filenames of encrypted attachments visible ? How hard would it be to hide?

Adrian von Bidder avbidder at fortytwo.ch
Fri Jan 9 08:44:01 CET 2004


(Hmm. kmail reported a bad signature  on your mail.)

On Tuesday 06 January 2004 08:20, Ivan Boldyrev wrote:
> On 8614 day of my life Adrian von Bidder wrote:
> > And the encrypted part is again a full MIME message, with
> > attachments and all.  So the only relevant bits that go over the
> > wire unencrypted are From/To (unavoidable to the extent of the email
> > addresses) and the Subject (I have a proposal that could address
> > this cooking slowly, I think I posted it in some places a few months
> > ago).
>
> Have you ever recieved spam with fake From and To headers?  There are
> headers and there is envelope in message, and latter is not visible to
> user.  So, you can user fake address in headers (or do not use headers
> at all) and real addresses in envelope (and envelope is visible only
> to transport agents, not delivery agents).

Ok, I agree I was oversimplifying it. But the gist of my message was: the 
message sender and recipient cannot be encrypted for obvious reasons. The 
envelope sender and recipients are available in the MUA, too, in most cases, 
btw:

Envelope recipient:
	Received: from trithemius.gnupg.org (trithemius.gnupg.org [217.69.76.44])
		by zbasel.fortytwo.ch (Postfix) with ESMTP id 347F56C
		for <avbidder at fortytwo.ch>; Thu,  8 Jan 2004 21:22:35 +0100 (CET)
and the sender:
	Return-Path: <gnupg-users-bounces at gnupg.org>

These headers are even added after the initial message submission, so there's 
nothing we could ever do with encryption.

So, using empty (or fake) From: and To: header buys you nothing but 
spamassassin score.

cheers
-- vbi

-- 
My goddesses all wear bikinis...
...or start out that way, at least.
        -- werner in news.admin.net-abuse.email
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 331 bytes
Desc: signature
Url : /pipermail/attachments/20040109/536b09da/attachment.bin


More information about the Gnupg-users mailing list