RFC3514 specifies that
Firewalls, packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. We define a security flag in the IPv4 header as a means of distinguishing the two cases.
How is this achieved?
To solve this problem, we define a security flag, known as the "evil" bit, in the IPv4 [RFC791] header. Benign packets have this bit set to 0; those that are used for an attack will have the bit set to 1.
But what happens if an evil application refuses to co-operate and leaves the evil bit reset on packets generated by it?
RFC3514 has a submission date of 01 April 2003, but this does not:
Microsoft Office 2003 introduced Information Rights Management (IRM) that provides a way to help restrict recipients from copying, printing, or forwarding e-mail messages.
Opening the message with other e-mail applications or even using different types of accounts might result in recipients having full permissions to forward or reply all to a message.
D’oh? I’ve heard of security by obscurity, but what do you call this? Security by divine fiat? Security by Redmond insists?