> Keyserver SPAM is a straw-man argument. Yes, it's possible for an > address to be pulled from the key on a keyserver, in fact, I'm > convinced harvesting probably takes place.
As am I. However, it should be pointed out that this is no reason to avoid using the keyservers. One of the best ways to evaluate a defensive mechanism is whether it can recover from a failure. Consider securing your home. A lock on the front door is good, but once the thief is in past your front door the lock is pointless. It can't recover from a failure. Being friends with your neighbor is a much better security mechanism. If your neighbor doesn't see the burglars breaking in, they still might see the burglars leaving, or be able to tell the cops "yes, there were some strange people hanging around that place yesterday, watching it and stuff, they were driving a...". Even if in one particular moment your neighbor fails, your neighbor can still come back to be a useful and effective mechanism. Good neighbors are a better security mechanism than good locks. (This may count as "old as the hills" wisdom: Proverbs 27:10 says something like, "Better a neighbor nearby than a brother far away." I've yet to find any 4,000-year-old proverbs extolling the virtues of locks, much less any that are as true today as when they were first spoken.) The same reasoning explains why keeping your email address hidden is a poor spamfighting technique. You have to *always* keep the email address hidden, and the first time it gets published you have to assume the spammers now have it. All that time, effort, energy, stress and frustration you put into keeping your email address unpublished is now wasted: all you did was delay the inevitable by a few days, a few weeks, maybe a few months. Like the lock which, once bypassed, provides no help whatsoever, your ascetic ways, once bypassed, give no benefit. On the other hand, good spam detectors have wonderful failure recovery modes. If a piece of spam gets through, well, train the spam detector to do a better job: the next time that spam won't get through. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
