filenames of encrypted attachments visible ? How hard would it be to hide?

Eugene Smiley eugene at esmiley.net
Thu Jan 8 18:58:50 CET 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ivan Boldyrev wrote:
> On 8614 day of my life Adrian von Bidder wrote:
>
>> And the encrypted part is again a full MIME message, with
>> attachments and all.  So the only relevant bits that go over the
>> wire unencrypted are From/To (unavoidable to the extent of the
>> email addresses) and the Subject (I have a proposal that could
>> address this cooking slowly, I think I posted it in some places a
>> few months ago).
>
> Have you ever recieved spam with fake From and To headers?  There
> are headers and there is envelope in message, and latter is not
> visible to user.  So, you can user fake address in headers (or do
> not use headers at all) and real addresses in envelope (and
> envelope is visible only to transport agents, not delivery agents).

You make a good point, but if you use fake addresses you can neither
expect anonymity nor for your message to get delivered. Some MTAs
insert a header <Apparently-To>. Some recipients choose to delete
emails with faked To: and From: headers...


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-nr2 (Windows XP)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE//e636QPtAqft/S8RAtpcAKDpQPk1YpK57GamSEtwett2U4AEDQCg1ThP
kX+XAXodzSpsRrAicvBP0hg=
=HIQZ
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3553 bytes
Desc: S/MIME Cryptographic Signature
Url : /pipermail/attachments/20040108/43f0de7a/smime.bin


More information about the Gnupg-users mailing list