filenames of encrypted attachments visible ? How hard would it be to hide?

Adrian von Bidder avbidder at
Fri Jan 9 08:44:01 CET 2004

(Hmm. kmail reported a bad signature  on your mail.)

On Tuesday 06 January 2004 08:20, Ivan Boldyrev wrote:
> On 8614 day of my life Adrian von Bidder wrote:
> > And the encrypted part is again a full MIME message, with
> > attachments and all.  So the only relevant bits that go over the
> > wire unencrypted are From/To (unavoidable to the extent of the email
> > addresses) and the Subject (I have a proposal that could address
> > this cooking slowly, I think I posted it in some places a few months
> > ago).
> Have you ever recieved spam with fake From and To headers?  There are
> headers and there is envelope in message, and latter is not visible to
> user.  So, you can user fake address in headers (or do not use headers
> at all) and real addresses in envelope (and envelope is visible only
> to transport agents, not delivery agents).

Ok, I agree I was oversimplifying it. But the gist of my message was: the 
message sender and recipient cannot be encrypted for obvious reasons. The 
envelope sender and recipients are available in the MUA, too, in most cases, 

Envelope recipient:
	Received: from ( [])
		by (Postfix) with ESMTP id 347F56C
		for <avbidder at>; Thu,  8 Jan 2004 21:22:35 +0100 (CET)
and the sender:
	Return-Path: <gnupg-users-bounces at>

These headers are even added after the initial message submission, so there's 
nothing we could ever do with encryption.

So, using empty (or fake) From: and To: header buys you nothing but 
spamassassin score.

-- vbi

My goddesses all wear bikinis...
...or start out that way, at least.
        -- werner in
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040109/536b09da/attachment.bin

More information about the Gnupg-users mailing list