Theo Van Dinter writes: > FWIW: While this type of thing may sound like a good idea, it also opens > you to a remote abuse of resources. If I'm a spammer and I want to > annoy people, I'd start sending all of my mails with fake signatures. > Then the recipients, who use this plugin, will get to spend a lot > of cpu time finding out that the signatures aren't good. (by "fake > signatures", it could be random strings, or I could just steal/generate > a real signature from another source...)
Yes -- I'd say replayed signatures would be very common. When spammers were doing this, one or two used Keith Dawson's sig for TBTF 2001-04-20, cut and pasted from the end of sample-nonspam.txt ;) That's the hard part alright -- it could be expensive in CPU. GPG is not as cheap as one might think. Anyway, it'd be very easy to implement this using the plugin API, btw! (hint. ;) --j.
