

Please Stop Verifying My Email Address - Kequc
https://medium.com/i-m-h-o/3d96905a4bb9

======
ColinWright
This entire article runs on the assumption that the user will, at a time they
choose, type their email address correctly.

This turns out not to be the case.

I've just spent over 2 hours tracking someone down who had registered for a
service, but provided an email address that bounced. This is a service that is
delivered via email, so this just broke the whole thing.

By all means, don't verify email addresses by habit, but be aware that there
are people who really will type their own email address incorrectly.

 _Added in edit: I have upvoted this, because anything that encourages
implementors to improve the UI is to be encouraged. Too many developers seem
to run on automatic ..._

~~~
stevekemp
It has been interesting to see the rise of forms that wish you to type in your
email address not once, but twice. In an attempt to verify the user entered it
correctly.

Those forms annoy me no end, if the mail is invalid you'll get a bounce and
will (presumably) not consider me real. I'll not see the mail and will try
again later.

I suspect most users copy/paste anyway.

~~~
naelyn
> I suspect most users copy/paste anyway.

Some forms disable the paste action in the second box to force you to type it
again (to avoid copying an error).

------
verelo
How about: consider your use case first.

You cant just say "dont ask me to verify", despite the good reason you've set
out. Verifying your email is critical in some cases.

I run a company called Checkout 51. The end result of someone using our
service is that we send them money. Its critical we have the correct email
address for a range of reasons such as them trying to recover their password,
support communications and simple account notifications (i.e. we've sent your
cheque OR your account has been credited)

I would love to not verify peoples email addresses, but in some cases its
important to do so in order to provide the best possible user experience.

~~~
kaiserama
Agree, I've had numerous situations with a site I created that didn't have
email verification where users reported problems logging back into their
account.

The problem should be pretty obvious. They click the "I forgot my email"
button so we generate a new password, send it to the email account they
registered with and it bounces back. User emails, we try to do a search for
it, find it and discover random slight misspellings such as .con.

With verification at least the user is aware that they didn't enter their
email properly.

Additionally we send messages about rewards, ones that users would want to
receive.

~~~
verelo
Yeah that is the primary issue we encounter regarding logins. People often
type .con .cim etc (mainly from our iOS or Android apps) and the end result is
confusion.

Our support staff can normally find the email using a %like% type search and
correct it for the user, but without verification these users invest time in
an account that they ultimately can lose access to without our assistance (not
a good experience).

------
SeanLuke
Almost as irritating: requiring that people sign in to your site via Facebook
or Twitter, which in turn requires that they be members of these websites. I'm
looking at you Medium.com.

------
doppel
For a lot of services, verifying e-mail addresses is primarily a means to
filter a majority of spam accounts - think bulletin boards, buy/sell sites,
etc. It is by no means perfect, but it's an easy, low-hanging fruit. It is
only secondarily a check to see if the user misspelled his or her e-mail
address (which is often checked by having _two_ e-mail fields and comparing
them).

I would still say that tracking down a misspelled e-mail address or have the
user completely confused at the next login (because they don't realise they
misspelled it) might be worse than having the break in the registration
process.

~~~
Kequc
Most web browsers remember the email address that was entered on login forms
or even on signup forms their email might be pre filled for them. But it's
true if the user enters the wrong email address and then never notices it's
incorrect, could result in a problem later down the road if the email address
is a login.

Perhaps a notification after a few days along the lines of "verify your email
address is correct" top of the page in cases where it appears they haven't
received your welcome email would be more appropriate. Rather than barricading
them from using the service.

------
peapicker
I have an email for the form firstname.lastname at gmail -- and apparently
many people with my name can't remember that that is not their account (I can
tell from the geolocation info on some of the emails, England, Tennessee,
Georgia, Florida, etc). I've been signed up for countless services without
verification, and have received DishNetwork bills (enough info to change their
subs), gas receipts, Kmart crap, dating website stuff, etc. I have received
confidential business deal emails from more than two of them. It is ridiculous
that people can't recall their own email address.

If only they would ALL send verification emails!!!!

~~~
ktsmith
I have a similar issue. I've gotten peoples apple account activation emails
when buying new iPhones, emails from realtors, and emails from teachers about
a student intended for their parent. I got a contract for a new business just
this week which said it was time sensitive and was asking for a signature via
right signature. I was hoping there was somewhere in rightsignature to say
that the contract was sent to the wrong address but nope all you can do is
sign the thing. Luckily the contract listed a phone number and I was able to
reach the account manager who had a phone number for the client and got it
sorted out.

------
panarky
Verifying an address this way is called "double-opt-in". It's the most
effective way to ensure the people you're sending mail to actually want to get
mail from you.

If you don't do this, you'll have a lot more people marking your mail as spam,
increasing your abuse score, and making it more likely that your legitimate
mail will get filtered.

Source: [http://mailchimp.com/resources/guides/how-to-avoid-spam-
filt...](http://mailchimp.com/resources/guides/how-to-avoid-spam-
filters/html/)

~~~
rlpb
It's best to describe this as "confirmed opt-in". The term "double opt-in" can
also be used by marketers to describe them having received your email twice.
Using "confirmed opt-in" is unambiguous. "Double" could mean anything, and in
any case registration and confirmation are two separate steps of a single opt-
in.

I'm surprised to see Mailchimp using the "double" term.

See: [http://en.wikipedia.org/wiki/Opt-
in_email](http://en.wikipedia.org/wiki/Opt-in_email)

"The term double opt-in has also been co-opted by spammers, diluting its
value."

------
rlpb
It is irresponsible to send more than one email to a user-submitted address
without verifying it. Otherwise abusers can use you to get emails sent to
someone they are targeting.

Since you can only send one email, it has to be the verification email.

You need to send the verification email at registration time, since users are
likely to mistake it for spam if you send it at some arbitrary point later.

If, on the other hand, you have no need to send email at all, then there's no
need to collect the address and thus no reason to verify it.

~~~
Kequc
What about sending them a welcome email that gives them the opportunity to
verify.

~~~
rlpb
Many users will see the first few words of the welcome. Few will read enough
to realise they can verify. Even fewer will actually verify.

Later, your users will wonder why they're not receiving emails from you. If
you send them out despite not having verification, then you've got the abuse
problem again.

Abused (non-)users will just see every email as spam and ignore them,
including the first welcome one. If you continue to send emails out, they will
continue to be abused.

~~~
Kequc
Why is it better to force them to verify the email and then just start sending
them email as through they confirmed that they wanted to receive any?

------
ColinWright
For reference, about 20 minutes ago this item triggered the flame-war detector
circuit and the resulting penalization of the ranking got it dropped off the
front page.

Just so people know why this has 7 points in quick succession, but is not on
the front page:

[http://hnrankings.info/6405186/](http://hnrankings.info/6405186/)

~~~
derefr
Fascinating. I'd love to see some sort of visual indication of how "flame-y" a
thread is (besides just using it as an input on total hotness calculation.) In
fact, could HN be alternately sorted by "least flame-y posts today", bypassing
hotness? Would that, perhaps, bring all the objective how-to articles up, and
push the editorials down?

------
MetaCosm
> So why make them verify?

To prove they control that email address, to ensure they didn't put it in
wrong, and to protect poor bastards like myself with common email addresses
from getting SPAMMED with mail for idiots who don't know their own email
address.

\----

Seriously, as someone with a VeryCommonName@gmail.com -- I nearly everyday get
dozens of emails from services that do not verify addresses. AT&T, Boost,
Netflix, and many more.

At will I can reset these peoples passwords, delete accounts,
upgrade/downgrade services, and do much more. There are too many for me to
constantly deal with them, and the root cause is this idiotic authors
recommendation.

What we need is the exact opposite, we need EVERYONE doing verification of
email ownership before sending mail to that account -- else it is borderline
spam and harassment.

I am in AWE of how spectacularly the author missed the point.

------
zebra
And what about email address as a username? I have it like this on one site so
the user has 2 in 1 - username and email in one.

~~~
jjp
Bet bugbear is any site that insist on labelling it username when you try to
log-in but it's really your email address. If I don't use the site regularly
then I can never remember whether it's going to be user123 or
user123@example.com. Frustrating experience that is then often followed by the
same site have an unusual set of password acceptable letters that I can never
remember so I then have to get everything reset.

------
tiptup
In addition to ensure they typed their email address correctly, I am happy
with email verification as users seem to have taken my (short and sweet)
address as their catch all email registration. And there's nothing I can do
about these reminder emails apart from one provider as there's nothing in the
email to tell them 'it's not me so go away'. They just tell me to ignore the
email. It's just annoying I have to 'ignore' 100+ emails in my inbox that
keeps popping up.

Another gripe I have is some of them don't even care whether or not you verify
the address. I receive receipts and shipping status all the time.

------
NateDad
Uh ok... so if you don't take their email address... how do they reset their
password when they (inevitably) forget it? Or do you mean they can put in
whatever email they want and you'll accept it? Because if it's the latter,
then you've just allowed them to cause you to spam whoever they feel like.

You have to verify email addresses. There's no other way to recover passwords.
And if your users value their specific account, then they need to be able to
get into that account, even if they forget their password.

------
dorfsmay
It's a one to many reltionship. That's why. Yes auser can have an infinite
number of email address, but an email address should belong to one user only.
Why create a new user id that has to be unique and that I have to remember
when I have this unique thing you can additionally use when I firget my
password?

------
jasonjei
How about verifying at a later time, and granting access temporarily? At some
point they'll check their email? Does this strategy work? And if they typed
their email address incorrectly, maintain a cookie to point to the account and
allow them to set a new email address (if persistent login is enabled)?

~~~
Kequc
Being as polite as possible I would say yes please. When I sign up for a
service I may only intend to try it out with the potential of using it long
term. So if my email address were incorrect, fixing it later would be
something that mattered to me at that time.

Perhaps this is not ideal for the service provider because then they cannot
spam me but as this article points out I would just mark those emails as spam
or filter in a modern inbox anyway.

------
biot
Okay, I won't ask you for your email address when creating your account.
Instead, please write down this GUID which you'll need to login next time.

