dougb at dougbarton.us
Wed Apr 17 18:22:26 CEST 2013
It's come up on the list many times. No one has demonstrated that there
is mass-mining of e-mail addresses from the key servers. Personally, I
have a mini-honeytrap set up for testing this, and while I get dozens of
spam messages every day as a result of having had my e-mail addresses
posted publicly in various places for many years, I get no more than a
dozen _per year_ pointed at addresses from my key honeytrap.
It's very safe to assume that e-mail address harvesting from the key
servers is not anything to worry about.
More generally, it's been well documented in the anti-spam community
that techniques to "hide" your e-mail address from spammers are totally
fruitless. You want to apply intelligent filters on the receiving side
of the e-mail transaction to limit the flow seen by the end users.
That's the only viable long term solution.
hope this helps,
On 04/17/2013 05:32 AM, Diego Zuccato wrote:
> Ave all.
> IIUC, currently, whoever looks up a key for an identity, automatically
> retrieves *all* user's identities!
> That could easily be abused (spammers, people writing to personal
> mailbox for work-related issues, etc), but even if not abused it's at
> least "unpleasant" that all mail addresses gets mixed.
> I've been thinking about that for some time, but couldn't yet find a
> workaround. Except, maybe, some decoupling between signature key and
> identities -- but no idea on how to implement it, keeping the current
> pros. W/o having to use multiple different identities (that would mean
> more smartcards to manage, for example).
> I couldn't find related topics, but I think that's impossible that noone
> thought about it before. Am I missing something obvious?
More information about the Gnupg-users