13 April 2004

what does it try to authenticate?

It is a common practice to send user an email containing links to a dynamic generated page which challenges user for credentials. However, it becomes suspicious when the job only done half-way.

MPS online is a nice public service that enables one to register not to receive unsolicited posts. At the end of the registration, it asks for an email address which contains a link that will be required. I click the link; a page opens and acknowledges me registration completed.

All look fine. Wait a minute, what is the purpose of asking user to submit an email address? It only validates 'I' own the email account. If I want to, I can deregister my neighbour John Smith with my email, which may upset him if he loves those ‘bargain hunt’ kind of thing.

A second thought over it, I reckon, MPS probably just want to snap my email address as well -on top of the postal address I surrender for deregister. Ouch!