Email marketing keys and contact information privacy

[Gary Flynn <flynngn () JMU EDU>]

Lets say there is a mass marketing company who sends
e-mail on behalf of its customers based on contact
information given to it by those customers. The URLs
in the individual e-mail messages are unique for each
recipient so when the recipient clicks the link, the
marketer knows what e-mail address is responding and
can record the individual who responded and adjust the
display accordingly if desired. Standard operating
procedure so far, right?

Now lets say that mass marketing company has the name,
address, and phone number associated with each e-mail
address and displays that information based on the link
in the e-mail.

So if I get one of these unsolicited messages and click
the link, my name, address, and phone number is displayed.

Under such a system, one could theoretically download
the customer database contents by making successive
requests:

https://website.com/person?ID-number000,000,001
https://website.com/person?ID-number000,000,002
https://website.com/person?ID-number000,000,003
.
.
.
https://website.com/person?ID-number999,999,997
https://website.com/person?ID-number999,999,998
https://website.com/person?ID-number999,999,999

Under what circumstances would this be acceptable?

If the ID-number was a certain minimum size that
was X orders of magnitude greater than the population?

If the URL in the e-mail only worked a limited
number of times to prevent the harvesting and
limit re-use?

Never?



--
Gary Flynn
Security Engineer
James Madison University
www.jmu.edu/computing/security

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature