Coming in a months late, after happening across the thread in the archives and deciding I should be on the mailing list anyway. See response below
Giampaolo Tomassoni wrote: >> -----Messaggio originale----- >> Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] >> >> Dave Brondsema writes: >> >>> Mail::SpamAssassin::Plugin::OpenPGP is a SpamAssassin plugin that >>> validates PGP signed email. It also adds some mail-specific >> validation: >>> it requires the From: address to be one of the addresses on the >> signer's >>> key, and that the Date: is close to the date of the signature. >>> >>> It's only version 1.0.0 and I'm not even using it myself (yet), but >> it >>> passes 17 functional/acceptance tests. I'd appreciate any feedback. >> http://brondsema.net/blog/index.php/2007/04/02/first_release_of_a_pgp_p >> lugin_for_spamas >> >> Sounds interesting! > > May I ask which is its purpose? Perhaps is it meant to lower the score of > validly signed mails? > > Thanks, > Yep, I wrote it so I could lower the score of emails with good signatures. I am using it myself now and for example these are the rules I use: score OPENPGP_SIGNED -1 # this will total to -3 score OPENPGP_SIGNED_GOOD -2 # this will total to 0 score OPENPGP_SIGNED_BAD 1 I'm also planning on using this plugin (along with the DKIM and SPF plugins eventually) as authentication methods for a Konfidi plugin. (Konfidi is a trust framework that computes inferred trust values from a social network of authenticated people; see http://konfidi.org/). The goal is that if an email author can be identified (via SPF, DKIM or PGP), then the Konfidi server is queried to see if the person is trusted in your network, and the email can be given a low score. In a sense, its like having a distributed network by sharing your "whitelist_auth"s. -- Dave Brondsema : [EMAIL PROTECTED] http://www.brondsema.net : personal http://www.splike.com : programming <><
signature.asc
Description: OpenPGP digital signature
