Gpg signed spam

Jun15

Gpg signed spam

Posted by Karanbir Singh on 15/Jun/2009 ~ Posted in: Linux, EMail

I've just had my first ever gpg signed spam email. Yes it is gpg signed, and its signed correctly with a key that seems to not be mentioned anywhere ( or atleast papa google does not know about it ). These guys are still getting better and wiser. Whats next ?

Going to see how this shapes up over the next few days before dropping my gpg-header -> whitelist rule :/

5 comments

Comment from: Frank [Visitor]

While it's possible that they're getting wiser, my bet would be that the spam was sent through a compromised system set up to autosign some or all outgoing mail, either through an outlook/thunderbird plugin, or on a local MTA.

15/Jun/2009 @ 10:11

Comment from: Karanbir Singh [Member]

Frank,

That is entirely possible - however I've had another 2 today ( so far ), all of them are a different key, and seem to have followed very different paths into my mailbox.

If it really is someone doing this as a spam effort, I am guessing that cpu cycles are no longer a major cost for these guys..

16/Jun/2009 @ 08:30

Comment from: Jon [Visitor]

Just adjust the whitelisting rule to only whitelist stuff signed with known keys (known as in exists, if you can afford the lookup)