Proof of email ownership

Michael Daigle list-gnupg at
Sat Aug 6 02:37:47 CEST 2005

Hash: RIPEMD160

In reply to David Srbecky's message sent 2005-08-05 17:36:

> I just installed GnuPG to Thunderbird, created a key pair and
> uploaded it to a keyserver. I have expected to receive some mail
> designed to verify that I really own the email address (similar to
> the one that just received to subscribe to this list), but I did not
> receive any.
> How can people know that I own the address if GnuPG did not check it?

GnuPG is a cryptographic application. It verifies digital signatures,
not email addresses.

> My next idea was that GnuPG is multipurpose cryptographic software
> and I need to get some special signature verifying that I own
> specific mail. I was looking for a way to accomplish that, but I have
> not found any.

There is no magic bullet :-( A signature is only "special" to the one
who recognizes it. Some people trust my sig, while others have no cause
to. The same goes for bots and CA's. That's why the web of trust is
important. The more signatures you get on your key, the greater the odds
someone who receives your key sees a signature of someone they trust.

> Are there any servers/bots that can verify that I own mail and then
> sign my key to certify that?

The PGP Global Directory will only publish UID's bearing email addresses
that you confirm.

The Robot CA at will also similarly validate your email address.

There are other organized webs of trust around like Thawte Consulting
(, CAcert ( and the Gossamer Spider Web of
Trust ( Thawte is a commercial CA (only good for X.509
unless you use a compatable RSA OpenPGP key). CAcert is a not-for-profit
CA (X.509 and OpenPGP; trying for browser inclusion). GSWoT is a
grassroots organization that endorses CAcert Assurers, Thawte Notaries,
and other internally produced assurers to enhance the OpenPGP web of
trust. These entities perform identity assurance. You won't get a
signature for proving access to an email address.

- --
Mike Daigle                         
My PGP Key                                 mailto:pgpkey at
Gossamer Spider Web of Trust            
Get Your Own Subdomain!        

Comment: GSWoT - Gossamer Spider Web of Trust -


More information about the Gnupg-users mailing list