future date or time.
2006 Sendmail Inc.

TTL (Time To Live) All DNS records have these values which specify the amount of time DNS servers and applications are allowed to cache the record. TUA (Tracking User Agent) An entity that initiates message tracking request, see [RFC3888] www.rfc.net. Tunnel The path established by one network to send its data via another networks connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, Microsofts PPTP technology enables organizations to use the Internet to transmit data across a virtual private network (VPN). It does this by embedding its own network protocol within the TCP/IP packets carried by the Internet. Tunneling router A router or system capable of routing traffic by encrypting it and encapsulating it for transmission across an untrusted network, for eventual de-encapsulation and decryption.

UUCP (UNIX-to-UNIX Copy Protocol) A set of UNIX programs for copying (sending) files between different UNIX systems and for sending commands to be executed on another system. UUencode A data encoding standard developed to translate or convert a file or email attachment (it can be an image, a text file, or a program) from its binary or bit-stream representation into the 7-bit ASCII set of text characters.

V
Vandal A vandal is an executable file, usually an applet or an ActiveX control, associated with a Web page that is designed to be harmful, malicious, or at the very least inconvenient to the user. Since such applets or little application programs can be embedded in any HTML file, they can also arrive as an email attachment or automatically as the result of being pushed to the user. Vandals can be viewed as viruses that can arrive over the Internet stuck to a Web page. Vandals are sometimes referred to as hostile applets. Variant (Virus Variant) A modified version of an original virus, which can be varied by simply changing text or just adding or deleting a few lines of code.Viruses are commonly changed, and sometimes damaged, by other virus authors over time. A variant often escapes detection when it is first released. VBScript (Visual Basic Script) VBScript is an interpreted script language from Microsoft that is a subset of its Visual Basic programming language. VBScript can be compared to other script languages designed for the Web such as Netscapes JavaScript. VERP (Variable Envelope Return Paths) A way of including recipient address as part of RFC2821 MAIL FROM (bounce address), this is used by mail lists in order to better handle bounce messages and be able to automatically unsubscribe users with bad addresses. See http://cr.yp.to/proto/verp.txt. Virus A virus is a piece of programming code, usually disguised as something else, that causes some unexpected and usually undesirable event. A virus is often designed so that it is automatically spreads to other computer users. Viruses can be transmitted as attachments to email messages, as downloads, or be present on a diskette or CD. The person from whom the emails appear to be sent, or from whom the downloaded files or diskettes originate, is often unaware of the virus. Some viruses wreak their effect as soon as their code is executed; other viruses lie dormant until circumstances cause their code to be executed by the computer. Some viruses are playful in intent and effect (Happy Birthday, Ludwig!) and some can be quite harmful, erasing data or causing your hard disk to require reformatting. Virus Scanner A program that searches files for possible viruses, including email and attachments. Virus signature files Antivirus scanning engines rely on virus signature files to feed them information on new security threats. Virus signature files are usually updated at least once a week. VPN (Virtual Private Networking) A VPN is a technology that overlays communications networks with a management and security layer. Though VPN technology, network managers can set up secure relationships while still enjoying the low cost of a public network such as the Internet.

U
UBE (Unsolicited Bulk Email) Often used as synonym for SPAM, more specifically unsolicited emails (commercial or otherwise) sent in large quantities UCE (Unsolicited Commercial Email) Often used as synonym for SPAM, more specifically this is unsolicited emails with commercial advertisement (which may or may not be sent in mass). UDP (User Datagram Protocol) A connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. Its used primarily for broadcasting messages over a network. UNIX A multiuser, multitasking operating system widely used in workstations and servers, and as an underlying operating system for appliances such as MTAs.Variants are also used for embedded applications within consumerproducts such as cell phones and personal digital assistants. There are many variants, and variants of variants, on the market today. While it was originally developed by AT&Ts Bell Laboratories in the 1960s, the trademark is now held by The Open Group. URI (Universal Resource Identifier) A specification for identifying element of the Internet infrastructure, these developed from http://, news:// and similar protocol and location naming conventions used by web browsers, where they are called URL. [RFC2396] www.rfc.net. URL (Uniform Resource Locator) An address in a standard format that locates files (resources) on the Internet and the Web. The type of resource depends on the Internet application protocol. Using the World Wide Webs protocol, the Hypertext Transfer Protocol (HTTP), the resource can be an HTML page (like the one youre reading), an image file, a program such as a CGI application or Java applet, or any other file supported by HTTP. The URL contains the name of the protocol required to access the resource, a domain name that identifies a specific computer on the Internet, and a hierarchical description of a file location on the computer. URL Blocking The tracking and denying of user access to undesirable web sites based on predefined site content. USENET (Unix User Network) Originally a system for individual (not directly connected) Unix computers to exchange and share messages (usually through telephone connections). Now almost all usenet messages are distributed on the Internet and this refers to a set of protocols for generating, storing, retrieving and exchanging news articles (the structure of which resembles Internet mail messages). User Administration User Administration is a process aimed at creating users efficiently, controlling what they can do, limiting the damage they can cause, and monitoring their activities on a system or network. ULA (User Level Authentication) User Level Authentication refers to the ability to track the usage of a VPN connection Ito a given individual, on a specific machine, during a specific time period, by the assignment of a unique username. It also implies the restriction of patron use of the VPN in an anonymous manner.

