> I could almost bet my left index finger on the fact that 99% > of those PGP-signatures are invalid. This is something that > SA could exploit.
I'll profess some degree of ignorance about PGP signatures, but does it matter if it's valid or not? Couldn't a spammer generate a perfectly valid PGP signature and use it in their messages to get the lower score? IMHO, the PGP signature rule, like any the MTA rules and any other rule that depends on everyone being "honest" in not monkeying around with the message or adding stuff that could be legitmate by "normal" users is one that shouldn't exist. Or at least not have such a ridiculously negative score. I've lowered the score to 0 in my configuration. Chris ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk