At 10:40 PM 6/27/2003 +0100, Martin Radford wrote:
They could do this. On the other hand, there's some computational
cost in generating the PGP signature, which is going to slow down the
spam run. Alternatively, if they use the same message body for all
messages (and hence the same signature) the
At Fri Jun 27 16:33:17 2003, Robert Strickler wrote:
> I too have large gaps in the operation of PGP, but is it not tied to an
> email address or some other publicly available validation of the senders
> identity?
No. Well, you could use anything as an "email address" in the key -
for example,
At Fri Jun 27 15:27:18 2003, Chris Blaise wrote:
>
> > I could almost bet my left index finger on the fact that 99%
> > of those PGP-signatures are invalid. This is something that
> > SA could exploit.
>
> I'll profess some degree of ignorance about PGP signatures, but
> does it matter if
> >> I could almost bet my left index finger on the fact that 99%
> >> of those PGP-signatures are invalid. This is something that
> >> SA could exploit.
[..]
> I too have large gaps in the operation of PGP, but is it not tied to an
> email address or some other publicly available validation of the
>> I could almost bet my left index finger on the fact that 99%
>> of those PGP-signatures are invalid. This is something that
>> SA could exploit.
>I'll profess some degree of ignorance about PGP signatures, but does it
matter if it's valid or not? Couldn't a spammer generate a perfectly valid
> I could almost bet my left index finger on the fact that 99%
> of those PGP-signatures are invalid. This is something that
> SA could exploit.
I'll profess some degree of ignorance about PGP signatures, but
does it matter if it's valid or not? Couldn't a spammer generate a
perfectly v
Hi list,
Having read this for long I thought it could be my time to contribute
something. :-)
> A message just slipped through, no text, just an image. It slipped through
> with a ridiculously low score, minus .6
>
> When I expanded the headers, I found that the message got through mostly
> becau
> > A message just slipped through, no text, just an image. It slipped through
> > with a ridiculously low score, minus .6
>
> You know better by now :-) That's what you get for using SA 1.1
I'm using 2.55.
--
Jack Gostl [EMAIL PROTECTED]
-
No... I'm not suggesting anything about PGP sigs. What (I think) happened
here was that a marginally passable PGP sig was buried in the HTML portion
of the message. I almost didn't see it. So not only do I question the
negative value on a PGP sig, I'm noting that this is a suspicious sig that
slip
How can you suggest incorporating a PGP into the ruleset though?
You can check if its a valid length, but then spammers will use valid
PGP sigs.
You can't pointify all PGP sigs, because lots of valid mail is signed
w/a PGP
So you can either:
Remove the negative points for PGP sigs -- essential
Jack Gostl wrote:
A message just slipped through, no text, just an image. It slipped through
with a ridiculously low score, minus .6
You know better by now :-) That's what you get for using SA 1.1
Tony
--
Tony Earnshaw
Humor him, and he'll go away again
http://j-walk.com/blog/docs/conference.h
11 matches
Mail list logo
