PGP messages getting flagged as spam
malayter at gmail.com
Mon Oct 15 13:26:08 CEST 2007
On 10/15/07, gabriel rosenkoetter <gr at eclipsed.net> wrote:
> It's up o the site administrator to make use of SA rules that aren't
> braindamaged. It's hardly the fault of the authors of SA if some
> site decides to add 2.5 points to every message with a MIME
> attachment, though you can, perhaps, see how that might be a naive
> approach that works pretty well most of the time.
Another problem: automatically adding negative score to PGP data would
make that an attractive tactic for spammers. If such a rule were
popular in SpamAssasin, you'd see a lot of base64 encoded HTML spam
with "fake" PGP headers, I imagine.
The real solution would be for SpamAssasin to check that the PGP
messages are well-formed, and verify signatures on any PGP message
before altering its score. A tad CPU intensive, I think, and it poses
a host of key management and trust management issues if the
SpamAssasin systems serves many users (which most do).
More information about the Gnupg-users