The first web-based PGP keyserver was written for a thesis by Marc Horowitz,[1] while he was studying at MIT.
Users were able to upload, download, and search keys either through HKP on TCP port 11371, or through web pages which ran CGI scripts.
[4] The OpenPGP world largely used its own development of keyserver software independent from the PGP Corporation suite.
The main software used until the 2019 spamming attack was "SKS" (Synchronizing Key Server), written by Yaron Minsky.
In this instance, the computers can be, and mostly are, run by individuals as a pro bono service, facilitating the web of trust model PGP uses.
Once a public key has been uploaded, it was purposefully made difficult to remove it as servers auto-synchronize between each other (it was done in order to fight government censorship).
The lack of a retraction mechanism also breached the European General Data Protection Regulation, which was cited as a reason for the closure of the SKS pool.
[5][7]: §2.2 Modern keyservers, starting with the PGP Global Directory, now use the e-mail address for confirmation.
For many individuals, the purpose of using cryptography is to obtain a higher level of privacy in personal interactions and relationships.
(Mike Perry's 2013 criticism of the Web of Trust mentions the issue as already been "discussed at length".
The main goal, however, was to minimize the storage space required, as "signature spamming" can easily add megabytes to a key.