It's come up on the list many times. No one has demonstrated that there
is mass-mining of e-mail addresses from the key servers. Personally, I
have a mini-honeytrap set up for testing this, and while I get dozens of
spam messages every day as a result of having had my e-mail addresses
posted publicly in various places for many years, I get no more than a
dozen _per year_ pointed at addresses from my key honeytrap.
It's very safe to assume that e-mail address harvesting from the key
servers is not anything to worry about.
More generally, it's been well documented in the anti-spam community
that techniques to "hide" your e-mail address from spammers are totally
fruitless. You want to apply intelligent filters on the receiving side
of the e-mail transaction to limit the flow seen by the end users.
That's the only viable long term solution.
hope this helps,
Doug
On 04/17/2013 05:32 AM, Diego Zuccato wrote:
Ave all.
IIUC, currently, whoever looks up a key for an identity, automatically
retrieves *all* user's identities!
That could easily be abused (spammers, people writing to personal
mailbox for work-related issues, etc), but even if not abused it's at
least "unpleasant" that all mail addresses gets mixed.
I've been thinking about that for some time, but couldn't yet find a
workaround. Except, maybe, some decoupling between signature key and
identities -- but no idea on how to implement it, keeping the current
pros. W/o having to use multiple different identities (that would mean
more smartcards to manage, for example).
I couldn't find related topics, but I think that's impossible that noone
thought about it before. Am I missing something obvious?
Tks,
Diego.
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
