

Verify email. Wtf? - mantas
http://blog.puncht.com/2009/07/14/verify-your-email-wtf/

======
rarestblog
The reasons are: 1. People who don't like you won't be able to subscribe you
to (legitimate) stuff you don't want, therefore flooding your inbox with
legitimate e-mails that won't be blocked by SPAM filters. 2. You are making
sure you didn't make a typo in your e-mail in case you need to reset your
password, so that somebody with similar address doesn't get your password. 3.
Obvious marketing legal reasons (double opt-in, i.e. you did confirm that you
want to receive marketing spam from us).

The "easy" signup isn't with username-password-email-submit, it's with OpenID.

~~~
prodigal_erik
This. If you are not doing confirmed (aka "double") opt-in, your list will be
abused and you will definitely be regarded as a spammer.

~~~
dminor
Not to mention double opt-in is required by most certified email services
before you can use them.

~~~
patio11
Yep. Then the fine upstanding email services _get your email into their inbox_
precisely because they're religious about who they let use them. Which is, of
course, the whole point of the exercise.

------
tamas
I'm as anti-hassle as it gets, but I think email validation actually makes
sense. If a company NEEDS my email address for communication, go on and verify
if it works and an overly eager spam filter inbetween does not eats everything
up. Or if, god forbid, I accidentally put a comma instead of a period
somewhere while typing.

If they don't care whether I can be reached by that email address, why even
bother asking for one?

~~~
mantas
For example to send forgotten password ;)

If user enters a real email - he will get a new password in that case. If
not... well, it's his problem.

~~~
patio11
I have a funny feeling you do not charge money for stuff. When
regina123@aoll.com can't log in after paying $30 for the privilege to do so,
it is _my_ problem.

------
huhtenberg
Your root account should start receiving your newsletters shortly.

------
oliverkofoed
The reason is simply that some sites value having a valid e-mail address over
the percentage that they loose by having a validate e-mail step.

Like it or not, e-mail is pretty much the only way to get in contact with
people who don't login all the time.

------
tdoggette
Yes. I'm glad that the web is moving toward the easy signup: [username]
[password] [email] (optional), and do everything else later. As a user more
than a developer, it's so nice to move past the usability problems of last
decade.

~~~
lsb
If you use Damien Katz's Negative Captcha, you can even skirt the captcha, if
your users aren't malicious: just have an invisible honeypot field called
"email" for the botspam to fill out, and call the visible email field
something else.

------
s3graham
I prefer verify, mostly because with a very common First-Initial-Plus-Common-
Last-Name@gmail I get an insane number of idiots typing in my email address
somewhere. (I really don't know if people _think_ it's theirs, or if they just
don't want to enter an address.)

A verify gives me a chance to cut off the pseudo-spam before it gets started.

------
ErrantX
w/o email verification it removes even the minor level of "trust" established
by using an email.

I could sign up as linus.torvalds@linux.com. It means you cant trust a word I
say comes from who it appears to!

And if nothing else; not having email verification means yo have to build a
"dispute email" system. Which is open to yet more abuse ;)

------
swombat
On Woobius, we verify email addresses because those are people's work email
addresses, typically, and so they are identified, to their colleagues, by
those email addresses. It'd be terrible if someone was able to use our systems
to pretend to be, say, norman.foster@fosterandpartners.com without even the
simplest verification.

------
mooism2
Two things:

You have to verify their e-mail address before you subscribe them to stuff,
otherwise you will get branded as a spammer. But also...

If a new user hasn't verified their e-mail address yet, is that reason enough
to deny them further use of the site? I don't think so.

~~~
matt-kantor
A good practice I use is to give users a "trial period" (usually 24 hours)
before they must verify. Users can sign up for the site and immediately start
using it, then next time they check their email just click the link. Many
people will check their email at least once per day anyways.

Or, if they don't check it and try to log in after 24 hours, they get a
message saying they need to verify their email address and the option to re-
send the verification email.

------
sp332
I have had several cases where someone with a similar email address to mine
signed up for Myspace, Bebo, and CareerBuilder with my email by mistake (I
think it really was a mistake). The stupidest thing is, these websites gladly
reset the password for his account by sending it to my email, giving me access
to all the data he had put on all these websites: names of friends, home
address, place of employment, some possibly embarrassing forums he frequented,
etc.

------
aschobel
There are already solutions to this.

The blogger uses Disqus for comment, which allows you to Sign in via Twitter
and OpenID.

If you use OpenID w/ AX or SREG you can get the users email address, which is
even nicer. Done and done.

