From: Kee Hinckley <nazgul(_at_)somewhere(_dot_)com>
forged: envelope or header values involving forgery and that are
fraudulently intended to evade filters or confuse mail recipients.
Header or envelope forgery involves false and fraudulent TBD1.
What would you call it when spam software adds headers that make it
look like the message was sent by a particular email client?
If the intent is fraudulent, then it is "forgery." Otherwise it
is no worse than sending an HTTP server other than a completely
accurate and specific name for the browser you use or adjusting
your HTTP, FTP, rlogin, telnet, BIND or other banner or version
string to be less than completely revealing.
filter: any mechanism that filters or rejects or discards mail
whether based on IP addresses, envelope values, header absence,
presence or values, words, punctuation, or other patterns in STMP
bodies, STMP authentication mechanims, time of day, or anything
else.
I'd replace "filters or rejects" with "categorizes or rejects" to
avoid the self-reference.
That would be fine, except that I'm trying to appeal to the standard
meaning of "filter" and fight the common use of "filter" in spam
circles to mean either "wonderful" or "garbage" depending on prejudices.
How about
mail filter: any mechanism that filters by rejecting or discarding ...
There's another kind of filter. One which, for lack of a better
term, looks for "lies in the headers". These can be forged routing
information, fake MUA headers or anything else that makes the message
different from real mail sent from a real user.
That is not "another kind of filter," but "another *specialized* or
*specific* kind of filter."
How about "malicious forgery filter" to make clear it is intended to
be looking for malicious nonsense instead of innocent and proper
apparent inconsistencies such as legitimate differences between envelope
sender and reverse DNS name?
Picking honest terms instead of "forgery=not yet validated" and
"filter=whatever I think can't work/is wonderful" seems to me to be the
first or at least parallel step toward a taxonomy of bad mail defenses.
To finesse the unending controversy over whether "spam" means "unsolicited
bulk," don't use the word "spam." When "unsolicited bulk email" is
intended, say so. When something else is meant, then say that instead.
The idiosyncratic definitions of "filter," "forgery," and "spam" and
the resulting arguments are unnecessary and wrong. If a position is
valid, then there is no need to redefine words in order to co-opt
their connotations. Some people don't want to see "spam" defined as
"unsolicited bulk," because they fear that their favorite evil will
get short shrift. So let's take "spam" off the table.
Vernon Schryver vjs(_at_)rhyolite(_dot_)com
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg