Keyserver spam example

Joke de Buhr joke at seiken.de
Thu Jun 10 17:22:16 CEST 2010


I never said this particular spam message was not caused by someone scanning 
the keyserver. I only stated it isn't that common and never happened to me.

The chance someone harvesting your email address through keyserver scanning is 
less common than harvesting archives of mailing lists.

Keyservers have a large number of abandoned public keys with inactive email 
addresses. Whereas scanning trough a recent mailing list history will provide 
fresh addresses which are very likely to be working.

On Thursday 10 June 2010 16:56:28 David Shaw wrote:
> > On Thursday 10 June 2010 16:00:18 David Shaw wrote:
> >> Hi everyone,
> >> 
> >> Periodically there is a discussion on this list about whether having
> >> your key on a keyserver will result in more spam.  My feeling on this
> >> is that you might get more spam, but it's a drop in the bucket compared
> >> to the usual onslaught that streams in daily.
> >> 
> >> That being said, I just got my first piece of spam that was definitely
> >> caused by presence on a keyserver:
> >> 
> >> Begin forwarded message:
> >>> From: "Stephen Lee" <stephenhka at ymail.com>
> >>> Date: May 26, 2010 2:17:27 AM EDT
> >>> To: dshaw at jabberwocky.com
> >>> Subject: enquiry : wwwkeys.ch.pgp.net:11371
> >>> Reply-To: "Stephen Lee" <stephenhka at ymail.com>
> >>> 
> >>> 
> >>> We found your contact Email address from wwwkeys.ch.pgp.net:11371
> >>> My name is Stephen and I come from China, Hong Kong.
> >> 
> >> (spam contents snipped - it goes on to offer to sell me LCD screens for
> >> my "retail store, shop, boutique or any public area")
> 
> On Jun 10, 2010, at 10:35 AM, Joke de Buhr wrote:
> > I've never gotten any keyserver related spam so far and my public keys
> > with a valid mail address were published year ago.
> > 
> > I think it's more likely you will get spam because you are posting to a
> > mailing list which does have a html archive (liks this one).
> 
> Please read the spam I quoted above:  "We found your contact Email address
> from wwwkeys.ch.pgp.net:11371".
> 
> When the spammer takes the time to tell me he crawled my address from a
> keyserver, and is even kind enough to tell me which one, I'm inclined to
> believe him.
> 
> David
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 706 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100610/db256942/attachment.pgp>


More information about the Gnupg-users mailing list