
Removing email registration improved retention - tapneal
https://solitaired.com/email-registration-is-dead
======
threeseed
This is not advice any startup should ever listen to.

The most successful and lucrative form of marketing, by far, is re-marketing.

That is where you take someone who signed up but is not currently a customer
and you target Facebook/Google ads specifically at that email address. I've
seen conversion rates as high as 30% and it's typically pretty affordable.

It's such a critical part of marketing that many companies will take a loss on
the initial "here is our product, please join" ads just so they can follow up
with re-marketing in the weeks/months to come. And because people re-use their
email addresses across websites you can target them on Quora, Reddit etc as
well.

You can't do any of this without their email.

~~~
Nextgrid
> you target Facebook/Google ads specifically at that email address

That is scummy as hell and might even get you in trouble when it comes to the
GDPR if you're operating in the EU.

If I sign up for your web service the last thing I want is Facebook/Google
knowing that fact.

~~~
threeseed
This is a core feature of every ad platform I've seen and is absolutely not a
violation of the GPDR since users are giving consent when they signup.

You've signed up for a web service and never seen ads on other sites for it ?
Very strange.

~~~
matheusmoreira
> users are giving consent when they signup

Questionable. I guarantee the vast majority of users don't even read the
massive legalese text walls companies show them before they sign up. Usability
studies have shown that people don't even read small error messages, they just
want to get rid of the annoying message as quickly as possible. The few of
them that actually do read these things probably won't have the foggiest idea
what any of it means or the risks associated with the breach of their privacy.
So how could this be real informed consent?

Of course, we also have sites where this document is not shown at any time and
can only be reached through a link buried in the page's footer. Sites that
just write whatever terms they want into this hidden page and then say
everyone is agreeing with it by virtue of using the site.

~~~
Nextgrid
A legalese wall or a banner saying "by using this site you agree to ..." is
not GDPR-compliant anyway: [https://ico.org.uk/for-organisations/guide-to-
data-protectio...](https://ico.org.uk/for-organisations/guide-to-data-
protection/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-
for-processing/consent/)

Under the GDPR, any non-essential data processing (analytics, ads, marketing,
etc falls into that) should be opt-in and dark patterns like pre-ticked
checkboxes are not allowed.

~~~
Silhouette
_Under the GDPR, any non-essential data processing (analytics, ads, marketing,
etc falls into that) should be opt-in_

This isn't strictly true. Consent is only one lawful basis for processing
under GDPR, and it comes with a lot of strings attached that other bases don't
necessarily have, which is why so many lawyers and consultants were
recommending against relying it unless it was the only way during the mad rush
to GDPR compliance a few years back.

In particular, even some of the regulators have themselves indicated that
marketing might be a legitimate interest of a business. Obviously the details
matter here, and handing personal data over to third parties like Facebook
without their knowledge or consent seems materially different to, for example,
the original business sending a relevant email about a new product that is
related to something that the recipient already bought from them. Time will
tell how the regulators decide to handle this.

~~~
GoblinSlayer
That's the problem, that spam is business interest, not the customer interest.

------
chrisdbanks
Email registration is the gateway drug to conversion. We AB tested this.
Requiring users to sign up meant we got fewer sign ups but a higher conversion
rate to premium. So although we had fewer users, more paid. Giving your email
is a committment. Maybe once you've made a small committment it's easier to
make a bigger committment. If you're running a commercial product, especially
freemium, it's not just about number of signups.

~~~
franga2000
> Maybe once you've made a small committment it's easier to make a bigger
> committment.

It's definitely not the whole story, but this is a pretty well-studied thing
in psychology. A similar trick in social engineering is to ask your mark for a
small favor, which will make them more likely to do you a bigger favor later.
I've read about it many times, but can't for the life of me remember what it
was called...

~~~
amatecha
You're just trying to get someone to do you a favor by looking up what that
phenomenon is called! We're onto you! heheh ;)

------
spsful
>you can target them on Quora, Reddit etc as well.

This is one of the reasons I stopped giving out my primary email address for
user signups. I use a service called Blur which allows for unlimited "masked"
emails to be created, allowing me to give companies read-only email addresses.
In the four years I've had it I have created 378 email addresses. If I'm
including the email addresses that I've already deleted, the list gets to 400.

Marketing and the 3000 spam messages I get per month made me do this. It does
not have to be this way, but as long as corporations can play fast and loose
with my email address I will make sure they never get a real one to begin
with.

Edit: Want to add here that I am not in any way sponsored by that company,
I've just been using them for years now and think their prices are reasonable.

~~~
buzzert
I registered a domain name that’s basically just a UUID, and pointed it’s MX
records to my self-hosted email server (you could also point it to Google Apps
or Fastmail).

Everything before the UUID domain is just the name of the service, so
something like hackernews@e913ff00...xyz. If someone sells out my email
address, I can instantly burn it by just adding a sieve rule since they’re all
unique. I even know _who_ sold it based on what name I picked before the @
symbol. This has been working out pretty well for me so far.

~~~
dependenttypes
I heard that some services have started rejecting email addresses that contain
their name.

~~~
ulucs
For websites that have questionable password policy, I use passwords that
curse the company in my native language (if no-one sees it then it's fine, but
if someone does then they have deserved it). I bet the same tactic would work
if you get creative, ie spotfuckingify@uuid

------
s3r3nity
Great idea, but all these posts deserve the same qualifier: this should be
considered an experiment / hypothesis, and not a recommendation that every
other site / business / experience should apply without question.

There are times when removing email is best, and others where data or business
vertical necessitates something different. You still need to verify with your
users and do the appropriate testing / analysis / user research.

~~~
tapneal
100% agree. This worked for us, but is likely to vary by business and this is
not a silver bullet. I do think though people who register with email and
convert tend to be people who would convert already (i.e., there is a bias
already). Product managers can test opening up the funnel more by asking for
emails later in the funnel.

------
Apreche
Have you considered that without email verification that a lot of those sign-
ups were just bots?

~~~
megous
Or users creating another account due to lost password (which is easier if you
don't have to get another email address).

------
jakub_g
1) Everyone and their dog wants your email those days, which is bad due to
engagement spam as mentioned in article, and privacy (those email addresses
are probably flying around adtech servers which allow building up extremely
detailed user profiles by those adtech companies).

Your website should allow "demo mode" to make me see what's the value it
provides. No way I will go through registration on random pages that fail to
immediately make me crave to use them. I ain't got time or will for that.

2) If you want to follow advice of the article, I'd rather not remove email
field, but as I wrote before, allow demo mode, and at next step when actually
registering the user, put a clear one paragraph sentence saying that you'll
not be spamming me with your engagement stuff.

3) If you ask for email, absolutely verify it. There are way too many people
who subscribe to all kinds of services using someone else's email. See this
thread:

[https://news.ycombinator.com/item?id=24359980](https://news.ycombinator.com/item?id=24359980)

------
bborud
I am not surprised. The list of services I no longer use because they
constantly email me to generate "engagement" is quite long. And if I get too
annoyed (about once or twice per quarter), I make the effort to not only de-
register my account, but I often add the domain to my spam filter so I never
see email from that domain again.

I just checked and I have a bit over 110 domains in my spam list that look
like they were added over the years because of this. So I may have under-
estimated how often I "blacklist" businesses like this.

------
oxfordmale
I have a fake email address I use to sign up when I am forced to. I login to
that email account once every month not to lose access, but other than that it
is a huge swamp of unread emails.

~~~
encom
I use 10minutemail.com for this.

Sadly though, it appears all these temporary mail domains are in some central
list, that data harvesters use to deny access. It's almost impossible to sign
up for forum accounts with these. So it's impossible to download files from
vinylengine.com unless you allow them to spam you.

~~~
jen729w
I run 2 addresses, both at my own domain (using Midagu for hosting).

One is my actual address that human people who I know have.

The other – referred to as “the sluice” – is everything else. I don’t really
care what goes in it. A rule marks it as read as soon as it hits my inbox.

Simple but massively effective. I used to get stressed about spam but now I
don’t give a crap.

Edit: also, the sluice mailbox is 2020@mydomain. When it does finally become
too much of a cesspit, I'll just kill it and create 2023@...

------
foxhop
I'm fairly certain I would rather collect the emails even if it means less
retention. Not for marketing purposes but for support purposes.

With MakePostSell [1] a customer may add products to their shopping cart and
interact with a shop as if they are logged in, but at the point of sale /
checkout, we ask them to verify their email.

[1] [https://www.makepostsell.com](https://www.makepostsell.com)

~~~
thomascgalvin
Even the article says this creates "issues for password recovery."

~~~
encom
Yea, but you've lost access to a card game score, so nobody really cares.

------
anderspitman
I've started uses separate email addresses on my personal domain for each
account I create, and so far I like this approach. I hope some company solves
the problem of making domain registration as accessible as phone numbers are
today so the average person can reap the benefits

------
macrael
10 years ago (!) Instapaper changed its tune and started requiring emails for
new accounts. Before it had not required emails (just usernames) and even
didn't require passwords, and after living with that for years Marco decided
to switch back to the more traditional form.

[https://blog.instapaper.com/post/2318776738](https://blog.instapaper.com/post/2318776738)

It's interesting to think that times may have changed and that people are
hesitant to give out their email addresses anymore, but you are giving up some
real benefits by leaving it out.

------
WilTimSon
Anecdotal, of course, but in my experience many people won't sign-up using
their email because they're tired of getting added to mailing lists and
receiving spam. Now, you could use fake emails when you sign up for these,
partially as a way of avoiding spam and partially to find out which services
are the most annoying with their mailing. However, this gets tiresome and if I
can find an alternative service that doesn't require me to give as many
personal details, I'll choose it over that one.

------
InfiniteRand
I like the idea of starting registration with no email but with the option to
add a recovery email later on, once I am sold on the idea that this account is
worth recovering.

~~~
tapneal
That's something we're hoping to explore further. I think email for those with
early interest often is a non-starter.

------
davnicwil
The article mentions the tradeoff of username Vs email of increased
willingness for people to sign up Vs losing the simple channel for password
reset, but does not propose a solution outside of non-expiring cookies, which
to me isn't really a satisfactory solution (though perhaps it works OK enough
in practice for some types of use cases).

In my view, for most applications, the upside is not really worth that
downside. It got me thinking though, are there any clever solutions to do
password reset without an email / social media account login / etc? Does
anyone know of any good ones?

~~~
londons_explore
The Reddit model of "email address is optional, but if you don't provide it
you can't ever reset your password" works well.

~~~
ipnon
Old Reddit is the epitome of user friendly web design.

------
gwbas1c
Honestly, I hate managing accounts and passwords so much that I'll walk away
when a "create an account" is thrown in my face.

Login via Google / Facebook / Whatever is sometimes helpful, but it usually
results in SPAM. For example, I logged into Redfin through Google and they
immediately started spamming me.

Other times, when I login through Facebook and disable sharing my email, the
site that I'm trying to log into has a "mystery error" because the concept of
not sharing my email address never occurred to whoever wrote the integration.

Most of the time, I just use a unique email address with each site. My domain
has a catch-all email address, so when someone starts spamming it, I know who
did it.

~~~
throwayws
How do you avoid getting spam to random addresses using catchall?

~~~
techsupporter
I use a subdomain; making your main domain a catch-all will eventually result
in a deluge of spam.

Instead of [everything]@example.com, I set up [everything]@yo.example.com.
Discovering subdomains is much harder and the one time I encountered a form
that didn't like a subdomain, I just made a forwarding address on my main
domain.

Using Fastmail's rules, I have a setup where every message arriving to
@yo.example.com gets shunted into a folder unless there's a different rule
putting it somewhere else.

~~~
newscracker
> Discovering subdomains is much harder...

Is this because you don’t publish MX records in DNS for the subdomains and the
default setting on the main domain is to accept only specific addresses (and
reject catch-all addresses)?

------
awinder
Is anyone else here concerned / wondering if these numbers could be noise and
loosely correlated? The leaderboard addition lead to a 22% user signup but
there’s a 3-5% jump in number of sessions (games?) and it’s as a decimal
position of 4. This feels like maybe there’s something more fundamentally
wrong going on here...

------
ve55
This is pretty far from what would be needed to say 'Email registration is
dead'. Users may be annoyed by it and it may help in niche cases to exclude
email requirements, but for most webapps this will not be possible as users
will not even be able to reset their password then.

~~~
tapneal
Totally agree. This will depend by business. We're were just pointing out that
it makes sense to challenge the norm, because people are so reluctant to give
their email addresses.

------
jerzyt
My pet peeve is with retailers which force you to register before even being
able to browse their virtual store. They will never get my business. I wonder
if the CEOs of these companies have any idea how much business they're driving
away.

------
jpalomaki
Ask me email, but don't force me to verify it before letting me in. While I'm
browsing, show me a prominent warning that my email is not yet verified.
Include my email address in the warning so that I can catch possible typos.

~~~
abstrct
This scares me a bit. A part of email validation is ensuring they actually own
that account. It depends on the sensitivity of the service to an extent but I
don't think it's appropriate to let somebody interact as if they were a
specific email account until they've proven it's theirs.

Edit: I do like the recommendation of showing them the email they're waiting
to validate so that they can see typos.

------
justingreet
That's really interesting and definitely something worth trying. I wonder how
the effectiveness of email changes with the goals for the user (play solitaire
vs pay for a subscription, etc).

~~~
ghaff
He does mention, somewhat off-handedly, that the lack of email makes password
recovery harder. (Presumably impossible without some other communications
channel like a phone number.)

And you really need to be able to recover account access for a paid
subscription. It's probably also reasonable to assume that if someone is going
to give you a credit card number and address, they're probably OK with giving
you an email.

~~~
londons_explore
I run a site that takes payments for a subscription, but then just stores a
cookie on the users machine proving they've paid.

It will give them the cookie again if they re-visit from any IP they've
previously used.

It also re-gives them the cookie if they try to pay again with the same credit
card.

Support just tells people to try to resubscribe if their subscription has
'vanished' \- but it seems to happen to very few customers.

~~~
ohyeshedid
Public IP as an auth token seems like a horrible idea.

You're giving anyone on CGNat or even the same coffee shop access to your
customers account.

~~~
londons_explore
In my case, customers don't have any data on the account - it's simply a bit
saying 'has paid for premium?'. And if I end up giving premium to a few people
who didn't pay it isn't an issue. The sign-up friction of needing an email
address is greater.

------
zargon
Reddit has regressed in this area. It now appears like an email is required
for signup (even though you can leave it empty and click next). It probably
deters people from creating accounts.

------
cblconfederate
In the end, it's all about time. People are rational creatures (despite
rumours) and quickly decide whether they are willing to spend time to do the
email activation thingie, and so they bail. Someone should do a survey of
conversion rates vs time it takes to sign up somewhere, i bet there will be a
strong correlation.

Anecdotally, i ve observed the opposite too. I don't require email to sign up,
but there is an email field further down in the form, and yet 95% people DO
enter an email that looks valid, and not just garbage. That said, only 5%
clicked on the email verification link , presumably because they don't have to

------
franga2000
Hopefully a lot of the remaining resons to collect emails start going away as
WebAuthn gets adopted and better integrated into browser sync and/or password
managers.

------
nuker
If you disable loading remote images/content in your email client, spam dies
off eventually. Without read receipts address gets marked as dead.

------
BMSmnqXAE4yfe1
That might work for casual gaming site where it's not a big deal to create a
new account after forgetting your password.

------
tester756
I'm strongly avoiding shops with want you to create acccount

If you need me to register in order to purchase boots, then something is not
ok.

------
kull
HN does the same. Just username and password. No email. Very interesting
concept.

~~~
BMSmnqXAE4yfe1
HN users are much less likely to forget their password.

------
m3kw9
Looks like noise

