On Donnerstag, 6. April 2006 23:37 Theo Van Dinter wrote:
> It's worth noting that I've seen signed mails get regularly mangled
> when going through mailing lists,
That happens when the list filters certain types of "content-type" and
such sections. It's up to the list admin to fix that.
> whic
On Thu, Apr 06, 2006 at 11:20:24PM +0200, Michael Monnerie wrote:
> Not exactly on SPAM detection rate, but on GPG/sig acceptance. If SA
> could validate such sigs, there's a big benefit for *every* recipient,
> 'cause if somebody forges e-mails with wrong sigs, it's marked as SPAM
> and sorted
On Donnerstag, 6. April 2006 23:11 Bowie Bailey wrote:
> And if a spammer decides to spoof that header? The client has no way
> to distinguish between headers added before or after it came to your
> server.
If SA runs it of course has to remove "old" such headers preexisting,
and insert it's own
Michael Monnerie wrote:
> On Donnerstag, 6. April 2006 19:34 Bowie Bailey wrote:
> > I think the real question is: "Is there a benefit to doing this?"
>
> I had an idea of a *really big* benefit:
>
> If SA checks the sig, and inserts into the header whether it's valid
> or not, even clients *with
On Donnerstag, 6. April 2006 19:34 Bowie Bailey wrote:
> I think the real question is: "Is there a benefit to doing this?"
I had an idea of a *really big* benefit:
If SA checks the sig, and inserts into the header whether it's valid or
not, even clients *without* any GPG installation can have a
Bowie Bailey writes:
> I think the real question is: "Is there a benefit to doing this?"
>
> You are creating a rule with a negative score. Negative scoring rules
> are for the purpose of preventing false positives. Are you having a
> problem with signed emails being marked as spam? If not, th
Tristan Miller wrote:
> Greetings.
>
> In article <[EMAIL PROTECTED]>, Theo Van Dinter wrote:
> > FWIW: While this type of thing may sound like a good idea, it also
> > opens you to a remote abuse of resources. If I'm a spammer and I
> > want to annoy people, I'd start sending all of my mails wit
Tristan Miller wrote:
> I could just steal/generate a real signature from another source...
A digital signature is a guarantee that the document has not been altered.
It's therefore impossible to "steal" a signature from another document and
add it to your own; the signature wouldn't verify.
Greetings.
In article <[EMAIL PROTECTED]>, Theo Van Dinter wrote:
> FWIW: While this type of thing may sound like a good idea, it also opens
> you to a remote abuse of resources. If I'm a spammer and I want to
> annoy people, I'd start sending all of my mails with fake signatures.
> Then the reci
Theo Van Dinter writes:
> FWIW: While this type of thing may sound like a good idea, it also opens
> you to a remote abuse of resources. If I'm a spammer and I want to
> annoy people, I'd start sending all of my mails with fake signatures.
> Then the recipients, who use this plugin, will get to s
On Thu, Apr 06, 2006 at 10:21:27AM -0400, Theo Van Dinter wrote:
> FWIW: While this type of thing may sound like a good idea, it also opens
[...]
Also, is this type of rule worthwhile? Yes, validly signed messages
are unlikely to be spam (currently), but are signed messages regularly
marked up as
On Thu, Apr 06, 2006 at 08:57:34AM +0200, Michael Monnerie wrote:
> I'd love to see this. For the moment, a simple check for an existing
> signature could be enough to set negative points. If spammers adopt and
> insert random pgp sigs, the real sig check could be activated. That
> would need a
On Mittwoch, 5. April 2006 22:25 Tristan Miller wrote:
> Anyone care to discuss? Has anyone else prepared some SA rulesets
> which implement any of the above checks?
Sounds very good, I love to sign e-mails, even when most receivers can't
check (is there some plugin for Outlook easy and free?).
Greetings.
Has anyone considered the utility of having SpamAssassin score based partly
on the presence and validity of an OpenPGP signature, and on the trust of
the OpenPGP key?
Here are some ideas:
1) So far I've never received any spam which has been digitally signed; on
the other hand, I do r
14 matches
Mail list logo
