diff --git a/comment_notify.module b/comment_notify.module
index 506f4a9..0f76b3c 100644
--- a/comment_notify.module
+++ b/comment_notify.module
@@ -249,14 +249,12 @@ function comment_notify_comment_update($comment) {
 
 function comment_notify_comment_insert($comment) {
   module_load_include('inc', 'comment_notify', 'comment_notify');
-
   global $user;
   // For new comments, we first build up a string to be used as the identifier for the alert.
   // This identifier is used to later unsubscribe the user or allow them to
   // potentially edit their comment / preferences if they are anonymous.
-  // The string is built from their mail and comment identifier.
-  $mail = empty($comment->mail) ? $user->mail : $comment->mail;
-  $notify_hash = drupal_get_token($mail . $comment->cid);
+  // The string is built from a random string and the comment identifier.
+  $notify_hash = drupal_get_token(user_password() . $comment->cid);
 
   if (!empty($comment->notify)) {
     $notify = $comment->notify_type;