Deliberate false signatures in spam?

Jason Harris
Mon Jul 21 23:21:02 2003

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Mon, Jul 21, 2003 at 03:48:11PM -0500, Kyle Hasselbacher wrote:

> I wonder if SpamAssassin can do multi-line patterns.  If so, you could get
> it to match PGP signatures more strictly.  That would have stopped this,

If not, one could add separate checks for
/^-----BEGIN PGP SIGNED MESSAGE-----$/ and/or MIME-wrapped,
PGP-signed content.

> but not a more carefully created fake.  To make it really work, you'd have
> to be able to really verify the signature.

At most, I'd send it through pgpdump[.net] and see if it produces
a keyid.  If it does, I'd be willing to investigate further, block
messages purportedly signed by certain keys, etc.  However, I wouldn't
automatically run GPG to check incoming messages.

Jason Harris          | NIC:  JH329, PGP:  This _is_ PGP-signed, isn't it? | web:

Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.1 (FreeBSD)