W
W3 (Word Wide Web Consortium) An organization working on standards for WWW protocols and language, including HTML, HTTP and others. See http://www.w3.org. WAP (Wireless Application Protocol) An open global standard for communications between a mobile handset and the Internet or other computer applications as defined by the WAP forum. Web Attack Any attack from the outside aimed at Web server vulnerabilities. Web Browser A Web browser is a client program that uses the Hypertext Transfer Protocol (HTTP) to make requests of Web servers throughout the Internet on behalf of the browser user. Web denial-of-service The Web server is specifically subjected to denial-of-service attacks.

2006 Sendmail Inc.

18

Whitelist A whitelist is a list of email addresses or domain names from which spam filters will allow messages to be received. The list can be gradually compiled over a period of time, and can be edited whenever the user wants. Whois A protocol used on the Internet that allows to find the person or entity responsible for given Internet resource (primarily used for domains and ip addresses) and associated technical, administrative, abuse and other contacts, [RFC954] www.rfc.net. For whois queries see http://www.completewhois.com. Windows Management Instrumentation Windows Management Instrumentation (WMI), is a set of extensions to the Windows Driver Model. WMI provides an operating system interface through which instrumented components can provide information and notification. WinNuke Attack WinNuke is a Windows DoS (Denial of Service) attack which can cause Windows NT & 95 (and in some cases, Windows 3.11) stations to panic and lose their network connections. WinNuke sends a string (in the original source code the string is bye) to your NETBIOS port (139) using OOB (Out Of Band data). The port is open by default on most Windows machines and is used for networking over TCP/IP. The problem is that Windows, although it supports OOBs, doesnt know what to do with them all the time. Windows 95 goes for the exception handler, and fails, leaving most users with a blue screen. Worm A type of virus that disables a computer by creating a large number of copies of itself within the computers memory, forcing out other programs. Worm viruses are generally constructed to also copy themselves to other linked computers. WWW (Word Wide Web) A general name used to refer to web browsing, see W3, HTTP, HTML.

XAuth The XAuth extension to the IKE protocol allows two-factor authentication for remote users: The digital certificate authenticates the users machine or desktop, while the use of passwords or tokens binds that user to his digital ID and authorizes him for network access. XML (Extensible Markup Language) A simple and flexible text format derived from SGML (and considered by some a superset of HTML) capable of being used as general data language for many protocols and applications. See http://www.w3.org/XML/. X-TOKEN In email this is a general term for any non-standard primarily site-specific header or its parameter. The convention is that all such parameters should have a name that starts with x- or X-.

Z
Zero-Day An exploit that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. A worm or virus attack uses email to deliver its destructive cargo. Blocking these threats requires more than the traditional approach to fighting viruses. Zero-Hour Security functionality that eliminates security vulnerabilities within hours of being generally known. Blocking these threats requires techniques beyond traditional spam or viruses approaches. This protection is usually the result of network-based threat prevention technology. Zombie In computer security this means a hacked or compromised (possibly by virus) system being remotely controlled by somebody other than its owner. These are often used by spammers to distribute SPAM and may also get used for DDOS attacks (primarily with IRC controlled zombies). This term is synonymous with DRONE and BOT [2]. ZombieNet Zombie Network, also known as Zombie Army - this refers to large number ZOMBIE computers which are controlled by single entity. Spammers and their associates create large zombie networks to send their emails and for other purposes, they also sell either complete zombie networks or number of zombie computers on their blackmarket. This term is synonymous with BOTNET and DRONE ARMY. Zombie PC Primarily used to reference Windows Personal Computer that became a ZOMBIE. Microsoft Windows with its numerous security holes and large installed user base is the primary type of Zombie systems. Zoo virus A virus that is only found in a virus laboratory for the collections of researchers. As these viruses are not known to have appeared in the wild, they are kept closely guarded to prevent their outbreak.

