Yesterday, I decided I wanted to unsubscribe from one of the e-newsletters published by SANS, which bills itself as, “the most trusted source for computer security training, certification and research.”
There were no instructions in the e-newsletter for how to unsubscribe, so I went to their Web site. It told me that I had to sign into my Portal account; the only problem is that I’ve never had a Portal account, and I subscribed to the SANS e-newsletters long before such a thing existed. I figured that perhaps they auto-created an account for me at some point, so I gave the site my email address and told it that I’d forgotten my password. It claimed to have mailed password reset instructions to me and told me that I had to follow them within two hours, but over ten minutes later, they still hadn’t arrived.
Thinking that perhaps I could register my email address for a Portal account and would then “inherit” any legacy subscriptions under that email address, I tried registering. It rejected my registration form, telling me that I needed to enter a valid email address. I couldn’t tell whether it was rejecting the form because the email I entered was already in its database, or because it incorrectly believed that “jik@kamens.brookline.ma.us” was not a valid address (a lot of Web sites can’t seem to handle the idea that “kamens.brookline.ma.us” is a valid email domain).
At this point, I threw up my hands and sent them email describing everything that had happened and asking what the heck I should do. I ended my email with, “The fact that you guys are supposedly experts at secure Web site design make this rather ironic.”
![[Digg]](http://blog.kamens.us/wp-content/plugins/bookmarkify/digg.png)
![[Facebook]](http://blog.kamens.us/wp-content/plugins/bookmarkify/facebook.png)
![[Email]](http://blog.kamens.us/wp-content/plugins/bookmarkify/email.png)
