On Donnerstag, 6. April 2006 23:37 Theo Van Dinter wrote:
> It's worth noting that I've seen signed mails get regularly mangled
> when going through mailing lists,
That happens when the list filters certain types of "content-type" and
such sections. It's up to the list admin to fix that.
> whic
On Thu, Apr 06, 2006 at 11:20:24PM +0200, Michael Monnerie wrote:
> Not exactly on SPAM detection rate, but on GPG/sig acceptance. If SA
> could validate such sigs, there's a big benefit for *every* recipient,
> 'cause if somebody forges e-mails with wrong sigs, it's marked as SPAM
> and sorted
On Donnerstag, 6. April 2006 23:11 Bowie Bailey wrote:
> And if a spammer decides to spoof that header? The client has no way
> to distinguish between headers added before or after it came to your
> server.
If SA runs it of course has to remove "old" such headers preexisting,
and insert it's own
Michael Monnerie wrote:
> On Donnerstag, 6. April 2006 19:34 Bowie Bailey wrote:
> > I think the real question is: "Is there a benefit to doing this?"
>
> I had an idea of a *really big* benefit:
>
> If SA checks the sig, and inserts into the header whether it's valid
> or not, even clients *with
On Donnerstag, 6. April 2006 19:34 Bowie Bailey wrote:
> I think the real question is: "Is there a benefit to doing this?"
I had an idea of a *really big* benefit:
If SA checks the sig, and inserts into the header whether it's valid or
not, even clients *without* any GPG installation can have a
Bowie Bailey writes:
> I think the real question is: "Is there a benefit to doing this?"
>
> You are creating a rule with a negative score. Negative scoring rules
> are for the purpose of preventing false positives. Are you having a
> problem with signed emails being marked as spam? If not, th
Tristan Miller wrote:
> Greetings.
>
> In article <[EMAIL PROTECTED]>, Theo Van Dinter wrote:
> > FWIW: While this type of thing may sound like a good idea, it also
> > opens you to a remote abuse of resources. If I'm a spammer and I
> > want to annoy people, I'd start sending all of my mails wit
Tristan Miller wrote:
> I could just steal/generate a real signature from another source...
A digital signature is a guarantee that the document has not been altered.
It's therefore impossible to "steal" a signature from another document and
add it to your own; the signature wouldn't verify.
Greetings.
In article <[EMAIL PROTECTED]>, Theo Van Dinter wrote:
> FWIW: While this type of thing may sound like a good idea, it also opens
> you to a remote abuse of resources. If I'm a spammer and I want to
> annoy people, I'd start sending all of my mails with fake signatures.
> Then the reci
Theo Van Dinter writes:
> FWIW: While this type of thing may sound like a good idea, it also opens
> you to a remote abuse of resources. If I'm a spammer and I want to
> annoy people, I'd start sending all of my mails with fake signatures.
> Then the recipients, who use this plugin, will get to s
On Thu, Apr 06, 2006 at 10:21:27AM -0400, Theo Van Dinter wrote:
> FWIW: While this type of thing may sound like a good idea, it also opens
[...]
Also, is this type of rule worthwhile? Yes, validly signed messages
are unlikely to be spam (currently), but are signed messages regularly
marked up as
On Thu, Apr 06, 2006 at 08:57:34AM +0200, Michael Monnerie wrote:
> I'd love to see this. For the moment, a simple check for an existing
> signature could be enough to set negative points. If spammers adopt and
> insert random pgp sigs, the real sig check could be activated. That
> would need a
On Mittwoch, 5. April 2006 22:25 Tristan Miller wrote:
> Anyone care to discuss? Has anyone else prepared some SA rulesets
> which implement any of the above checks?
Sounds very good, I love to sign e-mails, even when most receivers can't
check (is there some plugin for Outlook easy and free?).
13 matches
Mail list logo
