Browsing today, I added a new vendors PGP to my keyring. Normally, an obvious fake email address associated with the key pops up. Not this one. It looks like a personal email account. Should I send them a message to ask and try to help them out? Anyone else have this happen to them?
If there's a Facebook account associated with the email, notify the vendor ASAP. He may hook you up for helping him protect his own ass.
Alternate plan: move to his city, "randomly" bump into him in public, become friends/roommates. Then who's paying all the bills? Vendor-roommate.