X
X.500 Directory X.500 Directory Service is a standard way to develop an electronic directory of people in an organization so that it can be part of a global directory available to anyone in the world with Internet access. Such a directory is sometimes called a global White Pages directory. X.509 The most widely used standard for defining digital certificates. X.509 is actually an ITU Recommendation, which means that has not yet been officially defined or approved. As a result, companies have implemented the standard in different ways. For example, both Netscape and Microsoft use X.509 certificates to implement SSL in their Web servers and browsers. But an X.509 Certificate generated by Netscape may not be readable by Microsoft products, and vice versa.

19

2006 Sendmail Inc.

Some Email and Cryptography Standards and Publications

IETF RFCs Access all IETF RFCs from official IETF site: http://www.ietf.org/rfc.html Access all IETF RFCs from FAQs.Org: http://www.faqs.org/faqs/ Access email and related RFCs from IMC: http://www.imc.org/rfcs.html Access email and related RFCs from All Things Email: http://ref.allthingsemail.org/rfcs/index.html Access partial list of security RFCs from DFN CERT: http://www.cert.dfn.de/eng/resource/rfc/ Access list of DNS security and related RFCs from DNSSEC.NET: http://www.dnssec.net/rfc.php [RFC768] Postel, J. User Datagram Protocol, August 1980 http://www.ietf.org/rfc/rfc768.txt [RFC791] DARPA Internet Program Protocol Specifications: Internet Protocol, September 1981 - http://www.ietf.org/rfc/rfc791.txt [RFC793] DARPA Internet Program Protocol Specifications: Transmission Control Protocol, September 1981 - http://www.ietf.org/rfc/rfc793.txt [RFC821] Postel, J. Simple Mail Transfer Protocol, August 1982 http://www.ietf.org/rfc/rfc821.txt (obsoluted by [RFC2821]) [RFC822] Crocker, D. Standard For The Format of ARPA Internet Text Messages, August 1982 - http://www.ietf.org/rfc/rfc822.txt (obsoluted by [RFC2822] [RFC954] Harrenstien, K. NICNAME/WHOIS, October 1982 http://www.ietf.org/rfc/rfc812.txt [RFC959] Postel, J. File Transfer Protocol (FTP), October 1985 http://www.ietf.org/rfc/rfc959.txt [RFC1035] Mockapetris, P. Domain Names - Implementation and Specification, November 1987 - http://www.ietf.org/rfc/rfc1035.txt [RFC1321] Rivest, R. The MD5 Message-Digest Algorithm, April 1992 http://www.ietf.org/rfc/rfc1321.txt [RFC1421] Linn, J. Privacy Enhancement for Internet Electronic Mail: Part I: Message Encryption and Authentication Procedures, February 1993 http://www.ietf.org/rfc/rfc1421.txt [RFC1422] Kent, S. Privacy Enhancement for Internet Electronic Mail: Part II: Certificate-Based Key Management, February 1993 http://www.ietf.org/rfc/rfc1422.txt [RFC1423] Balenson, D. Privacy Enhancement for Internet Electronic Mail: Part III: Algorithms, Modes, and Identifiers, February 1993 http://www.ietf.org/rfc/rfc1423.txt [RFC1424] Kaliski, B. Privacy Enhancement for Internet Electronic Mail: Part IV: Key Certification and Related Services, February 1993 http://www.ietf.org/rfc/rfc1424.txt [RFC1425] Klensin, J. SMTP Service Extensions, February 1993 http://www.ietf.org/rfc/rfc1425.txt [RFC1829] Karn, P. The ESP DES-CBC Transform, August 1985 http://www.ietf.org/rfc/rfc1829.txt [RFC1939] Myers, J. Post Office Protocol - Version 3, May 1996 http://www.ietf.org/rfc/rfc1939.txt [RFC2045] Freed, N. Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies, November 1996 - http://www.ietf.org/rfc/rfc2045.txt

