[OpenID] Relationship of OpenID URLs and e-mail addresses
Granqvist, Hans
hgranqvist at verisign.com
Tue Apr 3 17:28:29 UTC 2007
Some kinds of schemes work (one way hashes of email address for example) but users would indeed reject those since they'd want the same handle.
I think your spamming fear is abit overrated. There are so many email addresses available to use for spammers already.
Since the email addresses are all on your domain your best bet would be to go with the flow and get a good spam wall up. . . ?
Sent by GoodLink (www.good.com)
-----Original Message-----
From: Johannes Ernst [mailto:jernst+openid.net at netmesh.us]
Sent: Tuesday, April 03, 2007 10:01 AM Pacific Standard Time
To: openid-general
Subject: [OpenID] Relationship of OpenID URLs and e-mail addresses
Assume you are hosting millions of e-mail addresses for your
customers, like
<username>@example.com.
Now you decide to also become an OpenID Provider for your customers.
It would be straightforward to automatically create an OpenID for
each of your users, e.g. like
http://openid.example.com/<username>
Every spammer in the world will realize that this is how the scheme
works, and they will harvest all URLs on the net that start with
http://openid.example.com and spam the heck out of your users. Right?
However, having different <username> components for e-mail and OpenID
is more complex (e.g. how do I explain this to mass-market customers?
How many users will bother to pick a new handle for their OpenID?)
Does anybody have any ideas how to best solve this conundrum?
Johannes Ernst
NetMesh Inc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-general/attachments/20070403/1e9f5ded/attachment-0002.htm>
More information about the general
mailing list