Re: Mail::SpamAssassin::Plugin::OpenPGP (fwd)

[Dave Brondsema <da...@brondsema.net>]

Coming in a months late, after happening across the thread in the
archives and deciding I should be on the mailing list anyway.  See
response below

Giampaolo Tomassoni wrote:
>> -----Messaggio originale-----
>> Da: jm@jmason.org [mailto:jm@jmason.org]
>>
>> Dave Brondsema writes:
>>
>>> Mail::SpamAssassin::Plugin::OpenPGP is a SpamAssassin plugin that
>>> validates PGP signed email. It also adds some mail-specific
>> validation:
>>> it requires the From: address to be one of the addresses on the
>> signer's
>>> key, and that the Date: is close to the date of the signature.
>>>
>>> It's only version 1.0.0 and I'm not even using it myself (yet), but
>> it
>>> passes 17 functional/acceptance tests. I'd appreciate any feedback.
>> http://brondsema.net/blog/index.php/2007/04/02/first_release_of_a_pgp_p
>> lugin_for_spamas
>>
>> Sounds interesting!
> 
> May I ask which is its purpose? Perhaps is it meant to lower the score of
> validly signed mails?
> 
> Thanks,
> 

Yep, I wrote it so I could lower the score of emails with good
signatures.  I am using it myself now and for example these are the
rules I use:

score OPENPGP_SIGNED -1
# this will total to -3
score OPENPGP_SIGNED_GOOD -2
# this will total to 0
score OPENPGP_SIGNED_BAD 1

I'm also planning on using this plugin (along with the DKIM and SPF
plugins eventually) as authentication methods for a Konfidi plugin.
(Konfidi is a trust framework that computes inferred trust values from a
social network of authenticated people; see http://konfidi.org/).  The
goal is that if an email author can be identified (via SPF, DKIM or
PGP), then the Konfidi server is queried to see if the person is trusted
in your network, and the email can be given a low score.  In a sense,
its like having a distributed network by sharing your "whitelist_auth"s.

-- 
Dave Brondsema : dave@brondsema.net
http://www.brondsema.net : personal
http://www.splike.com : programming
               <><