explain nrsign & lsign?

John Clizbe JPClizbe at tx.rr.com
Mon Jan 29 05:45:52 CET 2007

John W. Moore III wrote:
> There is somewhat constant debate over the best method.  

Yes, but it seems like it's always the same folks bringing it up when it
surfaces; much like a couple other perennial subjects over on PGP-Basics.

> Many believe that Email addresses are 'harvested' from the Servers by bots
> intent on increasing the Spammers database.  Many others argue that they
> haven't been affected by /increased/ Spam and not publishing to the Servers 
> negates the ability to Verify a Sig from a Key not currently existing on the
> recipients Keyring.  

I don't don't why you present these as two opposing camps. Both are valid.

The thing is degree. Yes, keys are likely harvested. But I will suggest you'll
get /much more/ SPAM from sending a message to this list than you will from
publishing an email address on a key and sending it to a keyserver.

I created two special purpose keys in early Sept 2004, each with a different
address, and sent them to the keyservers. The addresses are not used anywhere
for email. Since then one account has received 139 SPAM messages, the other 121
- *total*. That's an average of one SPAM message per account about every 6.5
days, roughly one per week.

Those volumes represent about one or two days worth on a couple other accounts.

So, yes - harvesting occurs. But its impact is being portrayed way out of
proportion to its actual effect. I'd have to conclude that the benefits of
having good addresses searchable on the keyservers far outweighs the negligible
volume of SPAM that can be traced to actual harvesting.

John P. Clizbe                      Inet:   John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?"        / "two words: good decisions."
"what's the key to good decisions?" /  "one word: experience."
"how do i get experience?"          / "two words: bad decisions."

"Just how do the residents of Haiku, Hawai'i hold conversations?"

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 663 bytes
Desc: OpenPGP digital signature
Url : /pipermail/attachments/20070128/f283f712/attachment.pgp 

More information about the Gnupg-users mailing list