Full Disclosure mailing list archives
Re: a PGP signed mail? Has to be spam!
From: Michael Gale <michael () bluesuperman com>
Date: Tue, 11 Nov 2003 21:39:26 -0700
Hello, But public keys are only valid if you trust them -- the points in just because a person signs a e-mail with a PGP key and the key matches the from address does not mean it is NOT spam. E-mail from spammers do not usually have valid from addresses - so the PGP key can match the fake from addresses with out a problem. So again -- a PGP signed message is as trust worthy as the from address of the spammer is. The only reason my from address did not match my PGP key is because I can not post to the list if my from address is not michael () bluesuperman com Also -- having a mail server check PGP sig's on e-mails it NOT an option -- think of the over head, the delay and time out if the server does not exist or no response. This would cause major mailq build up's and could easier crash a mail system. Anti-spam tools - DCC, Razor, RBL, Bayesian Statistical Token Analysis and then whitelist and blacklist. Not PGP checks. Michael. On Wed, 12 Nov 2003 04:24:11 +0000 "Daniel" <dan () lockedbox net> wrote:
Michael Gale <michael () bluesuperman com> wrote:Hello, Do you know how PGP signatures work, you need to have the person who signed it / created the PGP sig to somehow securely provide you with their key to validate it.Ummm, no, that is why we have public/private keys. The private key can be used to sign and the public key used to verify. Yes you can create a key from an address that is not your own. But if you recieve a message from bill () microsoft com you would exspect a key to say the same. Regards, Daniel B. ---------------------------------------- Please do not send me Word or PowerPoint attachments. See http://www.fsf.org/philosophy/no-word-attachments.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- a PGP signed mail? Has to be spam! onedo (Nov 11)
- Re: a PGP signed mail? Has to be spam! Peter Moody (Nov 11)
- Re: a PGP signed mail? Has to be spam! Damian Gerow (Nov 11)
- Re: a PGP signed mail? Has to be spam! Ciro (Nov 11)
- Re: a PGP signed mail? Has to be spam! Nick FitzGerald (Nov 12)
- Re: a PGP signed mail? Has to be spam! Michael Gale (Nov 11)
- Re: a PGP signed mail? Has to be spam! Scott Taylor (Nov 11)
- Re: a PGP signed mail? Has to be spam! Michael Gale (Nov 11)
- Re: a PGP signed mail? Has to be spam! Daniel (Nov 11)
- Re: a PGP signed mail? Has to be spam! Michael Gale (Nov 11)
- Re: a PGP signed mail? Has to be spam! Steffen Kluge (Nov 11)
- Re: a PGP signed mail? Has to be spam! Michael Gale (Nov 11)
- Re: a PGP signed mail? Has to be spam! Chris Ruvolo (Nov 12)
- Re: PGP signed mail? Has to be spam! onedo (Nov 12)
- Re: PGP signed mail? Has to be spam! Shawn McMahon (Nov 13)
- Re: a PGP signed mail? Has to be spam! Peter Moody (Nov 11)
- Re: a PGP signed mail? Has to be spam! Valdis . Kletnieks (Nov 12)
- <Possible follow-ups>
- RE: a PGP signed mail? Has to be spam! allan . vanleeuwen (Nov 12)