There are several issues here, some of which relate to the mailer, some of which involve Microsoft's signing process, and some of which involve how the PGP product works. I'll do my best to explain what's happening, but if you have questions about using PGP, Network Associates is really the authoritative information source. The signature status and the key validity are two different issues entirely. The signature status ("good" in your note below) means that the signature was successfully verified. This tells you that the email hasn't been tampered with in transit, and that the public key you used to verify it is the mate to the private key that was used to sign it. What this does *not* tell you is whether the key is actually the Microsoft key -- that's what the validitor indicator tells you. In the case you cited below, the validity indicator ("invalid") means that PGP couldn't certify that the key actually is the Microsoft key. There's a fine shade of meaning here that's very important. "Invalid" ...