-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > The thing is degree. Yes, keys are likely harvested. But I will > suggest you'll > get /much more/ SPAM from sending a message to this list than you > will from > publishing an email address on a key and sending it to a keyserver.
While I agree that in general keyserver harvesting is not a huge problem for the community, we should be wary about thinking it will not become a huge problem for the community. Prudence suggests we consider both alternatives. > Those volumes represent about one or two days worth on a couple > other accounts. This may only mean that there's only one spam syndicate who's harvesting keyservers, whereas the countless numbers of other spammers haven't caught on yet. This could just as easily mean that other spammers have considered the option and decided it's a bad idea for whatever reason, and only one syndicate isn't getting the memo. Hard to say. > So, yes - harvesting occurs. But its impact is being portrayed way > out of > proportion to its actual effect. I'd have to conclude that the > benefits of > having good addresses searchable on the keyservers far outweighs > the negligible > volume of SPAM that can be traced to actual harvesting. The following is anecdotal experience, so it should be taken with a grain of salt. Still, it's worth considering. I spent some time without an email address listed on my key to test out for myself whether it would present a usability issue. Turns out it didn't; putting OpenPGP kluges in my email headers told my recipients my key ID, which made it possible for them to grab my key despite there being no email address associated with it. Ultimately, I decided that since I was already drowning in spam on all of my accounts anyway, the added trouble was insignificant, even if the added benefit was insignificant. I put an email address on my key and decided I wasn't going to worry about it any more, since I didn't see it mattered too much either way. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iQEcBAEBCAAGBQJFvZGqAAoJELcA9IL+r4EJ4wMH/jrMuFsrgDamP+D6LMWHe6iG 2okOO0sk2P2+61RQElCN93YB/Fy2EHquVvs2JbhU6/CuHFrvo7pyrx2WlFCIuNUt L61kTheA09rSpJ2ipRPRKYAlbE2HaXaAXMzO+U65X0zmUSAm+5z8ALdOdLBqa+ey 58ZUciD/yZAejO4oFdALe+C74gkPQXCWFepB9mD+KBh74D1y0UpOnSAAPUicHsOz ThkyZ2yeX1NzSMnXdAMmrlV651zEOC01IkL3f7AFCElZxM0Ha+gGtmijSWN4njBP bwNzVm8AGjJ0POltcR8vPIr2DvPZs9KKPSZ2893CkZlxKFyY8YizPJnoKXq7s/o= =AFUS -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
