Ryan Malayter-2 wrote: > > On 10/15/07, gabriel rosenkoetter <[EMAIL PROTECTED]> wrote: >> It's up o the site administrator to make use of SA rules that aren't >> braindamaged. It's hardly the fault of the authors of SA if some >> site decides to add 2.5 points to every message with a MIME >> attachment, though you can, perhaps, see how that might be a naive >> approach that works pretty well most of the time. > > Another problem: automatically adding negative score to PGP data would > make that an attractive tactic for spammers. If such a rule were > popular in SpamAssasin, you'd see a lot of base64 encoded HTML spam > with "fake" PGP headers, I imagine. > > The real solution would be for SpamAssasin to check that the PGP > messages are well-formed, and verify signatures on any PGP message > before altering its score. A tad CPU intensive, I think, and it poses > a host of key management and trust management issues if the > SpamAssasin systems serves many users (which most do). >
I have started an OpenPGP plugin for SpamAssassin that could be useful to assign a negative score to signed emails. See http://search.cpan.org/perldoc?Mail::SpamAssassin::Plugin::OpenPGP I am using it myself, but it is not complete and I wouldn't recommend using it in production environment without some good testing. And patches for it, probably :) -- View this message in context: http://www.nabble.com/PGP-messages-getting-flagged-as-spam-tf4597896.html#a13225948 Sent from the GnuPG - User mailing list archive at Nabble.com. _______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
