<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE>RE: [OpenID] Relationship of OpenID URLs and e-mail addresses</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/plain format -->
<P><FONT SIZE=2>Some kinds of schemes work (one way hashes of email address for example) but users would indeed reject those since they'd want the same handle.<BR>
<BR>
I think your spamming fear is abit overrated. There are so many email addresses available to use for spammers already.<BR>
<BR>
Since the email addresses are all on your domain your best bet would be to go with the flow and get a good spam wall up. . . ?<BR>
<BR>
<BR>
<BR>
Sent by GoodLink (www.good.com)<BR>
<BR>
<BR>
-----Original Message-----<BR>
From: Johannes Ernst [<A HREF="mailto:jernst+openid.net@netmesh.us">mailto:jernst+openid.net@netmesh.us</A>]<BR>
Sent: Tuesday, April 03, 2007 10:01 AM Pacific Standard Time<BR>
To: openid-general<BR>
Subject: [OpenID] Relationship of OpenID URLs and e-mail addresses<BR>
<BR>
Assume you are hosting millions of e-mail addresses for your <BR>
customers, like<BR>
<username>@example.com.<BR>
Now you decide to also become an OpenID Provider for your customers.<BR>
<BR>
It would be straightforward to automatically create an OpenID for <BR>
each of your users, e.g. like<BR>
<A HREF="http://openid.example.com/">http://openid.example.com/</A><username><BR>
<BR>
Every spammer in the world will realize that this is how the scheme <BR>
works, and they will harvest all URLs on the net that start with <BR>
<A HREF="http://openid.example.com">http://openid.example.com</A> and spam the heck out of your users. Right?<BR>
<BR>
However, having different <username> components for e-mail and OpenID <BR>
is more complex (e.g. how do I explain this to mass-market customers? <BR>
How many users will bother to pick a new handle for their OpenID?)<BR>
<BR>
Does anybody have any ideas how to best solve this conundrum?<BR>
<BR>
<BR>
<BR>
Johannes Ernst<BR>
NetMesh Inc.<BR>
<BR>
<BR>
</FONT>
</P>
</BODY>
</HTML>