
Do you force your new users to verify their email addresses? - keiretsu

======
martijnengler
Hehe, we've just had a big "fight" (discussion, but for an outsider our
discussions often look like we're having a fight ;)) about it. We decided not
to do so: most people (or at least, the people we're marketing to) will
probably fill in their real address anyway.. And if they don't, they're smart
enough to use a "dump"-address.

------
keiretsu
Pros: You are able to send email updates to users.

Cons: Duplicate users. Misdemeanor: Imagine if someone uses the whitehouse or
fbi email addresses. Then he keeps on clicking on "Retrieve password" and you
would start spamming the whitehouse and fbi.

~~~
randallsquared
Well, this is an argument for requiring verification if you plan to use email
for password resets. Alternatively, you can allow only a small number of
password reset attempts per email address per day/hour/whatever. One thing
that you shouldn't do is reset someone's password immediately when you send
out the reset email. Instead, reset it only when they arrive back at the reset
page, else you're opening a DOS attack for anyone whose email address is
known.

------
andre
A great solution is to give them an incentive to give you their real email
address, like you're going to send them an important report or something else
that is of high value so the visitors have no problem giving up their email
address.

~~~
antirez
Another one is to tell the user the email is used in order to send lost
passwords.

------
snorkel
The current trend is not requiring email to signup. Anyone, including bots,
can verify an email address so email is not a reliable qualifier anyway.

