

Ask HN: Why haven't signup confirmation emails died yet? - agotterer

I have been thinking about confirmation emails today and cant think of a single reason to actually send them. They are annoying and must have a user drop off rate. I know I personally don't return to some low priority sites if I'm to lazy to load my email or it takes more then 20 seconds to get the email.<p>What is the point and why hasn't this practice died yet? Are there any benefits I'm overlooking here?
======
ashleyw
Don't require your users to activate immediately, give them a day to do it,
and just don't give them access to anything a spammer would love to use - or
limit how many times they can do it before they need to activate.

And after they have submitted their details (which should only be critical
information — seriously, nobody likes long forms.), don't send them to a
dedicated "Thanks for registering" page, its a waste of time for them for
them, just take them to the homepage or where ever the magic happens, and
present a banner above the content thanking them and giving any info they may
need.

And overall, don't get too defensive on spammers; Lets face it, your not going
to get much spam until your site is popular — so go easy and don't frustrate
your users, and then tighten your defenses later down the line if required.

Those are my post-signup "rules". I love working out how not to annoy users
even slightly — sadly a lot of sites don't do it very well! :)

~~~
teej
> Don't require your users to activate immediately, give them a day to do it,
> and just don't give them access to anything a spammer would love to use - or
> limit how many times they can do it before they need to activate.

This is exactly what we did at a popular site I used to work for. Let them in,
let them go crazy, but have a "time's up!" period and a few restrictions to
stop spammers.

------
emmett
It adds a cost to creating a user account. Sometimes, you actually want that.
Also a user with a valid email address is worth more than a user without one;
even with dropoff the value could be worth it.

That said, we don't do it at Justin.tv, and I think it's stupid.

~~~
fallentimes
You would know much better than me, but I thought the double confirmation
process helped prevent emails from the website (e.g. Justin.TV) from getting
flagged by spam filters. Have you guys had any problems with this?

~~~
emmett
We send a verification email when you sign up; we just don't demand you click
the link before you start using the website.

------
jkkramer
1\. Prevents typos (though bounced emails are not a big deal)

2\. Makes it so you can't sign someone else up surreptitiously

3\. Ensures the email they enter is real

Depending on the site, these may or may not be a concern. For some sites, the
drop-off rate is worth the reduction in support hassle.

~~~
KevinMS
If I may, I'd like to repeat and emphasize, these two points are very big, in
my experience...

2\. Makes it so you can't sign someone else up surreptitiously

For some sites, the drop-off rate is worth the reduction in support hassle.

------
noodle
confirmation emails are useful if you're looking to verify ownership and
existence of a particular email address.

not all apps need this, so not all apps would necessarily want to use it. but
if yours does, there's not really a good reason to specifically avoid using
them.

just a tool in the toolbox, as it were.

~~~
ks
A similar question is why there are so many bloggers who needs me to fill in
my email address in the comment form...

I understand that it is the default settings of most blogging software, but
that doesn't make it right :-)

If anyone can come up with a single valid reason why the information should be
_mandatory_ , it would at least ease my frustration.

~~~
azharcs
One of the important reasons why email should be entered in the comment form
is to let the blogger know who commented on his post and if if blogger wants
to get back to the commenter, he could with the help of mail-id. If you
actually think about it, comments are the only thing which actually connects
the blogger and their readers. With the help of mail-id, connection only
becomes more stronger.

------
nextmoveone
I actually look forward to them cause I tag them so if I forget my login info
I can just refer back to it.

------
tstegart
It has benefits from the customer's point of view. Too many people here are
looking as it as a hassle. Its not always. sure, as the original poster
pointed out, having that requirement on low priority sites, as he calls them,
is annoying. But if you're setting up something important, you want to know
that everything you set up is correct and your identity is verified. If I was
setting up an online trading account it makes me feel better to have a line of
communication established.

