keyserver spam

Erik Loosman hj at
Sat Dec 17 14:26:43 CET 2011

I have uploaded my key to a keyserver at upload a key to their
keyserver requires a verification by e-mail. Every id (e-mailaddress) in
your key receives an e-mail. Respond to one of those e-mails (clicking
link) to verify you issued the key replacement. But when (one of) your
e-mail account(s) has been compromised, it could still happen.

Erik Loosman

OpenPGP: 0x7374C641 at

On 12/16/2011 04:51 PM, gnupg at wrote:
> I understand that once you've uploaded something to the keyservers, it
> can't be removed. Eg, if I sign someone elses key and upload that, it
> will be attached to their key permanently?
> What if someone were to generate say, 10,000 keypairs with "offensive"
> uid names, and then sign my key with each of them, and then upload that
> to the keyservers? Is there anything to stop that? Is there anything to
> stop a spammer generating a key with their URL in the uid name and then
> signing every key they can find and uploading that to the keyservers?
> Has anything like this happened before?
> _______________________________________________
> Gnupg-users mailing list
> Gnupg-users at
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20111217/a1f1acaa/attachment.htm>

More information about the Gnupg-users mailing list