[dcurtis]

If someone steals your car, you're out many thousands of dollars and extremely inconvenienced.

If some random idiot posts a link to a Nigerian scam on your blog, you just delete it and get on with your life.

[tkaemming]

Unless you're one of several companies or high profile individuals that uses the service (YCombinator, Alex Bogusky, etc.)

Edit — More extensive list here: http://posterous.com/explore/moreblogs

[boredguy8]

Assuming that there's a trust being built between users, far more dangerous results can happen than 'nigerian scam' posts.

That's the problem with minimizing security: you're making it so that there can't (or shouldn't) be trust between users because there's no reliable way to know who is making the post.

"Hey, just a quick note to let you know I tried <apple app link> and I love it! Grab it now!"

Or, more dangerously, someone could post a phishing link and because the context is different, people's trained safeguards ("BE WARY OF E-MAIL!") aren't as wary to blog links.

So yes, there are sometimes tradeoffs between security and ease of use. But I think trust is more important to posterous than you credit.

[wdewind]

maybe to you it doesn't matter, but these things can be intensely personal to people. it's still an issue of violating your space (to the layman end user, i know the technical definitions of "your space" are nebulous, im talking about the emotional ones that i think posterous is kind of violating).

and what happens when the idiot who posts the nigerian scam on your blog scams your mother who is reading your blog and assumes it's from you? no big deal? move on with your life? try and be a little imaginative with the things that could be done here...

if it's not a big deal, posterous should make it clear to users what they give up for convenience. again, i really don't think users would make the same choice they are to user posterous if they understood the implication. whether or not it matters to you.

and more importantly, there are a ton of people suggesting pretty viable alternatives that wouldn't make it harder to post and would still allow a lot more security.

[rantfoil]

Appreciate the concern, and we hear you. We're still investigating this particular case. Normally we'll catch these types of spoofed emails. What we need to do is refine our system.

To be honest, we haven't had many complaints about spam emails or spoofs -- it literally never happens, otherwise we would hear about it all the time. We answer every help email we get -- so we have a decent idea of what our users care about and what pains they really see.

If trust is an issue, we will fix it.

[ergo98]

>To be honest, we haven't had many complaints about spam emails or spoofs

Because you're below most people's radar. Compared to blogger or anything similar, you barely measure.

So essentially you are practicing security through obscurity.

Of course we know that is foolhardy.

[coderdude]

I wonder if your users feel the same way.

[Tichy]

Actually, since the internet never forgets, a hacked blog might cause much more severe damage than a stolen car. There are also other sorts of crimes besides Nigerian scams.