explain nrsign & lsign?

David Shaw dshaw at jabberwocky.com
Wed Jan 31 22:19:33 CET 2007


On Mon, Jan 29, 2007 at 05:20:20PM +0100, Werner Koch wrote:
> On Mon, 29 Jan 2007 16:22, dshaw at jabberwocky.com said:
> 
> > etc.  Nowadays, many spammers aren't using their own bandwidth or CPU.
> > So why *not* hit the keyservers?  It costs them essentially nothing.
> 
> OTOH, addresses taken from the addressbook as available on the host
> (== zombie Windows PC) are much more effective than harvesting the web
> or kyeservers. These local addresses are more certain to actually be
> used and even better: the recipient of the spam knows the sender.

Indeed.  It is also possible that the keyservers aren't being targeted
specifically as keyservers, but rather that people have links to
keyserver searches out there, and the spammers are just using a
crawler that happens to follow that link.  Some keyservers don't
obfuscate their search results.

David



More information about the Gnupg-users mailing list