>> I could almost bet my left index finger on the fact that 99% >> of those PGP-signatures are invalid. This is something that >> SA could exploit.
>I'll profess some degree of ignorance about PGP signatures, but does it matter if it's valid or not? Couldn't a spammer generate a perfectly valid PGP signature and use it in their messages to get the lower score? >IMHO, the PGP signature rule, like any the MTA rules and any other rule that depends on everyone being "honest" in not monkeying around with the message or adding stuff that could be legitmate by "normal" users is one that shouldn't exist. Or at least not have such a ridiculously negative score. >I've lowered the score to 0 in my configuration. >Chris I too have large gaps in the operation of PGP, but is it not tied to an email address or some other publicly available validation of the senders identity? What is the point of using a key for non-repudiation if you can't identify who sent the message? Robert J. Strickler ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
