Exposing email addresses on key servers

Robert J. Hansen rjh at sixdemonbag.org
Tue Jun 30 05:58:00 CEST 2009


John Clizbe wrote:
> I agree. Specific spam defenses are in many ways worse than useless. 
> They stop an insignificant fraction of spam and add a layer of 
> complexity to your system. ... [t]here are better ways of fighting
> SPAM than making it difficult for others to communicate.

I agree wholeheartedly with what John says here.  This is an agreement
and a slight addition, not a dissent.

A Greek named Xenophon wrote, "in the end, the art of war is about
keeping your freedom to act."  In the 2500 years since he wrote that, no
general has managed to improve on it.  As long as you're able to act,
you're still in the fight.  The instant you lose that ability, you're
either a casualty or about to become one.

General spam defenses work very well because even after spam gets
through them, you can still take action.  You can tweak the Bayesian
filter.  You can use a different realtime black hole list.  You can
switch from one filtering system to another.  Even if the spam gets
through, there are still effective actions you can take: you're still in
the game.

As John points out, sheltering your email address doesn't work.  Once it
gets out there even once, then it's out for good.  You're investing time
and work in a battle that you know you're going to lose, which you know
you're going to lose soon.  You have no move once it gets out; once you
suffer any breach, you can't mitigate things.

General spam defenses leave you with freedom to act even after you get
hit.  Suppressing your email address doesn't.

Take a lesson from Xenophon.  Focus on defenses that maximize your
ability to act.



More information about the Gnupg-users mailing list