Educause Security Discussion mailing list archives

Re: Email marketing keys and contact information privacy

From: Jason Frisvold <frisvolj () LAFAYETTE EDU>
Date: Wed, 1 Apr 2009 06:55:05 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Gary Flynn wrote:

Under what circumstances would this be acceptable?


If it's unsolicited, then personally, I find it completely unacceptable.
 I have no control in that situation and there's no guarantee I'll even
get the initial email.  And while random tokens are relatively secure
from an enumeration standpoint, there is always the random chance that
someone stumbles upon it and gains access to my information.

If it's something I'm expecting, then a one-time random token should be
sufficient, but it should be something I trigger.  This is akin to
signing up for a forum or other website that sends a one-time token to
verify your email address.

- --
- ---------------------------
Jason Frisvold
Network Engineer
frisvolj () lafayette edu
- ---------------------------
"What I cannot create, I do not understand"
   - Richard Feynman
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
Comment: Using GnuPG with CentOS - http://enigmail.mozdev.org

iD8DBQFJ00gJO80o6DJ8UvkRApgoAJoDE2fahrm5LYqjUfthn3gWd44hDACeNa7R
r4zwq0XcfZ5bw4yvqJtr79E=
=vmaZ
-----END PGP SIGNATURE-----

Current thread:

Re: Email marketing keys and contact information privacy Jason Frisvold (Apr 01)
- <Possible follow-ups>
- Re: Email marketing keys and contact information privacy Jason Frisvold (Apr 01)