PGP messages getting flagged as spam

Dave Brondsema dave at brondsema.net
Tue Oct 16 04:51:45 CEST 2007



Ryan Malayter-2 wrote:
> 
> On 10/15/07, gabriel rosenkoetter <gr at eclipsed.net> wrote:
>> It's up o the site administrator to make use of SA rules that aren't
>> braindamaged. It's hardly the fault of the authors of SA if some
>> site decides to add 2.5 points to every message with a MIME
>> attachment, though you can, perhaps, see how that might be a naive
>> approach that works pretty well most of the time.
> 
> Another problem: automatically adding negative score to PGP data would
> make that an attractive tactic for spammers. If such a rule were
> popular in SpamAssasin, you'd see a lot of base64 encoded HTML spam
> with "fake" PGP headers, I imagine.
> 
> The real solution would be for SpamAssasin to check that the PGP
> messages are well-formed, and verify signatures on any PGP message
> before altering its score. A tad CPU intensive, I think, and it poses
> a host of key management and trust management issues if the
> SpamAssasin systems serves many users (which most do).
> 

I have started an OpenPGP plugin for SpamAssassin that could be useful to
assign a negative score to signed emails.  See
http://search.cpan.org/perldoc?Mail::SpamAssassin::Plugin::OpenPGP  I am
using it myself, but it is not complete and I wouldn't recommend using it in
production environment without some good testing.  And patches for it,
probably :) 

-- 
View this message in context: http://www.nabble.com/PGP-messages-getting-flagged-as-spam-tf4597896.html#a13225948
Sent from the GnuPG - User mailing list archive at Nabble.com.




More information about the Gnupg-users mailing list