

Email reuse from deactivated accounts - cden

Does anyone know of any standards or generally accepted rules for giving out someones old email address to a new customer.<p>The reason I ask is: A family member recently (3 months ago) closed their account with their ISP and lost access to their email.  Ok fine. But if I send email to that address I find that they have already given it to another customer.  I think this is a big security issue and could leave the family member open to identity theft.
======
cden
I was trying to convince an ISP that they should not be recycling emails for
prior customers. They seem to think it was not an issue but I told them they
were mistaken.

I tried to express that by giving out the old customers email they were
allowing the new person to perform things like password resets or even receive
email that was suppose to go the orginal account owner.

In the end I got them to revoke the email they reused and make sure it is
never given out again.

------
sjs382
Don't send anything via email that you wouldn't be willing to send on the back
of a postcard.

~~~
0942v8653
Like reset password links? As it is, web app security depends mainly on the
security of email; what do you have in mind as an alternative?

