> > > > However this worries me. During the setup there is no Debian > involvement, and that means anyone can do the same trick to pretend to own > my Debian address. > > >
That's also a reason why it's better to gpg-sign important email (aside from the fact that anybody can have a setup that sends mails in your name for any domain, even non-Debian). >
