<<< Date Index >>>     <<< Thread Index >>>

Re: [OT] key server is a great place for spammers?



Hi, 

On Thu Sep 11  04:11PM, Isaac Claymore wrote:
> Hi mutters, this is slightly off topic here.
> 
> I just set up mutt to work with gpg today, and was rather astonished
> that key servers expose email addresses quite happily.
> 
> Say, simply run 'gpg --search-keys foo' prints out 325 email addresses
> together with the found keys. I guess spammers could easily use the key 
> servers to find email addresses, since the process could be easily
> automated with something like expect. And worse, email addresses
> associated with keys are most possible being actively used by key
> owners.

I also thought about this recently when spam mails came around with 
fake gpg signatures to get lesser spam points. Not enough they get
your email adress from these servers, they are also able to encrypt
it with your key, so spamassassin or other anti-spam software will
never catch it. I am happily waiting for my first encrypted 
Spam Mail ;)


greets, andreas