The GNUpg announce list just sent me a microsoft email worm. It claimed to be From: the author of GnuPG, and so slipped right through.

If even the GnuPG people think it’s a good idea to use From: for authentication purposes, we are truly fucked.

Update: A message to the GnuPG Announce list about the worm, sent by the author of GnuPG. The worm message its self does not appear in the archives.