lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
From: allan.vanleeuwen at orangemail.nl (allan.vanleeuwen@...ngemail.nl)
Subject: a PGP signed mail? Has to be spam!

But does the software actually check if it's a 'valid' pgp signature ?
Coz lots of spam these days have 'bogus pgp signatures', exactly BECAUSE a
lot of anti spam software flags them as 'non-spam'... So they use something
that LOOKS like a signature to fool the anti spam software....

Sorry about my english

Allan

-----Original Message-----
From: Eric Bowser [mailto:ebowser@...rap.net] 
Sent: woensdag 12 november 2003 16:47
To: onedo@....net
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] a PGP signed mail? Has to be spam!


The filtering service I sell considers PG signatures to be a plus, and
is less likely to get a SPAM hit.


On Tue, 2003-11-11 at 21:22, onedo@....net wrote:
> Hi everyone
> 
> I had to notice something today that really disturbed me. A friend of 
> mine(working for a very big company) complained, that she doesn't get any 
> mails from me anymore. It turned out, that apparently my mails went
straight 
> into the spam filter, as I signed everyone of them. When I sent unsigned 
> mails, she got them. What do we learn? Crypto is bad m'kay?
> But for real, does that mean that we won't be able to sign any mails
anymore 
> soon, due to the spam problem(and stupid admins)?
> 'EGovernment' is the big word everywhere nowadays. The electronic
signature is 
> mentioned as a way to ensure the credidibility of sender and receiver. Now

> what?
> Guys(and girls), the situation sucks. What do you think? And, most
important 
> of all, do you see any way to fight this behaviour? Because honestly, I 
> don't. 
> Greets
> 
> $me
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
-- 
Eric J. Bowser 
330.658.9858 direct 
330.658.0123 fax 

i-TRAP Internet Security Services 
888-658-TRAP toll-free 
330.658.1040 local 
www.i-trap.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
===========================================================
De informatie opgenomen in dit bericht kan vertrouwelijk zijn en is alleen
bestemd voor de geadresseerde. Indien u dit bericht onterecht ontvangt,
wordt u verzocht de inhoud niet te gebruiken en de afzender direct te
informeren door het bericht te retourneren. Hoewel Orange maatregelen heeft
genomen om virussen in deze email of attachments te voorkomen, dient u ook
zelf na te gaan of virussen aanwezig zijn aangezien Orange niet
aansprakelijk is voor computervirussen die veroorzaakt zijn door deze
email..

The information contained in this message may be confidential and is
intended to be only for the addressee. Should you receive this message
unintentionally, please do not use the contents herein and notify the sender
immediately by return e-mail. Although Orange has taken steps to ensure that
this email and attachments are free from any virus, you do need to verify
the possibility of their existence as Orange can take no responsibility for
any computer virus which might be transferred by way of this email.
===========================================================



Powered by blists - more mailing lists