Privacy concerns

Doug Barton dougb at
Wed Apr 17 18:22:26 CEST 2013

It's come up on the list many times. No one has demonstrated that there 
is mass-mining of e-mail addresses from the key servers. Personally, I 
have a mini-honeytrap set up for testing this, and while I get dozens of 
spam messages every day as a result of having had my e-mail addresses 
posted publicly in various places for many years, I get no more than a 
dozen _per year_ pointed at addresses from my key honeytrap.

It's very safe to assume that e-mail address harvesting from the key 
servers is not anything to worry about.

More generally, it's been well documented in the anti-spam community 
that techniques to "hide" your e-mail address from spammers are totally 
fruitless. You want to apply intelligent filters on the receiving side 
of the e-mail transaction to limit the flow seen by the end users. 
That's the only viable long term solution.

hope this helps,


On 04/17/2013 05:32 AM, Diego Zuccato wrote:
> Ave all.
> IIUC, currently, whoever looks up a key for an identity, automatically
> retrieves *all* user's identities!
> That could easily be abused (spammers, people writing to personal
> mailbox for work-related issues, etc), but even if not abused it's at
> least "unpleasant" that all mail addresses gets mixed.
> I've been thinking about that for some time, but couldn't yet find a
> workaround. Except, maybe, some decoupling between signature key and
> identities -- but no idea on how to implement it, keeping the current
> pros. W/o having to use multiple different identities (that would mean
> more smartcards to manage, for example).
> I couldn't find related topics, but I think that's impossible that noone
> thought about it before. Am I missing something obvious?
> Tks,
>   Diego.

More information about the Gnupg-users mailing list