g1smd - 7:00 pm on Aug 12, 2008 (gmt 0)
One of my ISPs uses this type of link, but the link also includes an embedded long hexadecimal number that is generated by the server. It's some sort of hash of my email address and the URL of the site being visited, plus some other unknown factor. If you alter the number, or make a new link and invent your own number, the redirect doesn't work, and all you get is "Internal Server Error 500" each time. That seems reasonably secure to me.