|Damn those spammers
||[May. 30th, 2004|08:29 pm]
Just now, I got a most enterprising spam (which I'll happily email to anyone who's interested). Multipart MIME message, plain text part which contained a PGP signature, HTML part with the spam message, and a GIF.|
The GPG signature was forged, but claimed to be from someone respectable looking and moderately present in the web of trust.
So, I guess spamassassin is now going to have to check for valid GPG signatures, rather than just them being present. Bah
Update: Alex Gough has pointed out that he thought of something like this a little while ago. I guess the difference to his idea is scale, but only a matter of time - not everyone has PGP keys, but many more people have spamassassin (or similar) which regard PGP signatures as a good sign. Any bets on how long until his idea does actually happen?