Keyserver spam example

Joke de Buhr joke at seiken.de
Thu Jun 10 17:57:50 CEST 2010 

On Thursday 10 June 2010 17:29:18 MFPA wrote:
> Hi
> 
> 
> On Thursday 10 June 2010 at 3:35:34 PM, in
> 
> <mid:201006101635.36328.joke at seiken.de>, Joke de Buhr wrote:
> > I've never gotten any keyserver related spam so far and
> > my public keys with a valid mail address were published
> > year ago.
> 
> In order to *know* you have never received any keyserver-related spam,
> I take it the valid address on the key you published has never
> received any spam at all.

One of the addresses of my key is totally unprotected against spam. Nothing is 
blocked or scanned there. And it doesn't get any spam at all.

> I have a key with a valid (but unused) address that I published as a
> test three months ago. Since the address has never been used at all
> for any purpose, anybody using that address could only have got it
> from a keyserver. So far it has received no incoming messages at all.
> 
> I have another key on the servers that shows a genuine address and has
> been there at least 18 months. I do use that address, but not for
> mailing lists, groups, etc. Spam typically comes in at the rate of
> about two or three messages a month. I have no reason to suspect the
> spammers harvested the address from a keyserver, but no way of knowing
> they didn't.
> 
> David's example with the spammer saying where they got the address is
> very unusual, to say the least.
> 
> > I think it's more likely you will get spam because you
> > are posting to a mailing list which does have a html
> > archive (liks this one).
> 
> No comment on probabilities, but I should have thought going to the
> web interface of a keyserver and searching on "2010" (for example)
> would be a more efficient place to harvest email addresses than
> trawling through mailing list archives.

As far as I know you cannot do a search like "2010" on keyserver webinterfaces 
to get recently created keys.

> 
> > If you want to get rid of most spam, just filter
> > everything sent from dynamic ip addresses and you're
> > fine.
> 
> Only if you consider sacrificing some legitimate incoming mail to be
> "fine."

You do not sacrifice legitimate incoming mail because there is an RFC that 
clearly states mailservers do not operate from dynamic IP addresses. Therefore 
they can not be considered valid.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 706 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20100610/1a40efb9/attachment-0001.pgp>

More information about the Gnupg-users mailing list