explain nrsign & lsign?

Robert J. Hansen rjh at sixdemonbag.org
Mon Jan 29 01:37:20 CET 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> There is somewhat constant debate over the best method.  Many believe
> that Email addresses are 'harvested' from the Servers by bots  
> intent on
> increasing the Spammers database.

For whatever it's worth, I consider this one to be very strongly  
indicated.

Consider the address kc0sje @ myemaildomain.  It's not exactly one  
that would be picked at random.  The only published way to find that  
address is to enter my ham radio station ID in at the American Radio  
Relay League's web page and find "kc0sje @ myemaildomain" as my  
contact info--and it seems unlikely spammers would harvest from the  
ARRL.

That email address was up on the ARRL's page for a few months before  
I added it to one of my keys.  In under a week, I started getting  
spams to that email address.

There are two obvious ways I can see spammers picking it up.  Either  
(1) they've got a copy of all American amateur radio station IDs and  
are polling the ARRL's information, one record at a time, to compile  
them, or (2) they're harvesting addresses off keyservers.  Of the  
two, #2 seems far, far more likely.

> Many others argue that they haven't been affected by /increased/  
> Spam and
> not publishing to the Servers negates the ability to Verify a Sig  
> from a
> Key not currently existing on the recipients Keyring.

I agree to this one, too.



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Darwin)

iQEcBAEBCAAGBQJFvUHBAAoJELcA9IL+r4EJGu0H/28pD4TwNQ8Sq2V5FJUyUN7c
K1zRh2HsUtD7rcXq5+sVFLnQJuhJSpxvOZWGMAedfTcBOb3vD/HEEJ2bq9l9sAfz
Hmu8z55fEbRyOuEC0YEaZWOKMgWHy0QmzCE+3A6MWeDDiwcLAXbROjKrl4zoWSeo
pbIa3OlyWXR3uNV0V55nSCuLK2/7aRX6ZVpKYawB8jhA50USfav7kxFKgWVUZGUH
sc8JPw5vpvRQ4VzMLh3GPBcHp8d8UVWe+dUHHjZ9ew2EqD+VX829r70uU/O3sk8i
b8b/XDUayggnsgN9P0bF7YRRK/sfl7/sLZcAtoS5UCiQeN3Qj0ROm2kD+XLFxTQ=
=FxU/
-----END PGP SIGNATURE-----



More information about the Gnupg-users mailing list