[RFC2046] Freed, N. Multipurpose Internet Mail Extensions (MIME) Part Two: Media Types, November 1996 - http://www.ietf.org/rfc/rfc2046.txt [RFC2047] Moore, K. MIME (Multipurpose Internet Mail Extensions) Part Three: Message Header Extensions for Non-ASCII Text, November 1996 http://www.ietf.org/rfc/rfc2047.txt [RFC2048] Freed, N. Multipurpose Internet Mail Extensions (MIME) Part Four: Registration Procedures, November 1996 - http://www.ietf.org/rfc/rfc2048.txt [RFC2049] Freed, N. Multipurpose Internet Mail Extensions (MIME) Part Five: Conformance Criteria and Examples, November 1996 http://www.ietf.org/rfc/rfc2049.txt [RFC2052] Gulbrandsen, A., Vixie P. A DNS RR for specifying the location of services (DNS SRV), October 1996 - http://www.ietf.org/rfc/rfc2052.txt [RFC2060] Crispin, M. Internet Message Access Protocol - Version 4rev1, December 1996 - http://www.ietf.org/rfc/rfc2060.txt (obsoluted by [RFC3501]) [RFC2231] Freed, N., Moore K. MIME Parameter Value and Encoded Word Extensions: Character Sets, Languages, and Continuations, November 1997 http://www.ietf.org/rfc/rfc2231.txt [RFC2234] Crocker, D. (Ed.) Augmented BNF for Syntax Specifications: ABNF, November 1997 - http://www.ietf.org/rfc/rfc2234.txt [RFC2246] Dierks, T. The TLS Protocol Version 1.0, January 1999 http://www.ietf.org/rfc/rfc2246.txt [RFC2311] Dusse, S. S/MIME Version 2 Message Specification, March 1998 http://www.ietf.org/rfc/rfc2311.txt [RFC2312] Dusse, S. S/MIME Version 2 Certificate Handling, March 1998 http://www.ietf.org/rfc/rfc2312.txt [RFC2313] Kalinski, B. PKCS #1: RSA Encryption Version 1.5, March 1998 http://www.ietf.org/rfc/rfc2313.txt (obsoluted by [RFC2437] and [RFC3447]) [RFC2314] Kalinski, B. PKCS #10: Certification Request Syntax Version 1.5, March 1998 - http://www.ietf.org/rfc/rfc2314.txt [RFC2315] Kalinski, B. PKCS #7: Cryptographic Message Syntax, Version 1.5, March 1998 - http://www.ietf.org/rfc/rfc2315.txt (obsoluted by new standard, see [RFC3369]) [RFC2396] Berners-Lee T., Uniform Resource Identifiers (URI): Generic Syntax, August 1998 - http://www.ietf.org/rfc/rfc2396.txt [RFC2409] Harkins, D., Carrel, D. The Internet Key Exchange (IKE), Nov 1998 http://www.ietf.org/rfc/rfc2409.txt [RFC2411] Thayer, R. IP Security Document Roadmap, November 1998 http://www.ietf.org/rfc/rfc2411.txt [RFC2437] Kaliski, B., Staddon J. PKCS #1: RSA Cryptography Specifications Version 2.0, October 1998 - http://www.ietf.org/rfc/rfc2437.txt (obsoluted by [RFC3447]) [RFC2440] Callas, J. OpenPGP Message Format, November 1998http://www.ietf.org/rfc/rfc2440.txt [RFC2460] Deering, S., Hinden R. Internet Protocol, Version 6 (IPv6) Specification, December 1998 - http://www.ietf.org/rfc/rfc2460.txt [RFC3156] Elkins, M. MIME Security with OpenPGP, August 2001 http://www.ietf.org/rfc/rfc3156.txt

