No... I'm not suggesting anything about PGP sigs. What (I think) happened here was that a marginally passable PGP sig was buried in the HTML portion of the message. I almost didn't see it. So not only do I question the negative value on a PGP sig, I'm noting that this is a suspicious sig that slipped past as a "good" one.
On Wed, 25 Jun 2003, Jonathan Vanasco wrote: > > How can you suggest incorporating a PGP into the ruleset though? > > You can check if its a valid length, but then spammers will use valid > PGP sigs. > You can't pointify all PGP sigs, because lots of valid mail is signed > w/a PGP > > So you can either: > Remove the negative points for PGP sigs -- essentially ignoring them > to SA > Have a PGP + something else test -- if PGP && VIAGRA > > I get a fair amount of PGP signed messages every day. So i'd look > into #2 -- but I dont have the time or energy to modify that much of > spamassassin -- creating a class of 'spam only' rules, then doubling > their points if they contain a PGP sig (valid or not) > > > > On Wednesday, June 25, 2003, at 10:17 AM, Jack Gostl wrote: > > > > > A message just slipped through, no text, just an image. It slipped > > through > > with a ridiculously low score, minus .6 > > > > When I expanded the headers, I found that the message got through > > mostly > > because of the following. > > > > USER_AGENT_MSN (-2.3 points) Headers indicate valid mail from MSN > > PGP_SIGNATURE (-2.3 points) Contains a PGP-signed message > > > > I looked at the message, and found a fake PGP signature buried in the > > HTML! (See below!) > > > > <br><br> > > <p><font size="2" color=white> > > -----BEGIN PGP SIGNATURE----- > > i3A/A9UAPmf7ZbesiT+lEZdqEQJJ6QCeJcBgl19C3ErrfhM3h7z5Kg49xU89oKHG > > L79MJrvpvQ0ofECdfGbuRfwe > > =u41Z > > -----END PGP SIGNATURE----- > > <br> > > > > > > There was also almost seven lines jibberish to throw of the Bayes > > recognizer. > > > > The fake signature was a cute idea. I think it has to be incorporated > > into > > the scoring. I'm worried about the gibberish though. > > > > Body of the message available upon request. > > > > -- > > > > Jack Gostl [EMAIL PROTECTED] > > > > > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: INetU > > Attention Web Developers & Consultants: Become An INetU Hosting > > Partner. > > Refer Dedicated Servers. We Manage Them. You Get 10% Monthly > > Commission! > > INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php > > _______________________________________________ > > Spamassassin-talk mailing list > > [EMAIL PROTECTED] > > https://lists.sourceforge.net/lists/listinfo/spamassassin-talk > > > -- Jack Gostl [EMAIL PROTECTED] ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
