email hashes in PGP keys as protection against spam

Robert J. Hansen rjh at
Mon Oct 5 23:33:38 CEST 2009

Hauke Laging wrote:
> Maybe. But I would not call it science that you imply that harvesting
> from key servers will result in about the same amount of spam as pure
> address guessing by the spammers would.

Estimating how many email addresses are released to spammers via the
keyservers is a black art.  It has been attempted, though.  See, e.g.,
John Clizbe's result.

For your proposal to work, you can never have an email address exposed.
Ever.  Anywhere.  The instant you screw up and your email address gets
out, the game is over.  Soon a spammer will discover it.  Within days
all the spammers will have it, since spammers share email lists with
each other.

In the end, you haven't done anything to stop spam.  All you've done is
bought yourself a little time, and paid a very high price for it --
you've made it very difficult for people who want to talk to you to get
in touch with you.

> Your point maybe. It seems a bit strange to me that you believe to be
> capable of calculating everyone's personal spam risk.

Objective reality is the same for everybody.  The objective reality of
the situation is that as soon as your email address gets exposed
anywhere, spammers will get it.  Closing off just one avenue of address
collection is absurd; it's like facing a horde of army ants and thinking
that just by stomping on one you're going to do something about the swarm.

> Because you want to decide for others what risks they have to take
> and which not. You may make fun of afraid flight passengers but
> nonetheless such assessments should be up to the user.

It already _is_ up to the user.  Nobody forces you to put an email
address on your key.  You can leave it off if you want.  If you're
really that concerned about keyserver spam, then feel free.  Be my
guest.  The protocol accommodates you.

But I think it's a very bad idea to start changing the protocol just to
appease the phantom fears of a small number of users.  Once you do that,
then everyone who has a phantom fear will demand the protocol be changed
to support them.

> Snake-oil refers to fooling somebody. I don't do that.

You may be fooling yourself.

I have cc'd GnuPG-Users on this one.  There doesn't appear to be
anything in this thread that's related to ongoing GnuPG development, so
continuing it on -devel seems inappropriate.  Let's move it over there.

More information about the Gnupg-devel mailing list