> I could almost bet my left index finger on the fact that 99%
> of those PGP-signatures are invalid. This is something that
> SA could exploit.
I'll profess some degree of ignorance about PGP signatures, but
does it matter if it's valid or not? Couldn't a spammer generate a
perfectly valid PGP signature and use it in their messages to get the
lower score?
IMHO, the PGP signature rule, like any the MTA rules and any
other rule that depends on everyone being "honest" in not monkeying
around with the message or adding stuff that could be legitmate by
"normal" users is one that shouldn't exist. Or at least not have such a
ridiculously negative score.
I've lowered the score to 0 in my configuration.
Chris
-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
