PGP messages getting flagged as spam

gabriel rosenkoetter gr at
Wed Oct 17 03:30:58 CEST 2007

At 2007-10-15 06:26 -0500, Ryan Malayter <malayter at> wrote:
> The real solution would be for SpamAssasin to check that the PGP
> messages are well-formed, and verify signatures on any PGP message
> before altering its score. A tad CPU intensive, I think, and it poses
> a host of key management and trust management issues if the
> SpamAssasin systems serves many users (which most do).

It's still a worthwhile check, assuming an appropriately weighted
system (valid PGP signatures don't necessarily mean I want to read
the email, so it's worth a few points, but definitely a less-than-1
fraction of my "not spam, deliver it" number). Given that the default
install of SA in most package distributions makes use of various
DNS[/RBL] checks, I'm pretty sure that CPU time isn't the compelling
factor. I'm happy to accept a 10 minute lag in my email delivery
(from or two, really) for a 95%+ reduction in email I didn't want
to have to delete manually.

At 2007-10-15 19:51 -0700, Dave Brondsema <dave at> wrote:
> I have started an OpenPGP plugin for SpamAssassin that could be useful to
> assign a negative score to signed emails.  See

I am interested in your project and excited by the concept, but I'm
pretty sure it will reach the point of Works Good Enough before I
have the free time to help. Good luck, though!

At 2007-10-15 16:32 +0200, Werner Koch <wk at> wrote:
> FWIW, a few weeks ago I received the first PGP signed spam.  The
> signature was good and I believe that it was sent using a trojan
> utilizing the local MUA which was configured to sign all outgoing mail.

It was only a matter of time.

gabriel rosenkoetter
gr at
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : /pipermail/attachments/20071016/7c023124/attachment.pgp 

More information about the Gnupg-users mailing list