At 10:45 PM 8/25/2013, Shawn K. Quinn wrote:
Though I think the following poster who suggested scanning the email itself for the PGP identifier might be more useful and less prone to being fooled by someone who just puts the header in there without actually encrypting.
Anybody who's putting in the header without doing the encryption is going out of their way to ask for trouble, and presumed to be doing it on purpose, whether for entrapment or denial of service or whatever. As long as you don't make it easy to do by accident, it's not a problem.
Also, headers don't have to be in a specific order, it's possible that "From:" or "Subject:" accidentally get moved ahead of "X-PGP-Encrypted:" by mistake and that would result in a false bounce.
The threat model I was worrying about was that if you get to From: or Subject:, and you're subject to an NSA Vacuum Cleaner Order, you've got potentially sensitive information about your users or their contacts that you could be forced to retain and turn over. You need to reject the message before you see that, which means checking the header keyword before you accept any characters past the :. And yeah, that means you could get false bounces, but hopefully anybody who's trying to hide their identity from the NSA will leave those headers out of the cleartext part of the message anyway. Ideally you don't even want the SMTP-level FROM keyword, but it's probably hard to get most MTAs not to send that one.