PGP messages getting flagged as spam
Robert J. Hansen
rjh at sixdemonbag.org
Wed Oct 17 06:31:26 CEST 2007
gabriel rosenkoetter wrote:
> It's still a worthwhile check, assuming an appropriately weighted
> system (valid PGP signatures don't necessarily mean I want to read
> the email, so it's worth a few points, but definitely a less-than-1
> fraction of my "not spam, deliver it" number). Given that the default
Not really.
The instant spammers figure they can sneak past SpamAssassin a
fractional bit more by having a good PGP signature, we're going to see
an explosion of PGP/MIME. The main body will be random text and have a
valid signature; the attachment will be the permuted-per-recipient
image, and will not.
They need to sign one message and send it to ten million people. Ten
million people then need to have their spamfilters parse the PGP
signature to see whether to give it the fractional point deduction.
This is classic asymmetric warfare. In very short order so many
spammers will be using PGP/MIME that just using PGP/MIME legitimately
will raise the point value of your traffic. Which means that six months
after people start marking down PGP-signed emails, people start marking
the scores way, way up.
I don't feel like sacrificing my ability to send encrypted emails to
someone just to get an additional six months delay in the spam war.
More information about the Gnupg-users
mailing list