SPAM Re: DDOS attack

Per Tunedal pt@radvis.nu
Wed Apr 9 09:38:01 2003


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 18:42 2003-04-08 -0700, you wrote:
 >
 >I really hope spammers are unable to reap email addresses from
 >keyservers. At least not efficiently.
 >
 >Joe

Bad news Joe,
according to a discussion on the WinPT users list it is possible to
"harvest" e-mail addresses on a keyserver. Timo Scultz confirmed this, but
it has not happend so far as I know.

I can only think of one countermeasure:
I will not include alla my e-mailaddresses in the userid:s
I can anyhow tell people which key to use (and GPGrelay users can let
GPGrelay create aliases by the option "learn from POP": if a valid
signature is found I get a question if the from address should be a new
alias for an e-mail address found in the user-id of the used signing key.)

Per Tunedal

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (MingW32) - GPGrelay v0.92

iD8DBQE+k8342Jp9Z++ji2YRAjXGAJ9znkd1CdaC7MPJeg7leTMF6ZCcdgCeMfst
lv3PNkXhq4IApqzpyeyhVxM=
=8R20
-----END PGP SIGNATURE-----