At Fri Jun 27 15:27:18 2003, Chris Blaise wrote: > > > I could almost bet my left index finger on the fact that 99% > > of those PGP-signatures are invalid. This is something that > > SA could exploit. > > I'll profess some degree of ignorance about PGP signatures, but > does it matter if it's valid or not? Couldn't a spammer generate a > perfectly valid PGP signature and use it in their messages to get the > lower score?
They could do this. On the other hand, there's some computational cost in generating the PGP signature, which is going to slow down the spam run. Alternatively, if they use the same message body for all messages (and hence the same signature) they'll be hammered by Razor and similar checksum databases. Martin -- Martin Radford | "Only wimps use tape backup: _real_ [EMAIL PROTECTED] | men just upload their important stuff -o) Registered Linux user #9257 | on ftp and let the rest of the world /\\ - see http://counter.li.org | mirror it ;)" - Linus Torvalds _\_V ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
