How would you implement database updates via email?

Question

I\'m building a public website which has its own domain name with pop/smtp mail services. I\'m considering giving users the option to update their data via email - something sim

Answer 1

If the data is somewhat "critical", or at least moderately important, do NOT use their username as the "change-data-address". Example: You might be tempted to create an address like username@domain.com, but instead use username-randomnumer@domain.com where you give them the random number if the visit the web-page. That way people can not update other peoples data just by knowing their username.