filenames of encrypted attachments visible ? How hard would it
be to hide?
Adrian von Bidder
avbidder at fortytwo.ch
Fri Jan 9 08:44:01 CET 2004
(Hmm. kmail reported a bad signature on your mail.)
On Tuesday 06 January 2004 08:20, Ivan Boldyrev wrote:
> On 8614 day of my life Adrian von Bidder wrote:
> > And the encrypted part is again a full MIME message, with
> > attachments and all. So the only relevant bits that go over the
> > wire unencrypted are From/To (unavoidable to the extent of the email
> > addresses) and the Subject (I have a proposal that could address
> > this cooking slowly, I think I posted it in some places a few months
> > ago).
>
> Have you ever recieved spam with fake From and To headers? There are
> headers and there is envelope in message, and latter is not visible to
> user. So, you can user fake address in headers (or do not use headers
> at all) and real addresses in envelope (and envelope is visible only
> to transport agents, not delivery agents).
Ok, I agree I was oversimplifying it. But the gist of my message was: the
message sender and recipient cannot be encrypted for obvious reasons. The
envelope sender and recipients are available in the MUA, too, in most cases,
btw:
Envelope recipient:
Received: from trithemius.gnupg.org (trithemius.gnupg.org [217.69.76.44])
by zbasel.fortytwo.ch (Postfix) with ESMTP id 347F56C
for <avbidder at fortytwo.ch>; Thu, 8 Jan 2004 21:22:35 +0100 (CET)
and the sender:
Return-Path: <gnupg-users-bounces at gnupg.org>
These headers are even added after the initial message submission, so there's
nothing we could ever do with encryption.
So, using empty (or fake) From: and To: header buys you nothing but
spamassassin score.
cheers
-- vbi
--
My goddesses all wear bikinis...
...or start out that way, at least.
-- werner in news.admin.net-abuse.email
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040109/536b09da/attachment.bin
More information about the Gnupg-users
mailing list