On Mon, 21 Jul 2003 13:54:11 EDT, KF <[EMAIL PROTECTED]> said: > Has anyone noticed alot of spam coming in recently with pgp sigs > attached? What would be the benefit of doing that?
Bypassing spam filters that think that anything that's got a 'BEGIN PGP SIGNATURE' line is non-spam. Note that most filters just do a regexp and don't bother checking if it's a *valid* signature... > <font color=3D"#FFFFFF"> > -----BEGIN PGP SIGNATURE----- > version: pgpfreeware 6.5.2 for non-commercial use <http://www.pgp.com> > > ksie8fg4j8r7m3s9od5h2ixrqheaqqa3ysepsq0xzdhzuvskfdktfpe9xs4fhqs > wacj49dk6u883sxo4kb9u6/jnjdx6cjqnzxpetxk9b2dogll/c/60hwrpn+vujdu > xav65sop+px4knaqcciecamqj7ugcsw+cqmpnbxwyatymjafkbkh1eulc2vrwdmd > cjdi57fh43ks9cm78h4t > -----END PGP SIGNATURE----- > </font> For bonus points, note the lack of a '--- BEGIN PGP SIGNED MESSAGE', or other indication of exactly what data is covered by the signature. Our spammer is certainly not following RFC3156 ;) Oh, and it doesn't even look like a valid signature: % gpg --list-packets foo.sig gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: invalid radix64 character 2d skipped gpg: onepass_sig with unknown version 56 gpg: no valid OpenPGP data found. If anybody is surprised by *that*, they've probably just fallen out of a tree.... ;)
pgp00000.pgp
Description: PGP signature
