Sunday, September 2, 2007

Follow up to Your Account

Last time I detailed a problem when people enter email accounts that don't belong to them but the service doesn't allow you to remove the account.

In response to this, a friend of mine suggested that I mention Mailinator. It's a service that allows you to make up an email on the fly and check it. There's no passwords and no expectation of privacy but that's better than sending information to someone else. It's a great idea if you just want to check out a service.

Also, I received an email today about a new Yahoo! account that was created with my account as a secondary. I was impressed that Yahoo! has a system that allows you to remove your address from the account. Simply click a link and then a button to confirm. Of course, I spent a few seconds analyzing the URL before I went to it.

One of the big problems with situations like these is that they can be used to verify that your email address is valid. That may make removing your email from an account tantamount to clicking a link from a spammer. I don't have any evidence of this, and it does sound like a lot of work, but it is possible. That's why I think that the best way for a site to handle this is to require validation upfront but don't allow the user to know if the account owner ever validated. Just remove the account after a short time without validation, a week or a month should be enough.

Lastly, it should be noted that this is somewhat related to the newly defined BACN. This is a little different. It's like getting someone else's BACN. It's also unsolicited so it's a little more like SPAM. You can assume that someone might want it but you're not that someone.

No comments: