[EMAIL PROTECTED] (Justin Mason) writes: > For PGP/GPG to be useful as an unforgeable bonus-points mechanism, it > needs key distribution. We can no longer just say "it has *some* > PGP signature" -- because spammers are actively forging them, cutting > them from other mails, etc. as far as I know the only way to really > validate the sig is to (a) ensure the public key is on the keyring > and (b) run pgp/gpg at that point.
If the message body contains a small number of email addresses, including that of the recipient, and has a valid signature, I think that's enough -- it should be a valid proof of work. Daniel -- Daniel Quinlan anti-spam (SpamAssassin), Linux, and open http://www.pathname.com/~quinlan/ source consulting (looking for new work) ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
