Hauke Laging wrote: > Maybe. But I would not call it science that you imply that harvesting > from key servers will result in about the same amount of spam as pure > address guessing by the spammers would.
Estimating how many email addresses are released to spammers via the keyservers is a black art. It has been attempted, though. See, e.g., John Clizbe's result. For your proposal to work, you can never have an email address exposed. Ever. Anywhere. The instant you screw up and your email address gets out, the game is over. Soon a spammer will discover it. Within days all the spammers will have it, since spammers share email lists with each other. In the end, you haven't done anything to stop spam. All you've done is bought yourself a little time, and paid a very high price for it -- you've made it very difficult for people who want to talk to you to get in touch with you. > Your point maybe. It seems a bit strange to me that you believe to be > capable of calculating everyone's personal spam risk. Objective reality is the same for everybody. The objective reality of the situation is that as soon as your email address gets exposed anywhere, spammers will get it. Closing off just one avenue of address collection is absurd; it's like facing a horde of army ants and thinking that just by stomping on one you're going to do something about the swarm. > Because you want to decide for others what risks they have to take > and which not. You may make fun of afraid flight passengers but > nonetheless such assessments should be up to the user. It already _is_ up to the user. Nobody forces you to put an email address on your key. You can leave it off if you want. If you're really that concerned about keyserver spam, then feel free. Be my guest. The protocol accommodates you. But I think it's a very bad idea to start changing the protocol just to appease the phantom fears of a small number of users. Once you do that, then everyone who has a phantom fear will demand the protocol be changed to support them. > Snake-oil refers to fooling somebody. I don't do that. You may be fooling yourself. I have cc'd GnuPG-Users on this one. There doesn't appear to be anything in this thread that's related to ongoing GnuPG development, so continuing it on -devel seems inappropriate. Let's move it over there. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users