Deliberate false signatures in spam?
Jason Harris
jharris@widomaker.com
Mon Jul 21 23:21:02 2003
--jRHKVT23PllUwdXP
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon, Jul 21, 2003 at 03:48:11PM -0500, Kyle Hasselbacher wrote:
> I wonder if SpamAssassin can do multi-line patterns. If so, you could get
> it to match PGP signatures more strictly. That would have stopped this,
If not, one could add separate checks for
/^-----BEGIN PGP SIGNED MESSAGE-----$/ and/or MIME-wrapped,
PGP-signed content.
> but not a more carefully created fake. To make it really work, you'd have
> to be able to really verify the signature.
At most, I'd send it through pgpdump[.net] and see if it produces
a keyid. If it does, I'd be willing to investigate further, block
messages purportedly signed by certain keys, etc. However, I wouldn't
automatically run GPG to check incoming messages.
--=20
Jason Harris | NIC: JH329, PGP: This _is_ PGP-signed, isn't it?
jharris@widomaker.com | web: http://jharris.cjb.net/
--jRHKVT23PllUwdXP
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (FreeBSD)
iD8DBQE/HFmASypIl9OdoOMRAuNIAJwI3O7GL1ZinvO5yaBrCaHq9pwfeQCfY2v8
17IhQgicdbbPCf+sDN3rgd8=
=WEcH
-----END PGP SIGNATURE-----
--jRHKVT23PllUwdXP--