PGP messages getting flagged as spam
gr at eclipsed.net
Wed Oct 17 03:30:58 CEST 2007
At 2007-10-15 06:26 -0500, Ryan Malayter <malayter at gmail.com> wrote:
> The real solution would be for SpamAssasin to check that the PGP
> messages are well-formed, and verify signatures on any PGP message
> before altering its score. A tad CPU intensive, I think, and it poses
> a host of key management and trust management issues if the
> SpamAssasin systems serves many users (which most do).
It's still a worthwhile check, assuming an appropriately weighted
system (valid PGP signatures don't necessarily mean I want to read
the email, so it's worth a few points, but definitely a less-than-1
fraction of my "not spam, deliver it" number). Given that the default
install of SA in most package distributions makes use of various
DNS[/RBL] checks, I'm pretty sure that CPU time isn't the compelling
factor. I'm happy to accept a 10 minute lag in my email delivery
(from or two, really) for a 95%+ reduction in email I didn't want
to have to delete manually.
At 2007-10-15 19:51 -0700, Dave Brondsema <dave at brondsema.net> wrote:
> I have started an OpenPGP plugin for SpamAssassin that could be useful to
> assign a negative score to signed emails. See
I am interested in your project and excited by the concept, but I'm
pretty sure it will reach the point of Works Good Enough before I
have the free time to help. Good luck, though!
At 2007-10-15 16:32 +0200, Werner Koch <wk at gnupg.org> wrote:
> FWIW, a few weeks ago I received the first PGP signed spam. The
> signature was good and I believe that it was sent using a trojan
> utilizing the local MUA which was configured to sign all outgoing mail.
It was only a matter of time.
gr at eclipsed.net
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20071016/7c023124/attachment.pgp
More information about the Gnupg-users