------
m0digital
Good question. I'm kinda torn both ways. One advantage is that you know that
the email they provided is valid so that if you do need to send them important
updates it will work, otherwise there's no way to invite the users back if
they haven't checked your site out in a while. There are compromises you can
make like giving access to 70% of your site w/o email confirmation and the
other 30% after email confirmation. I'm not a usability expert so someone else
may have a better answer.

------
markbao
I think one way to approach it is to only require confirmation if they want to
receive email.

~~~
cperciva
Yes, that absolutely works -- if you have a site where not being able to send
people email doesn't diminish the value of the site (e.g., Hacker News is fine
without confirming email addresses; but for tarsnap, I need to send people
emails saying "hey, if you don't deposit more money into your account in the
next 7 days, your backups will be deleted" -- so for tarsnap, confirming email
addresses is essential).

~~~
tomjen
As a user if I am actually going to give you money, I would think your service
was worth giving my email address out for.

On the other hand I have properly signed up for more than 10 times as many
free services as I pay for.

------
rodmaz
I think for some solutions the quality of data is very important, sometimes
crucial. Think LinkedIn, Facebook, which are sites that count very much on the
quality of the data they collect for advertisement purposes. Facebook for
instance enforces that you enter a valid email address to belong to a network
(e.g. Cornell University etc). Maybe someone creates a solution, a 3rd-party
app which could do the trick (maybe even use Twitter for that). Ideas?? :)

------
cperciva
If you're ever going to be sending your users email, you should have people
confirm their accounts -- otherwise, you're just another "they opted in,
really!" spammer.

~~~
gaius
I wonder who bob@bob.com is, he's been getting my signup emails for over a
decade now...

~~~
gscott
I go through periodically and delete fake accounts. If a person can't put in
good information they are a waste of space in the database. Anyone who has a
web based application I imagine must do the same.

------
pistoriusp
I think the point might be to confirm that the email the user is signing up
with is a valid email address which belongs to them. It's especially helpful
if a user wishes to reset a password. This might help prevent users from
creating multiple accounts.

Sure, it's easy to get around, but for most users they simply comply. That
been said we don't use email validation on any of our websites.

------
webwright
We just removed ours.

The only benefit I can name is that it confirms your ability to communicate to
the user if they lose a password, etc.

And, it probably incrementally adds to the value of your company (presumably a
company would rather have 500,000 confirmed email addresses than 500,000
unconfirmed ones... Of course, given drop-off...)

------
callmeed
If you have an app with paid & free levels of service, it prevents people from
creating multiple, free accounts.

------
charlesju
You need an out-of-bound communication to retrieve password and authenticate
the account. If you can weather users not being able to retrieve their
password, then by all means take out e-mail activation, but if you want to
build a robust application, you should keep it in.

------
jraines
Are you talking about double opt-in? I have a site where if I don't use double
opt-in via a confirmation email (with "click this link to activate") then I
get a ton of bots filling out my form and cluttering my inbox.

~~~
euccastro
(Why) don't you use captchas?

~~~
jraines
the form is prominent on the front page of the site and a captcha would make
it look ugly.

Plus the reasons stated above, such as validating that the person submitting
the email address actually owns it.

------
wlievens
In some applications (games) you want a way to enforce that a single person
has only one account. I know email verification is only a weak way of
enforcing that, but it helps somewhat.

------
jhrobert
The answer lies there: <http://virteal.com/ThePerfectLogin>

Item 1 of the "check list" is titled "Optional registration"

------
qhoxie
There are a lot of reasons to do it depending on the application.

One that comes to mind from my own experience is if you need a valid email
address for further transactions.

------
vivekamn
Unless its an e-commerce site, just don't do it!

------
mtw
unicity of users

~~~
euccastro
E-mail confirmation gives you uniqueness of e-mail addresses, not of users.

------
ajkirwin
One word: Spam

You can't rely on things like captcha's, not anymore. But requiring an email
address is at least a small difficulty. And if you get a whole bunch of
signups from a single domain in a short period (And it's not, say, gmail) you
know something's up.

