They could do this. On the other hand, there's some computational cost in generating the PGP signature, which is going to slow down the spam run. Alternatively, if they use the same message body for all messages (and hence the same signature) they'll be hammered by Razor and similar checksum databases.
Actually it is possible for spammers to get the best of both of these worlds.
It's possible to have only part of the message PGP signed, and have that be static and valid, and have a large quantity of surrounding text which is not signed.
If done correctly they could prevent razor from hammering them, at least for the most part, by reducing the chances that e4 winds up sub-selecting the pgp signed part of the message.
I think 2.60 did the right thing and dropped the pgp sig rule entirely.
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
