Are email addresses returned by the Google or Yahoo OpenID providers verified addresses?

Question

I'm implementing OpenID authentication for a website and I want to get the email address of the user. All email addresses from our users are veryfied through the usual hash link mail.

Now, generally email addresses returned by OpenID providers through SimpleRegistration or AttributeExchange are not "trustworthy" because anyone can run a provider and add an identity with any email address he likes. But can you be sure, the addresses returned by the Google or Yahoo providers (or maybe other big ones) only return already verified gmail.com/yahoo.com addresses, such I can skip the to-activate-click-the-hash-link procedure for these providers?

Answer 1

Yes, in both cases the email addresses corresopnde to the verified addresses by Yahoo and Google. Here are the sources confirming it.

• http://developer.yahoo.com/blogs/ydn/posts/2009/12/yahoo_openid_now_with_attribute_exchange/
• http://code.google.com/apis/accounts/docs/OpenID.html