explain nrsign & lsign?
Randy Burns
randy at randyburns.us
Thu Feb 1 18:43:52 CET 2007
--- David Shaw <dshaw at jabberwocky.com> wrote:
> On Mon, Jan 29, 2007 at 05:20:20PM +0100, Werner Koch wrote:
> > On Mon, 29 Jan 2007 16:22, dshaw at jabberwocky.com said:
> >
> > > etc. Nowadays, many spammers aren't using their own bandwidth or
> CPU.
> > > So why *not* hit the keyservers? It costs them essentially nothing.
> >
> > OTOH, addresses taken from the addressbook as available on the host
> > (== zombie Windows PC) are much more effective than harvesting the web
> > or kyeservers. These local addresses are more certain to actually be
> > used and even better: the recipient of the spam knows the sender.
>
> Indeed. It is also possible that the keyservers aren't being targeted
> specifically as keyservers, but rather that people have links to
> keyserver searches out there, and the spammers are just using a
> crawler that happens to follow that link. Some keyservers don't
> obfuscate their search results.
>
> David
>
Something to think about when organizing a keysigning too. Avoid putting a
participant list on a webpage. Just a keyring maybe.
Randy
More information about the Gnupg-users
mailing list