2006 Sendmail Inc.

20

[RFC2459] Housley, R.Internet X.509 Public Key Infrastructure Certificate and CRL Profile, January 1999 - http://www.ietf.org/rfc/rfc2459.txt [RFC2535] Eastlake, D. Domain Name System Security Extensions, March 1999 http://www.ietf.org/rfc/rfc2535.txt [RFC2536] Eastlake, D. DSA KEYs and SIGs in the Domain Name System (DNS), March 1999 - http://www.ietf.org/rfc/rfc2536.txt [RFC2537] Eastlake, D. RSA/MD5 KEYs and SIGs in the Domain Name System (DNS), March 1999 - http://www.ietf.org/rfc/rfc2537.txt [RFC2538] Eastlake, D, Storing Certificates in the Domain Name System, March 1999 http://www.ietf.org/rfc/rfc2538.txt [RFC2630] Housley, R. Cryptographic Message Syntax, June 1999 http://www.ietf.org/rfc/rfc2630.txt [RFC2631] Rescorla, E. Diffie-Hellman Key Agreement Method, June 1999 http://www.ietf.org/rfc/rfc2631.txt [RFC2633] Ramsdell, B. S/MIME Version 3 Message Specification, June 1999 http://www.ietf.org/rfc/rfc2633.txt [RFC2634] Hoffman, P., Enhanced Security Services for S/MIME, June 1999 http://www.ietf.org/rfc/rfc2634.txt [RFC2821] Klensin, J. Simple Mail Transfer Protocol, April 2001 http://www.ietf.org/rfc/rfc2821.txt [RFC2822] Resnick, P. (Ed.) Internet Message Format, April 2001 http://www.ietf.org/rfc/rfc2822.txt [RFC3029] Adams, C., Internet X.509 Public Key Infrastructure Data Validation and Certification Server Protocols, Feb 2001 http://www.ietf.org/rfc/rfc3029.txt [RFC3110] Eastlake, D. RSA/SHA-1 SIGs and RSA KEYs in the Domain Name System (DNS), May 2001 - http://www.ietf.org/rfc/rfc3110.txt (for additional reference also see [RFC2535] and [RFC2537]) [RFC3174] Eastlake, D. US Secure Hash Algorithm 1 (SHA1, September 2001 http://www.ietf.org/rfc/rfc3174.txt [RFC3268] Chown, P. Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS), June 2002 - http://www.ietf.org/rfc/rfc3268.txt [RFC3278] Blake-Wilson, S. Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS), April 2002 http://www.ietf.org/rfc/rfc3278.txt [RFC3369] Housley R. Cryptographic Message Syntax (CMS), August 2002 http://www.ietf.org/rfc/rfc3369.txt [RFC3379] Pinkas, D. Delegated Path Validation and Delegated Path Discovery Protocol Requirements, September 2002 - http://www.ietf.org/rfc/rfc2379.txt [RFC3447] Jonsson, J., Kaliski B. Public-Key Cryptography Standards (PKCS) #1: RSA Cryptography Specifications Version 2.1, February 2003 http://www.ietf.org/rfc/rfc3447.txt (obsoletes [RFC2437]) [RFC3445] Massey, D. Limiting the Scope of the KEY Resource Record (RR), December 2002 - http://www.ietf.org/rfc/rfc3445.txt [RFC3461] Moore, K. Simple Mail Transfer Protocol (SMTP) Service Extension for Delivery Status Notifications (DSNs), January 2003 http://www.ietf.org/rfc/rfc3461.txt

[RFC3501] Crispin, M. Internet Message Access Protocol - Version 4rev1, March 2003 http://www.ietf.org/rfc/rfc3501.txt [RFC3548] Josefsson, S. (Ed.) The Base16, Base32, and Base64 Data Encodings, July 2003 - http://www.ietf.org/rfc/rfc3548.txt [RFC3565] Schaad, J. Use of the Advanced Encryption Standard (AES) Encryption Algorithm in Cryptographic Message Syntax (CMS), July 2003 http://www.ietf.org/rfc/rfc3565.txt [RFC3885] Allman, E. SMTP Service Extension for Message Tracking, Sep 2004 http://www.ietf.org/rfc/rfc3885.txt [RFC3886] Allman, E. An Extensible Message Format for Message Tracking Responses, September 2004 - http://www.ietf.org/rfc/rfc3886.txt [RFC3887] Hansen, T. Message Tracking Query Protocol, September 2004 http://www.ietf.org/rfc/rfc3887.txt [RFC3888] Hansen, T. Message Tracking Model and Requirements, Sep 2004 http://www.ietf.org/rfc/rfc3888.txt

