On Tue, 30 Dec 2003 14:27:57 -0500, Sean Estabrooks wrote: > Is there anybody left who doesn't understand that email can be spoofed? Are you serious? Many, many people look only at the from address and are quite shocked/surprised when you mail them a message using their name and address. > If there is, do these people understand that they should look for and > validate a signature? If they use software which supports PGP/GPG or S/MIME, at least they can see that some messages are signed while others are not, and they are free to verify signatures when necessary. I don't make assumptions on whether software offers to download a key or whether users care enough to become familiar with GPG signatures. I leave it to the recipient on whether he opens an unsigned message "From: Michael Schwendt <...>" because he knows my name from many signed postings on public mailing-lists. > Does this _really_ help you explain that the > message didn't come from you? Yes. It has helped in several cases where I have had problems getting someone to not ignore the information in the headers. It triggered an "Aha! I realize this message was different from your usual ones. Sorry!" effect and caused a few people to become aware of details. > Do you have to explain it less often? On @redhat.com lists I've switched to auto-signing my posts after several of us subscribers had received fake messages with recycled message bodies. Since then I haven't received any complaints about junk/spam coming from my address. It might be coincidence. I don't care. A GPG signature doesn't occupy as much space as some people's huge message footers. --
Attachment:
pgpbIaXbaVMWM.pgp
Description: PGP signature
