Signing headers (was Re: Evolution signatures)

[Stewart V. Wright]

--TD8GDToEDw0WLGOL
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Just my $0.02 worth...

> > I consider some headers (especially the subject) to be part of the
> > communication of a message.  As such, I'd like to protect the privacy a=
nd
> > integrity of those parts the same way as the message itself, as much as
> > that's possible.
>=20
> Amen, brother. :-)


This might seem like a valid point that the MUA creates the Subject,
To, CC etc headers and that they are separate from the MTA/MDA but
this is unfortunately not an enforced standard.

The Uni I work at recently installed a (pretty awful) plugin for Exim
that among other things does (pretty awful) spam blocking.  This
(pretty awful) program (exiscan + spamassassin) modifies messages that
it thinks are spam by putting a '{SPAM?}' at the start of the subject
line, as well as adding various X-Spam headers.

This is (apparently) a "Good Thing(TM)" for people that use MUAs that
automatically open attachments, view HTML, and all those evils that
make spammers life worthwhile.

However, I like my email unadulterated (what else is it changing?
Will it affect my SpamCop submissions?), and this change is entirely
outside my control.  Whilst we all would like to think that headers,
like message bodies are inviolate, they aren't.  :-(


What I'm offering to the thread: No solutions, just more problems.



Cheers,

S.

--TD8GDToEDw0WLGOL
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-cvs (GNU/Linux)

iH8EARECAD8FAj8yQ2Q4Gmh0dHA6Ly93d3cubGl2LmFjLnVrL35zdndyaWdodC9z
ZWN1cml0eS9ncGctcG9saWN5Lmh0bWwACgkQaBqfzTXbdHJiMwCfeSxjVukTf5yS
CJKX8KXKBlkChQQAn1GxNWXmO+8reeP4wRYaWLi0u/Ar
=Obsg
-----END PGP SIGNATURE-----
Signature policy: http://www.liv.ac.uk/~svwright/security/gpg-policy.html

--TD8GDToEDw0WLGOL--