Full Disclosure mailing list archives
Re: a PGP signed mail? Has to be spam!
From: Michael Gale <michael () bluesuperman com>
Date: Tue, 11 Nov 2003 19:59:14 -0700
Hello,
This has become a major issue lately, the problem is that before, lets
say about 6months ago. Spam filters would not block PGP signed mail and
block base64 encoded messages. Mostly because PGP mail got a low rating
or the SPAM filter did not know what to do with the message. The same
with base64 encoded e-mails, a large amount of anti-spam tools did not
decode the base64 message, check it for spam and then send it on.
So now spammers have started PGP signing e-mails to get past the spam
filters. So now some system admins have added filters to block all PGP
signed mail or give it a high value.
The solve this problem is not a easy task, most system admins do not
want to / don't have the - time to properly setup a anti-spam server,
train local users and go through e-mail marked as spam to look for false
positives - they simple delete it or send it to a spam account which
will never get looked at until someone complaines.
Most admins just want a out of the box spam server - so this is what
happens. User based whitelist is one of the leading solutions, this way
you can have a global policy with user based added whitelist.
Again - training to fully understand anti-spam techniques and time to
implement.
Michael.
On Wed, 12 Nov 2003 03:22:25 +0100
onedo () gmx net wrote:
Hi everyone I had to notice something today that really disturbed me. A friend of mine(working for a very big company) complained, that she doesn't get any mails from me anymore. It turned out, that apparently my mails went straight into the spam filter, as I signed everyone of them. When I sent unsigned mails, she got them. What do we learn? Crypto is bad m'kay? But for real, does that mean that we won't be able to sign any mails anymore soon, due to the spam problem(and stupid admins)? 'EGovernment' is the big word everywhere nowadays. The electronic signature is mentioned as a way to ensure the credidibility of sender and receiver. Now what? Guys(and girls), the situation sucks. What do you think? And, most important of all, do you see any way to fight this behaviour? Because honestly, I don't. Greets $me _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- a PGP signed mail? Has to be spam! onedo (Nov 11)
- Re: a PGP signed mail? Has to be spam! Peter Moody (Nov 11)
- Re: a PGP signed mail? Has to be spam! Damian Gerow (Nov 11)
- Re: a PGP signed mail? Has to be spam! Ciro (Nov 11)
- Re: a PGP signed mail? Has to be spam! Nick FitzGerald (Nov 12)
- Re: a PGP signed mail? Has to be spam! Michael Gale (Nov 11)
- Re: a PGP signed mail? Has to be spam! Scott Taylor (Nov 11)
- Re: a PGP signed mail? Has to be spam! Michael Gale (Nov 11)
- Re: a PGP signed mail? Has to be spam! Daniel (Nov 11)
- Re: a PGP signed mail? Has to be spam! Michael Gale (Nov 11)
- Re: a PGP signed mail? Has to be spam! Steffen Kluge (Nov 11)
- Re: a PGP signed mail? Has to be spam! Michael Gale (Nov 11)
- Re: a PGP signed mail? Has to be spam! Chris Ruvolo (Nov 12)
- Re: PGP signed mail? Has to be spam! onedo (Nov 12)
- Re: PGP signed mail? Has to be spam! Shawn McMahon (Nov 13)
- Re: a PGP signed mail? Has to be spam! Peter Moody (Nov 11)