GPG signatures

[Sean Estabrooks]

On Tue, 30 Dec 2003 20:13:25 +0100
Michael Schwendt <ms-nospam-0306 at arcor.de> wrote:


> Tell that those people who post complaints to my e-mail address after
> they had received Windows virus/worm based junk messages or SPAM with my
> address in the "From" field. I would deactivate signatures again (and
> return to my old posting-style) if more users knew how to read e-mail
> headers and not blamed me after they had opened an .COM attachment in a
> mail which includes my name. Some worms take an old mail from a folder
> on the local disk and only append text or add a malicious attachment
> before piping it out to arbitrary people in an addressbook. This makes
> it look like it's a normal posting from me. Even if a signed message
> were copied completely, a signature includes a timestamp of when the
> signature was made. This makes it impossible to recycle old signed
> messages.


Hi Michael,

Is there anybody left who doesn't understand that email can be spoofed?  
If there is, do these people understand that they should look for and
validate a signature?   Does this _really_ help you explain that the
message didn't come from you?   Do you have to explain it less often?  
Perhaps it does, but i find that notion surprising.

> Another reason why I auto-sign my messages on public mailing-lists is
> that I like to throw away e-mail addresses as soon as they are bombed
> with SPAM. My current one is suprisingly spam-free, probably due to the
> "nospam" in it.

I'm missing the part where signing your message helps you change your
email address ;o)

> I disable signatures where recipients know when it's me and when it's
> SPAM/virus/fake.

Fair enough, my take is that it isn't appropriate on a public support
mailing list, but it's not that big a deal either way.

Cheers,
Sean