PGP messages getting flagged as spam
Mark H. Wood
mwood at IUPUI.Edu
Fri Oct 19 15:11:19 CEST 2007
On Thu, Oct 18, 2007 at 11:56:59PM -0400, Jason Harris wrote:
> On Wed, Oct 17, 2007 at 09:34:34AM +0200, Sven Radde wrote:
> > Probably true, but how will spammers get signatures on their stuff that
> > are valid *for me*? They would have to compromise one of the keys that
> > are valid on my keyring or one that would be considered trustworthy by
> > means of the web-of-trust.
>
> Why not just take some signed content from a key in the strong set,
> like this message, and add some unsigned spam to it? It would be
> a great way to ruin keys by making them "spam-keys."
Why? I mean, what evidence is there that the owner of the key used to
sign the signed content had anything to do with the unsigned content?
Signed content in the interior of a message conveys no information
about the trust one might choose to assign to the rest of the message.
A properly written rule shouldn't care that there is signed content
inside an unsigned message.
--
Mark H. Wood, Lead System Programmer mwood at IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20071019/3a88fd38/attachment.pgp
More information about the Gnupg-users
mailing list