|(Do i really have to explain this?)|
See; the picture above is a screenshot - heavily obfuscated - I took from the e-mail I received from the website after completing the registration. A site that may keep very personal information about myself over time (hence the obfuscation). The e-mail was sent without SSL/TLS encryption, again adding to my feature request to Google mail and Microsoft Live Hotmail for STARTTLS (RFC3207) support.
Anyway, despite the lack of SSL/TLS encryption on its way from sender to receiver, how STUPID can anyone possibly be, setting up a service that will send complete URL and full registration info including username/password in a single unencrypted e-mail back to the user after registration? I wonder how these people do password recovery, in case of lost password? (Oh wait... no... I'm not sure I really want to know...)
So I'll end this really quick and easy blog post by asking a simple question:
I'd like to hear from anyone who have received the same type of e-mail from what-should-be serious and professional services on the Internet. (I've got plans for a bigger blog post here...)
Hey, you can even send it to me by encrypted e-mail: per -> thorsheim dot net. My public key is available from several key servers.