OpenID Authentication Method Reference Name for a code sent via email


I am currently implementing acr_values, acr & amr principles on a Open ID Provider server.

The claim amr (described in the OpenID RFC 1.0) has no standard clearly defined in this same RFC, but I would like to base the system on the RFC 8176 mentioned by IANA.

One of the server authentication method is about sending a confirmation code via email.

About the authentication method:

The server uses a cryptographically secure pseudo-random number generator and store a hash of it using argon2. It is sent to an email, then hash are compared on another request. There is a short expiration time for each code. This method is indeed not considered by the server as a secure method to prove an identity, but is still selectable when no access to any resource is required.

The question is:

What Authentication Method Reference Name would you use in this case ?

Most descriptions are quite strict so I only see mca as a possibility today. It is not an otp to me since it is not implementing

Thanks for sharing.

Is Permission Based Email Marketing Ethically

As the internet is flooded with aspiring online home-based entrepreneurs and marketers, web consumers are constantly receiving their emails promoting their brands and wares. Today, a lot of ‘junk’ email is received in the email in-box just like yesteryears’ when post boxes outside the homes were filled with junk mail. If marketers want better results from their marketing efforts, they must adopt the better marketing approaches, although their marketing strategies may be versatile and powerful. It is possible to enjoy higher Return On Investment (ROIs) using the best of email marketing strategies, but without the proper marketing ethics, even the best marketing strategies and campaigns could fall flat. Effective Email Marketing Email marketing has been proven as a very effective online marketing strategy for online business ventures. This is due to the fact that many consumers have emails and advanced technological devices such as smartphones and mobile devices with Wi-Fi facilities. These components are sufficient to send and receive emails at any time from anyone to anywhere. Modern consumers with emails tend to check on their emails a couple of times a day. This consumer habit benefits businesses that manipulate emails to reach their targeted niche markets or secure a wider audience in promoting their business. Effective emails would draw consumers to be potential leads to the business where a building of strong relations could convert potential leads to customers. Email marketing is also cheap and fast. The advanced technologies of today lower the cost of sending an email compared to slow mail and other traditional marketing strategies. This is an excellent marketing tool for new businesses that are low in budget. Organic and free web traffic could be harnessed through a proper implementation, although paid traffic could also be procured quickly for the desired business marketing activities. However, the wrong way of manipulating email marketing could backfire on the marketer where web consumers become annoyed and against the brand or business. This could happen with spam emails which take up busy consumers’ time and inbox space. A bad impression could be impinged on the brand and business which does not augur well with the marketer in the marketplace. Hence, it is crucial for the marketer or entrepreneur to adopt good marketing ethics in engaging email marketing to win over customers. Permission Based Email Marketing Marketers thinking of engaging in email marketing to promote their brand and business wares today should consider implementing permission based email marketing. This is an ethical approach towards email marketing where marketers request the permission of targeted potential leads to be opted into their customer database or email listing. This form of email marketing approach is also known as opt-in marketing whereby email recipients are given an opportunity to say ‘yes’ to receiving business news via emails. The securing of consumers’ permission makes it easier for the marketer to send relevant emails of marketing information without worrying about annoying the recipient. Once permission is secured from identified business prospects, better marketing campaigns could be designed to increase the chances of compelling potential leads to make purchases and be converted as business customers. When the business lead opts into the business emailing list, the marketer requires less effort and time in developing the best of promo materials to benefit the consumer. This form of marketing helps to boost the bottom line of the business as more quality time could be identified in establishing strong customer relations to generate trust, respect and confidence between the two parties. It would be easier for the marketer to secure more accurate information from the potential leads through online surveys in various emails sent to understand the needs of the consumers better. The proper approach of permission based email marketing which the marketer is to adopt is by providing an online opt-in form via emails or at the web business site where the potential leads indicate their consent in receiving further updates or news regarding the brand or business from this particular marketer. This approach confirms the potential lead’s interest and inclination towards the brand and company to empower the marketer in sending relevant emails to the potential leads. When an appropriate business email is sent to these potential leads, it is possible for these potential leads to find favorable and value added products or services which they could order or purchase via the marketer. The marketer would enjoy better bottom lines from the highest number of sales triggered from these potential leads who are now inclined towards the brand or business. Ethical Marketing Ethical marketing via emails is a strong testimony of the marketer’s character which calls for mutual respect and integrity. Marketers who exercise ethical marketing are highly respected in the USA Business Phone List market with a strong show of upright character which augurs well with all consumers. 

This is unlike interruption marketing which is spamming consumers’ email in-boxes regardless of consumers’ feelings and feedback. Spamming is very much frowned upon by marketers pushing loads of promo emails to their list of potential leads in the market. Marketers could be desperate to such unethical marketing approaches when their business fluctuates with the market. Modern consumers do not like marketers to coerce them into accepting the brand or business offerings through numerous emails which could clutter up their in-box, especially when marketers spam their in-boxes with multiple copies of the same message. Ethical marketing is powerful in this era as mutual respect is exercised and business opportunities come at the right time for the marketers to present their brand or business benefits. Politeness in marketing campaigns wins more customers than forceful approaches. Opted in customers remain loyal and positive towards the brand and business when they are able to exercise their free will in choosing their brand and company for products and services. Loyal customers through permission based email marketing make purchases on the brand which keep the business afloat in all seasons. They could also help to spread the word about the brand and business if they are truly satisfied with the product or service rendered.

Input mask on email field a good idea?

A colleague of mine is arguing that we should use an input mask for email fields.

Personally I don’t think it is necessary. For phone numbers I can understand since a phone number can be written in different ways.

However everybody knows how to write an email address. Is it really useful to use a mask (and all the trouble it can get you with multiple devices)? Will people forget the @ if we don’t provide the mask? I don’t think so.

If the user enters an invalid email address we already use inline error (on blur) so what is the point. What do you guys think?

Tips for Email Database Marketing

The term database marketing refers to a well knit relationship between the customer and the manufacturer. This is a new strategy implemented by the business men today, through which they get the valuable information about his client. Once you have the email database, then if you try and build a good relation with your customers, by sending them mailers about special discounts or etc, they will feel privileged and you will get dedicated customer. Thus your product sell will boost.
Thus to start such database marketing, follow the below mentioned tips;
Work on your own list. Don’t buy from the service providers. Although initially it appears like a mammoth task, but sooner or later it will help you collect information only about your potential clients. If you buy list, in many a times you will end up sending mails in the spam folder, which will not lead you anywhere.
[Image: UK-Business-Email-Database.png]
Send you customers, special card, mailers on their birthdays, anniversaries on special occasions, to start with on New Year and Christmas, so that they feel privileged. Once they are informed about special discounts on such occasions, they will turn your dedicated customer. Later collect information about their birthday, anniversary, etc, and surprise them by mailing discount coupon. Hence it will not only boost your sell, but also get you loyal customers.
Develop relationship with your potential customer. Try and collect more information about his/her company and try and find if you get scope of marketing your product there as well. Look for any and every opportunity to expand your business and sell your product. Reach as many as possible.
Your email database must be long and full of information. It must contain the each and every transaction of the contacts mentioned in the database. Try and collect information like, which websites they visit, if they attended any seminar or not. Maintain the history of emails very clearly. You must have a complete record of all those mail that has been sent. This will help in proper analysis of the email database.
Analysis of the email data is very important. This helps in understanding the behavior of the customer towards the product.
Database marketing helps in reactivating many inactive customers. If you send mails to them continuously, they will respond and not ignore the mails. Therefore create innovative and interesting mails so that the reader find its interesting to go through it.

How should failures by a single user on a simulated phishing email be measured?

I work in the IT Security function of my company as a team lead. We periodically send out phishing emails to all users on company network as a form of continuous education of users on how to spot malicious phishing emails. Our company operates in the regulated financial industry and have a diverse user base with various levels of technical ability from IT to customer service roles. We work frequently with sensitive customer data and personally identifiable information (PII).

My team does metrics reporting of user performance on these simulated emails. Sometimes end users take multiple ill – advised actions on a single simulated phishing email we sent such as clicking a link, or opening an attachment in the email.

My thinking is that given each bad action potentially represents a different attack vector that can be exploited by a threat agent, each bad action should be counted as a separate failure. After all, clicking on a malicious link in a true phishing email can result in compromise just as easily as opening an infected attachment in such email. The fact that a single user can take multiple bad actions on a single, albeit fake, phishing email seems to highlight how such end users are not really conscious of their actions or skeptical enough, which only emphasizes the value of this reporting methodology in my opinion.


To most accurately measure end user behavior and where weaknesses may be, should multiple bad actions on an single email be counted as a 1 failure or should each action be counted as a failure on its own?

derived key from email + password?

Would it be a secure method of generating key pairs to derive them from the concatenated string of the user’s email and user’s password? My concern is that, without including the user’s email in the derivation process, 2 users could come up with the same password, even in spite of a password complexity requirement, and this would result in their keys colliding. Since my app is P2P, I want to identify the user by their globally unique public key. Will this work and also be secure?

I’m currently using tweetnacl in my client and Kcl on the server.

List Building – How to Build an Email Marketing List

Whether you’re engaged in an internet advertising software, or marketing your own enterprise yourself, you’ll want to hire electronic newsletters each as a manner to attain your clients and to sell your products and/or offerings. An on-line marketing list may be very essential in as plenty as this is in which you could benefit a Are you curious on the way to construct a list of addresses to which you could send promotional emails regularly? Then follow those simple and easy pointers and be successful.

[Image: buy-usa-email-list.png]
First, do the table email looking. Most e-mail addresses are genuinely written in enterprise cards, receipts, letterheads, organization documents, and so forth. Remember that extra than anyone else, humans who have been acquainted with you have got the very best potentials of being your most loyal clients. And so log in to your business e mail account, listing down the email addresses of the human beings in these table papers, and also you without a doubt are on your way of forming a quotation-traumatic e-mail database.

Second, on powerful manner on the way to construct a listing is to go looking human beings through search engines like google and yahoo and e mail directories. There are human beings whom we met as soon as inside the beyond but whose contact data we already lost. Search engines and electronic mail directories can greatly help us locate their email addresses. Just type of their complete name on those sites and their entire private profile, even loads of snap shots, will simply seem.

Third, be a part of one-of-a-kind e mail companies. Yahoo, Google, AOL, and plenty of different serps have a mailing group function. Join distinct corporations that are associated with or have excessive hobby on your products or services. If your products are swimsuits, as an example, then join swimming companies, model businesses, etc.