Michael Monnerie wrote: > On Donnerstag, 6. April 2006 19:34 Bowie Bailey wrote: > > I think the real question is: "Is there a benefit to doing this?" > > I had an idea of a *really big* benefit: > > If SA checks the sig, and inserts into the header whether it's valid > or not, even clients *without* any GPG installation can have a check > if the message is > a) really from that sender > b) unmodified > > That alone would be enough reason for me to activate such a plugin, > even as a server hoster. A filter in the client for wrong sigs is > easy to do.
And if a spammer decides to spoof that header? The client has no way to distinguish between headers added before or after it came to your server. > Regarding CPU time: that's quite cheap nowadays, I'm running an old > AMD1700 with lots of other stuff apart SA, and even with 50GB traffic > a day the CPU is quite bored. Should there be a CPU problem I'd just > replace it, that's no big deal. I've never said that server speed is a reason not to implement it. My argument was simply that I don't see the point. No matter how fast your server is, there's no point in running an extra check that doesn't help you. And there is really no point in putting lots of time and energy into developing a plugin that isn't going to have a significant effect on your spam detection. But at the end of the day, it's your decision. If you think this check will help you, by all means, go for it! -- Bowie
