Dr. Dimitri Vulis wrote: | I said, Carol can *forge* the RFC 822 header, so her e-mails look like they | came from Bob, and use the body from Bob's authentic PGP-signed message. Yes, this is possible. No, I'm not going to take the time to write a fix now, but, we both know its not tough to prevent. Take the hash of the pgp signed message, use it to filter on. I'll occaisonally add text outside a signature (literally, a postscript), so filtering out everything outside the signed text is a bad idea. You might get a few spams, but not hundreds. Its tough to ensure that mail always has an envelope that matches the key. I still use a key that say adam@bwh.harvard.edu, but most of my mail is signed with an adam@homeport.org key. Cryptography can't solve social problems. It can, however, transform them into tougher problems for the anti-social. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume