"cypherpunks write code", wasn't it? :) here's my first proposal. a simple perl script that should find out whether any given message (piped from stdin) is a PGP message or not. it does NOT accept messages with more than 10 non-blank, non-encrypted lines. why? well, you might have a few lines of .sig, but we don't want to accept your spam simple because you have three fake PGP-lines at the bottom, right? I'm not a perl-guru, so this can most likely be reduced to less than half the space. :) and no, it's NOT an algorithm that can check whether something is plain- or ciphertext. it's for PGP messages ONLY. please tell me whether or not you find a way to make it accept spam as legitimate, or deny a PGP mail. #!/usr/bin/perl $is_crypted=false; $stage=0; $body=0; $lines=0; $lines_fit=0; $other_lines=0; while (<>) { if ($body==0&&/^$/) { $body=1; } if ($body==0) { next; } if ($stage==0&&/^-----BEGIN PGP MESSAGE-----$/) { $stage=1; next; } if ($stage==1&&//) { $stage=2; next; } if ($stage==2&&/^-----END PGP MESSAGE-----$/) { if ($lines_fit+3>$lines) { $stage=3; } else { print "malformed PGP message\n"; exit 1; } } if ($stage==2&&/^(.*)$/) { $line=$1; $line =~ s/ //g; if (length($line)>0) { $lines++; } if (length($line)==64) { $lines_fit++; } next; } $other_lines++; } if ($other_lines>10) { print "too many non-encrypted lines\n"; exit 1; } if ($stage==3) { exit 0; } else { print "not a PGP message\n"; exit 1; }