Questions about generating keys

Oskar L. oskar at
Thu Aug 23 11:40:02 CEST 2007

Robert J. Hansen wrote:
> In the battle between armor and warhead, _always_ bet on the warhead.
> Playing defensively and trying to make an email address invisible is
> going to be an exercise in frustration.  They always get seen.  They
> always get spammed.  Play defensively and you lose.

Well if you need to have an e-mail address available to the general public
then this is certainly true. Spammers have even been known to hire cheap
labor to surf the web looking for e-mail addresses and filling in spam in
forms, so even hiding your address in a blurred upside-down JPEG won't

If you have security unaware friends who type in your address on "send
your friend an ecard" type of sites, or have you in their address book on
their Windows box full with spyware, then the spammers will get your
address, no matter what you do.

But if you don't need a public address, and only have security conscious
friends, then I would think you have a good change of staying of the
spammers lists.

Yahoo! has a nice free service called AddressGuard. You just create a base
name (foo) and append an ID (bar) to it, and now you have a disposable
address: foo-bar at, witch delivers mail to your normal Yahoo!
address. You can have 500 different IDs, so you can give a different
address to each of your friends, and check who is leaking your address.

> Whitelisting, graylisting, blacklisting, Bayesian filters, even lawsuits
> if you're so inclined--those are all active measures which force the
> spammers to adapt to your actions.  That gives you a measure of
> initiative back.  You're no longer playing pure defensive.

Those are all good things, but just because we have them does not mean
that it's not a good idea to try to stay of the spammers list in the first
place.  Personally I'd like to see more aggressive anti-spam measures,
like the ones taken by Blue Frog.

> If you like, I'll ask the antispam research group here at UI if they
> think there's anything to be gained by omitting an email address from a
> key.

User IDs do not provide any authentication, so security wise they are
useless. The most secure thing would be not to have one at all, and have
my friends remember that key number xxxxxxxx belongs to me. This way, if
my friends get raided, it will be more difficult or impossible for the
police to figure out that it's my key. But since this is very
inconvenient, I decided to sacrifice a little security for convenience, by
putting my first name in the user ID. I don't provide an e-mail address
mainly because it's easier to change my e-mail address if I don't have to
update my key, but this undeniably also makes things a little harder for
spammers, since it's one less place they can find my e-mail address. It
might also help in a deniability claim. I don't however think that it's
too much to ask that people remember witch e-mail address goes with witch


More information about the Gnupg-users mailing list