On Mon, 6 Mar 2017 11:15:23 -0500, Christopher Clements <bcn...@gmail.com> wrote: > On Mon, Mar 06, 2017 at 05:01:40PM +0100, Philip Hands wrote: > >However, because the spam meaasges are created by copying most of the > >headers from a genuine list mail, when you reply to such a message, it > >turns up on our lists, and looks like it might even be a reply to a real > >thread (until you notice that the body of the message they were replying > >to has never previously been seen on the list). > > Wow. > This is the exact reason I sign all my messages. > > Thanks for proving that I'm not _overly_ paranoid!
Signatures don't protect you in this case, because they only cover the message body, not even the headers. This also means that signing *everything* isn't necessarily a good idea: if you sign a re-usable message body, anyone can re-send that body and your signature with different headers (different subject, different apparent sender and recipients) and a different envelope (different real sender and recipients). Regards, Stephen
pgpJRqBOKqbyL.pgp
Description: OpenPGP digital signature
