On Tue, May 11, 2004 at 10:49:47AM +0200, Bartosz Fenski aka fEnIo scribbled: [snip] > > > Well I was asking generaly. What if almost every future spam would > > > consist of some image and GPG signature? > > Each of those elements have some constant characteristic. In fact, having > > spam signed with GPG would make it easier to filter out - you could have > > your LDA check the signature, verify it and cast away should it fail > > verification. > > It's not so easy. In fact checking GPG signatures when fetchmail > downloads mails will kill my machine. You don't have to do it when fetchmail is fetching them, I suppose. It could as well be done in your MUA, I think. > Right now after night I have to download about 200 mails. Bayesian > filtering + procmail takes my machine about 10-15 minutes to sort out > this. With GPG signatures I will have to get up one hour earlier ;) May I ask why aren't you filtering on your server? > > > Filtering every such mail isn't a solution for me. > > How come? You have to filter every mail in order to see whether it's spam or > > not anyway... > > Yes but there are less or more complicated filtering solutions. > Sure I can write very complicated rules for procmail + bogofilter > + spamassasin + gnupg checks + <put whatever you want>, but hey... every > check needs CPU power and harddrive access. You got that right, the programs you listed above can take all of your CPU, indeed :) But how about integrating PGP/GPG checking (not necessarily with gnupg) inside the spam filter? And rather not one written in Perl? > > There is a tool that does a very good job for keeping spam > > away from your box if you're willing to put some effort in configuring it > > (I'm not using it personally, but my boss is - with a great success) - > > http://www.tmda.net/ > > That looks interesting. Thanks for pointing it out to me. I can certify it works well - my boss is subscribed to as many mailing lists as I am, and yet he receives 1 (_one_) spam/week on average. > > > In fact mails with GPG signatures had some possitive score in my > > > procmail. Now I have to remove it :/ > > I don't think it is a good idea anyway, it's like leaving a passage for > > possible spam. > > Yes... but this worked perfectly so far... Mail mentioned by me was the > *first* GPG signed spam I ever seen ;) Do you have a pristine copy of the message perhaps? regards, marek
Attachment:
signature.asc
Description: Digital signature