PGP messages getting flagged as spam

Mark H. Wood mwood at IUPUI.Edu
Fri Oct 19 15:11:19 CEST 2007


On Thu, Oct 18, 2007 at 11:56:59PM -0400, Jason Harris wrote:
> On Wed, Oct 17, 2007 at 09:34:34AM +0200, Sven Radde wrote:
> > Probably true, but how will spammers get signatures on their stuff that
> > are valid *for me*? They would have to compromise one of the keys that
> > are valid on my keyring or one that would be considered trustworthy by
> > means of the web-of-trust.
> 
> Why not just take some signed content from a key in the strong set,
> like this message, and add some unsigned spam to it?  It would be
> a great way to ruin keys by making them "spam-keys."

Why?  I mean, what evidence is there that the owner of the key used to
sign the signed content had anything to do with the unsigned content?
Signed content in the interior of a message conveys no information
about the trust one might choose to assign to the rest of the message.

A properly written rule shouldn't care that there is signed content
inside an unsigned message.

-- 
Mark H. Wood, Lead System Programmer   mwood at IUPUI.Edu
Typically when a software vendor says that a product is "intuitive" he
means the exact opposite.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20071019/3a88fd38/attachment.pgp 


More information about the Gnupg-users mailing list