[Enigmail] Keyservers & Spammers Was: Re: First signed message
John Clizbe
John at Mozilla-Enigmail.org
Fri Aug 22 01:31:41 PDT 2008
Matt wrote:
> John W. Moore III wrote:
>> Speaking Personally, I can think of no 'Cons' associated with Uploading
>> Your Key to one or more Keyservers. I have heard all the 'horror
>> stories' about Spam Bots harvesting Email Addresses from Keyservers but
>> I place no stock in that.
>
<snip>
>
> So can they get the email address from the key? Yes. But I don't think
> they do, because if they did, I probably would have gotten some during
> that 3 month period. Spammers don't even care if the addresses are good
> or not, some make up random name @ random domain just hoping to get
> lucky. They don't care, email is practically free to send, so even a
> single 'sale' is practically all profit.
>
> Now one data point doesn't imply universal truth, especially when
> attempting to prove that something doable just isn't done.
Having tested multiple addresses on several keys, I've found no difference
between an address only on a key being on a keyserver and totally unused
addresses on ISPs.
Yes, it's possible the address was pulled from the key on a keyserver, but the
volume of SPAM was not significantly different from that received as just random
SPAM noise from an unused ISP account.
--
John P. Clizbe Inet:John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. hkp://keyserver.gingerbear.net or
mailto:pgp-public-keys at gingerbear.net?subject=HELP
Q:"Just how do the residents of Haiku, Hawai'i hold conversations?"
A:"An odd melody / island voices on the winds / surplus of vowels"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20080822/c1f3bc8a/attachment.bin>
More information about the Enigmail
mailing list