Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Do we really need email confirmation?

Tags:

I've gotten into a habit of using the standard register->send activation email->activate account process for every site that supports user authentication and free registration without questioning if I really need this.

What are your thoughts on this? If I have captcha on the registration form is the email confirmation process really necessary?

EDIT:

OK, so the general consensus seems to be that by getting the users to confirm the email they entered I'll keep them away from putting someone else's email in there. What about when I let users edit their profile/settings and they enter another email? If I need to keep them away from entering other people's addresses then I'd need to confirm that email address (by temporarily deactivating their accoun)t every time they change it.

like image 517
Vasil Avatar asked Sep 29 '09 21:09

Vasil

People also ask

Is a confirmation email necessary?

Confirmation emails are important because they confirm that a customer action was successful, include important information, and give directions for next steps. All types of confirmation emails have high open and click-through rates, which give you more upsell opportunities.

What is the point of Confirm email address?

Confirming your email address certifies that you are the owner of the email address you provided. When you provide your email address, we will send an email to that address. You may need to check your spam or junk email folder.

What happens if I dont get an order confirmation email?

If you haven't received any email updates about your order, it is likely the emails were marked as spam. Some email providers may mark our emails as spam or completely block them. Be sure to check your spam folder for emails about your order and make sure to add Threadless to your safe list.

1 Answers

Captcha+activation prevents bots AND spoofed people

Well basically it is since each part prevents one problematic scenario:

  • Captcha prevents (if you use strong captcha like reCaptcha) bots from registering new users
  • Email activation prevents people from registering other people (by their email address)

I guess this is a valid everyday pattern for registration that's widely acknowledged by IT community.

EDIT
Yes. When you want to prevent users from changing their email address, you'd have to repeat email activation procedure to make it robust.
But you don't have to deactivate their account while doing it. All you have to do is having a pending email-change email activation active. If it gets activated, you change email address at that point (not when they change it), otherwise the old one is still used.

like image 143
Robert Koritnik Avatar answered Oct 22 '22 01:10

Robert Koritnik
Sign in to Comment

Related questions

Is there a way to use fopen_s() with GCC or at least create a #define about it?
How to declare variables and use statements in LINQPad?
C# and FFmpeg preferably without shell commands?
Procedurally transform subquery into join
How to safely write to a file?
Modifying headers with IIS7 Application Request Routing
Make sure int variable is 2 digits long, else add 0 in front to make it 2 digits long
Handling RuntimeExceptions in Java [closed]
Encryption compatible between Android and C#
remove last word in label split by \
round up nearest 0.10
Making Child classes as Non Serializable in java

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!