If you receive email from any of my addresses without signature you should doubt its authenticity!
The only exceptions from my "all-is-signed" rule are mailrobots which can't cope with RFC3156-conformant emails and certain mailinglists. Exceptions for personal mail are only done on an as-needed basis for people with broken mailers.
My crypto tool of choice is GnuPG (earlier i've used pgp, too).
You can get my PGP keys (0x42BD645D primary, 0x5B586291 old RSA, 0xF860ACF1 work)
- from here
- from all keyservers I know of, but do yourself a favour and use one of the subkeys-safe servers (and a recent client, too): This one or that one work fine for my main private key.
- or by dropping me an email with the
Subject being
get pgp-key
If you are using a UNIX system, you might be interested in my tool kuvert which automates signing and encryption of outbound mail.
For good measure you might want to combine this with an anonymous remailer chain, like ones listed on cm's site.