Internet Drafts
Access Internet Drafts from IETF official location: http://www.ietf.org/ID.html Access Internet Drafts (including expired) from Pataroo: http://bgp.potaroo.net/ietf/html/indexb.html Access email related Internet Drafts from All Things Email: http://ref.allthingsemail.org/ids/index.html [Draft-BATV] Levine, J., Crocker D. Bounce Address Tag Validation (BATV), September 2004 http://www.ietf.org/Internet-drafts/draft-levine-mass-batv-00.txt [Draft-CSV] Crocker, D., Leslie J., Otis D. Client SMTP Validation (CSV), July 2004 http://www.ietf.org/Internet-drafts/draft-ietf-marid-csv-intro-01.txt [Draft-DNA] Leslie J., Crocker, D., Otis D., Domain Name Accreditation (DNA), July 2004 - http://www.ietf.org/Internet-drafts/draft-ietf-marid-csv-dna-01.txt [Draft-DNSBL] Levine, J. DNS Based Blacklists and Whitelists for E-Mail, November 2004 http://www.ietf.org/Internet-drafts/draft-irtf-asrg-dnsbl-01.txt [Draft-DNSSEC] Arends, R., Austein, Larson, M. R. DNS Security Introduction and Requirements, October 2004 - http://www.ietf.org/Internet-drafts/draftietf-dnsext-dnssec-intro-13.txt [Draft-DK] Delaney, M. Domain-based Email Authentication Using Public-Keys Advertised in the DNS (DomainKeys), August 2004 http://www.ietf.org/Internet-drafts/draft-delany-domainkeys-base-01.txt [Draft-DKIM] Allman, E. DomainKeys Identified Mail Signatures (DKIM) draft-ietf-dkimbase-02, May 2006 https://datatracker.ietf.org/public/idindex.cgi?command=show_wg_id&id=1671 [Draft-DRIP] Brand R.S. Designated Relays Inquiry Protocol (DRIP), October 2003 http://asrg.kavi.com/apps/group_public/download.php/25/DRIP [Draft-IIM] Fenton, J., Thomas M. Identified Internet Mail, October 2004 http://www.ietf.org/Internet-drafts/draft-fenton-identified-mail-01.txt [Draft-LMAP] Levine, J., DeKok A. Lightweight MTA Authentication Protocol (LMAP) Discussion and Comparison, Feb 2004 http://asrg.kavi.com/apps/group_public/download.php/31/draft-irtf-asrglmap-discussion-00.txt [Draft-MTAMARK] Stumpf, M., Hoehne, S. Marking Mail Transfer Agents in Reverse DNS with TXT RRs, October 2004 - http://www.ietf.org/Internet-drafts/draftstumpf-dns-mtamark-03.txt
21 2006 Sendmail Inc.

[Draft-Redirected] Leibzon, W. Email Forwarding and Redirection Trace Headers, November 2004 - http://www.elan.net/~william/emailsecurity/draft-leibzonemailredirection-traceheaders-00.txt [Draft-Submitter] Leibzon, W. Responsible Submitter of an E-mail Message, October 2004 http://www.ietf.org/Internet-drafts/draft-leibzon-responsible-submitter-00.txt [Draft-RMX] Danisch, H. The RMX DNS RR and method for lightweight SMTP sender authorization, May 2004 - http://www.danisch.de/work/security/txt/ draft-danisch-dns-rr-smtp-04.txt [Draft-SCVP] Malpani, A., Simple Certificate Validation Protocol (SCVP), April 2004 http://www.ietf.org/Internet-drafts/draft-ietf-pkix-scvp-14.txt (see also [RFC3379]) [Draft-SPF] Schlitt, W., Wong, M. Sender Policy Framework: Authorizing Use of Domains in E-MAIL, Dec 2004 - http://www.schlitt.net/spf/spf_classic_libspf2/draftschlitt-spf-02.txt

[FIPS186-2] US Department of Commerce, National Institute of Standards and Technology Digital Signature Standard, Jan 2000 [changed] - http://csrc.nist.gov/publications/fips/fips186-2/fips186-2-change1.pdf [FIPS196] US Department of Commerce, National Institute of Standards\and Technology Entity Authentication using Public Key Cryptography, Feb 1997 http://csrc.nist.gov/publications/fips/fips196/fips196.pdf [FIPS197] US Department of Commerce, National Institute of Standards and Technology Advanced Encryption Standard (AES), Nov 2001 - http://csrc.nist.gov/ publications/fips/fips197/fips-197.pdf [FIPS198] US Department of Commerce, National Institute of Standards and Technology The Keyed-Hash Message Authentication Code (HMAC), Mar 2002 http://csrc.nist.gov/publications/fips/fips198/fips-198a.pdf

Standards for Efficient Cryptography Group Documents

[SEC1] Elliptic Curve Cryptography - http://www.secg.org/collateral/sec1_final.pdf [SEC2] Recommended Elliptic Curve Domain Parameters - http://www.secg.org/ collateral/sec2_final.pdf

Federal Information Processing Standards (FIPS) Publications

Access all FIPS Publications at their official location: http://www.itl.nist.gov/fipspubs/ [FIPS46-3] US Department of Commerce, National Institute of Standards and Technology Data Encryption Standards (DES), Oct 1999 [reaffirmed] http://csrc.nist.gov/publications/fips/fips46-3/fips46-3.pdf [FIPS81] US Department of Commerce, National Institute of Standards and Technology DES Modes Of Operation, Dec 1980 http://www.itl.nist.gov/fipspubs/fip81.htm [FIPS113] US Department of Commerce, National Institute of Standards and Technology Computer Data Authentication, May 1985 - http://www.itl.nist.gov/ fipspubs/fip113.htm [FIPS161-2] US Department of Commerce, National Institute of Standards and Technology Electronic Data Interchange (EDI), Apr 1999 [revised] http://www.itl.nist.gov/fipspubs/fip161-2.htm [FIPS171] US Department of Commerce, National Institute of Standards and Technology Key Management Using ANSI X9.17, Apr 1992 - http://csrc.nist.gov/ publications/fips/fips171/fips171.txt [FIPS173-1] US Department of Commerce, National Institute of Standards and Technology Spatial Data Transfer Standard (SDTS), June 1994 http://www.itl.nist.gov/fipspubs/fip173-1.pdf [FIPS180-2] US Department of Commerce, National Institute of Standards and Technology Secure Hash Standard, Aug 2002 http://csrc.nist.gov/publications/fips/fips180-2/fips180-2.pdf [FIPS181] US Department of Commerce, National Institute of Standards and Technology Automated Password Generator, Oct 1993 - http://www.itl.nist.gov/ fipspubs/fip181.htm [FIPS185] US Department of Commerce, National Institute of Standards and Technology Escrowed Encryption Standard, Feb 1994 http://www.itl.nist.gov/fipspubs/fip185.htm

Listing of some IEEE Cryptography Publications

[IEEE-P1363] Institute of Electrical and Electronics Engineers, 2000 Standard Specifications for Public Key Cryptography

Listing of some ANSI Cryptography Standards

[ANSI-X9.31-1998] Digital Signatures Using Reversible Public Key Cryptography (rDSA) for the Financial Services Industry [ANSI-X9.52-1998] Triple Data Encryption Algorithm Modes of Operation [ANSI-X9.62-1998] Public Key Cryptography for the Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA) [ANSI-X9.63-1999] Public Key Cryptography for the Financial Services Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography [ANSI-X9.71-1999] Keyed Hash Message Authentication Code

Additional Research Papers, Publications and References

[NISTGUIDE] National Institute of Standards and Technology Key Management Guideline, Part 1: General Guidance., June 2002 (second draft) http://csrc.nist.gov/encryption/kms/guideline-1.pdf [USING-PGP-SMIME] Linneweh, T. Using PGP/GnuPG and S/MIME with Email, December 2002 http://stud3.tuwien.ac.at/~e0025974/uni/folien.pdf [SAS-EXPERIMENT] Ding, X. Experimenting with Server-Aided Signatures, November 2001 http://sconce.ics.uci.edu/sucses/publications/sas_ndss02.pdf [EMAILPATH] Leibzon, W. Securing Email Path, July 2004 http://www.elan.net/~william/emailsecurity/SecuringEmailPath.pdf [EMAILPOSTMARKS] Microsoft Corporation, E-Mail Postmarks and Domain Uses Thereof , April 2004 - http://www.lessspam.org/EmailPostmarks.pdf

2006 Sendmail Inc.

22