in reply to Email security for monks?

How about sending a confirmation email to the old address when someone changes his/her mailaddress?

In the described case you get notified that your account was hijacked and you have "proof" (the confirmation mail) that you are the rightful owner.

Replies are listed 'Best First'.
Re^2: Email security for monks?
by CountZero (Bishop) on Oct 04, 2004 at 18:56 UTC
    Which "old" address? The original one (which might be invalid now) or simply the previous one? If you go for the last option: what stops an intruder from changing your e-mail address twice, so he still gets the confirmation mail and he can prove he is the "real" you?

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
      what stops an intruder from changing your e-mail address twice (...)
      Nothing, but you would still receive the notification for the first change. If the old (previous or original) address is invalid, the mail gets bounced - bad luck (or doesn't matter in the more likely case you wanted to change the address because of that).

      I know it's a weak proof, thats why I put it in quotes, but I think the notification might be a good feature.
[reply]
        I see, it is just like some "alarm": at least you know you are being burgled.

        CountZero

        "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]

In Section Perl Monks Discussion