> Am 2008-05-20 19:48:46, schrieb Twayne: >> empty post/e-mail unless there is a compelling reason to do so. And >> there isn't, here. The first time someone gets sucked in by a poser >> who used, say, PGP, to make it look like just another blank post >> with an attachment from her and it actually turns out to be have a >> malicious palyload, well, ... . There is a very good and relevant >> reason that I read posts AND e-mails as 7-bit text only; it's called >> common sense. Allowing a blank e-mail with an attachment to >> appear is a great way >> to make sure the mainstream of users ignore reading your posts. >> Which I now again will do, my curiousity now sated. > > My mail is NOT an attachment and it is RFC-Compliant. Please use > the MS OE Signature extension or a RFC compliant Mailreader.
I shall use whatever reader I prefer to use thank you, and can think for myself. You should stick to the content of the posts rather than try to be confrontational. OE is one of the mail clients that will indeed see your posts as an empty post with an attachment to it. Although it's only one such client, it's the client that happens to have the vast majority of the market for its users. Regardless of the how/why, that is the factual situation. So, you can say you don't "send" your mails an attachments, but, due to your machinations, they are "received" as attachments by anyone using a client such as OE and a few others. It's your own choice whether you wish to accept this as a fact and react to it, or ignore it for the reasons stated multiple times already. It's a choice you make. > > I get per day over 140.000 spams and valid GPG signed messages are > an indice that my messages are not spam. One has nothing to do with the other. If you are receiving over 140,000 (assuming your "." was supposed to be a "," to indicate thousands), or even if it's only 140/day, it has no relevance to your messages being spam or not. Using PGP to "sign" a message, additionally, does not in any way assure anyone that the mail isn't spam. Spammers can use/forge/lie about PGP as easily as anyone can and it's meaningless in that way. It's part of what's called "safe hex" to never open any unexpected/unexplained attachment from anyone especially when it arrives as a blank post with a file attached to it. Taking only OE as an example, since they have 90%+ of the market, that means the majority of people will see your message as blank but with an attachment; something never to be touched/opened. In fact, I adhere to that myself even though I've been a spam fighter for over a decade now. Spammers might be stupid, but they aren't dumb. It would be almost trivial to forge a message as though it came from you and to attach a payload to it that fires upon opening it. PGP will not protect against that. However, reading your post in Plain Text Only as I do, would in fact prevent nearly every attempt at such a thing. Anything executable requires 8-bits so unless it's hidden in the Subject line it isn't likely to be triggered by a userbecause hopefully AV will catch it in a Header line, but not always, just almost always. Nothing is ever 100%. > > And of curse, while all incoming messages get into a queue which > delay message delivery up to several hours GPG signed messages are > going directli through without being queued. I don't know what you meant by that. Whether a message is PGP signed or not has nothing to do with bypassing any queue or going "directli" through without being queued. Any message that arrives while others are being processed queus up, in the order they arrive in. Even when there is only one message, it still goes through the queuing process, although it's a short trip when it's the only data to pass. PGP messages aren't treated any different than any other mesage in the datastream. I think I'll probably make this my last comment because things are beginning to go off on some pretty far fetched tangents now and aren't likely to go anywhere positive. If you're really interested in this sort of thing, might I suggest some research in the Wikipedia and then Google, and then, once you have the jargon down, even go into the Request for Comments (RFC's) if you'd like to go that far. Beware, the RFC's are like reading gvt articles; you can never depend on any single sentence to be true until you have read the entire thing to catch all the nuances that may affect it. Knowledge is power. If you have trouble locating good links, I'd be willing to provide some for you; you need only ask. Regards, Twayne > > Thanks, Greetings and nice Day > Michelle Konzack > Systemadministrator > 24V Electronic Engineer > Tamay Dogan Network > Debian GNU/Linux Consultant --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
