Paul,
I really do believe that the hashing is not an affective security
meassure.
By using hash, we make it harder for an attacker to find email addresses of
another person. Of course, we cannot prevent the attack.
Let me give you a real example from a real person that I name him Bob. Bob
hasn't published any email address on his personal website but he used a form
so that others can send me email only via form.
The spammer also tried to send hiim message via this form in a hope that they
can receive an answer so that they can have his email address. But Bob also
used other approaches such as captcha.
After that, he no longer received any spamming email because it was too efforts
for spammer to check the captcha and take more of their time.
I hope it is clear,
Hosnieh
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp