-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sat, Jul 26, 2003 at 11:18:39AM +0700, Alexander Litvinov wrote: > > Of course, in theory spammers could start including things that look like > > PGP signatures. But since most people don't use PGP or GnuPG, we don't > > have to worry about this. > > > > Later of, if spammers start to add fake PGP signatures, we can call an > > external program to check the signature. Emails whose signatures are > > recognized would automatically accepted. Having an un-recognized PGP > > signature might even count as a spam score. > > > > Thoughts? > > Spammer WILL start to use real, good signatures. It is not too hard.
Perhaps the word "fake" was not the best one to convey my meaning. Replace "use a fake signature" by "use a signature whose public key you do not already have". This would not, of course, make something "definitelly" spam. It'd just give it an additional +1.0 added to its spamminess. The point is, checking the PGP signature is a good way of finding out if someone is supposed to be writing to you. If there is a recognizable PGP sig, it counts very well (e.g. -4.5) if it's not recognized it counts a little bad (e.g. +1.0) - -- Daniel Carrera | OpenPGP fingerprint: Mathematics Dept. | 6643 8C8B 3522 66CB D16C D779 2FDD 7DAC 9AF7 7A88 UMD, College Park | http://www.math.umd.edu/~dcarrera/pgp.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (SunOS) iD8DBQE/Ig8HnxE8DWHf+OcRAu2xAJsEqtspe4XHLCMo1Bg9C/K8FTy0iwCeOSpd bJcyLD/n3HNTHiXVFMIUYpk= =Gcl4 -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk