Educause Security Discussion mailing list archives
Re: Email marketing keys and contact information privacy
From: Jason Frisvold <frisvolj () LAFAYETTE EDU>
Date: Wed, 1 Apr 2009 06:55:05 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Gary Flynn wrote:
Under what circumstances would this be acceptable?
If it's unsolicited, then personally, I find it completely unacceptable. I have no control in that situation and there's no guarantee I'll even get the initial email. And while random tokens are relatively secure from an enumeration standpoint, there is always the random chance that someone stumbles upon it and gains access to my information. If it's something I'm expecting, then a one-time random token should be sufficient, but it should be something I trigger. This is akin to signing up for a forum or other website that sends a one-time token to verify your email address. - -- - --------------------------- Jason Frisvold Network Engineer frisvolj () lafayette edu - --------------------------- "What I cannot create, I do not understand" - Richard Feynman -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org iD8DBQFJ00gJO80o6DJ8UvkRApgoAJoDE2fahrm5LYqjUfthn3gWd44hDACeNa7R r4zwq0XcfZ5bw4yvqJtr79E= =vmaZ -----END PGP SIGNATURE-----
Current thread:
- Re: Email marketing keys and contact information privacy Jason Frisvold (Apr 01)
- <Possible follow-ups>
- Re: Email marketing keys and contact information privacy Jason Frisvold (Apr 01)