----- BEGIN PGP SIGNED MESSAGE ----- At 05:33 AM 9/13/2004, Ben Laurie wrote:
Bill Stewart wrote:
I find it more annoying that there are spammers putting PGP headers in their messages, knowing that most people who use PGP assume PGP-signed mail is from somebody genuine and whitelist it.
Surely you should check that: a) The signature works b) Is someone in your list of good keys before whitelisting?
My terminology was a bit sloppy, but until recently, you could use the presence of PGP format indicators as a whitelist entry, or at least a SpamAssassin good weight - spammers didn't use the stuff, and the worst would be quasi-spam like Yet Another Invitation to some crypto-industry marketroid's seminar. It might be a rant from Detweiler or some other cypherpunk that you bozofilter, but at least that was a job for your email program to sort out, not your first-tier spamfilter. Besides, with most email clients, you can't check the PGP information without opening the email (more obviously true for PGP encrypted mail than signed mail), so the email filters just go for basic syntax. Bill Stewart bill.stewart@pobox.com -----END PGP SIGNED MESSAGE----- LKJEDGFDAFKLHFDSAFDSLAFHLKDFHLKJDHFHLDSKFHLKDHFLKDHFKLFDSFLDSFHDX DASHFLDSFHDSFKLFDSLKFLKDJSFKLSDHFLKJHDFLKJFJKDSHFDLKJHFDLKSHFLDSK BADSIGNATUREBADSIGNATUREBADSIGNATURENODOUGHNUTBADSIGNATUREBADSIGN -----END PGP SIGNATURE-----