
You do not need email confirmation in your sign up flow - uladzislau
https://visible.vc/engineering/signup-flow-without-email-confirmation/
======
nkkollaw
I think the title is a little misleading. They still require users to confirm
their email, although they postpone that. From the title it sounds like they
have a revolutionary solution to avoid this altogether, which they don't.

Besides the title, this might work for their specific case, but I don't see it
working in general. From my experience, lots of emails are fake. Either
gibberish, or not the user's. You need an actual email to send communications
and somewhat reduce spam and abuse. Postponing confirmation doesn't help with
that.

The author fails to even mention the actual solution to avoiding email
confirmation and reducing onboarding steps: social login.

With social login, users start using the app immediately, and site owners have
a validated email (and optionally a lot more). If your app is targeted to
developers, use GitHub login. Otherwise Facebook, Google, Twitter or similar,
and you'll have a 90% coverage. Some people are paranoid about giving access
(although IMO is safer), so also support signing up via email, but at that
point it would be the "user's fault" if extra steps are required.

~~~
NTripleOne
>With social login, users start using the app immediately

Given that 99% of the time sites implement social logins as "let's
automatically fill out your username and email address in the sign up form",
that's far from true.

~~~
nkkollaw
99% seems excessive.

That hardly happens to me.

~~~
NTripleOne
I mean yeah it's hyperbole but still, it seems like it happens on the vast
majority of sites I try to do a social registration with.

------
tyoma
Please add a "i did not sign up for this account" link to disavow account to
email links.

There is someone who keeps using my email thinking its theirs. I am tired of
constant reminders to verify my email from noreply addresses, with no way to
turn it off.

~~~
gaia
same here, on a daily basis. worse when my email is supplied by someone else
to a party that does not confirm AND there is no way to unsubscribe (such as
Best Buy's geek squad's email). my gmail delete filter list is 50+ items now.

~~~
kingbirdy
At least in the US, CAN-SPAM mandates that emails have an unsubscribe option -
are you sure you didn't miss it?

~~~
gaia
Best Buy Geek Squad does NOT offer a unsub link. Believe it or not. Verified.

------
ry_ry
Apparently in the UK at least, there is potentially legislation in the horizon
requiring email confirmation for account signups.

It dropped into our roadmap recently, will see if I can dig out some info in a
bit.

~~~
ry_ry
Completely forgot to update this.

It's apparently to do with the EU General Data Protection Regulation
([https://en.wikipedia.org/wiki/General_Data_Protection_Regula...](https://en.wikipedia.org/wiki/General_Data_Protection_Regulation))
due to come into force in May 2018. I'd imagine this is specifically linked to
the requirement for data-controllers to be able to _prove_ consent.

------
tony-allan
Simplifying the experience is a great idea.

Just one thing... why not do everything as you suggest except send the
Welcome/confirmation email straight away so they have a record and a link to
confirm and set a password.

Then timeout the first session after 48 hours.

------
YogeeKnows
I think all users are now used to email confirmation. With mobile and
notifications its much easier to just click them once.

Ill be more irritated if it prompts me to go in my mailbox when I'm in middle
of something. I'll be like- 'you fool why didn't you do this during signup
itself.'

Think in terms of modes. Right now Im in signup mode. Then Im in 'Do work'
mode. Dont make me go from 'Do work' mode to 'signup admin stuff' mode again.

Also now I expect each site to have option for google/facebook logins. The
only reason I still have my facebook account active is that it makes one click
login on most sites easier.

------
nemetroid
My email address is `first.l@gmail.com`, with my first name (common) and last
initial. I receive a _lot_ of erroneous signup emails. There's nothing wrong
with sending a single email, so my usual course of action is to delete them.
However, I expect sites to send no more than a single email to unverified
addresses. If I receive subsequent messages from the same site, I mark them as
spam. Gmail usually takes care of unsubscribing for me.

------
skdotdan
Slightly OT, but: would you pay for a "mail confirmation as a Service"? I'm
building such product, but I don't know if it makes sense, or how to market
it.

~~~
corobo
Unsubscribe as a service maybe - something that knows if an email's unsub link
is legit or if the mail should just be spammed

I sign up for an absolute shed-load of products and services I can't say I've
ever wished the mail confirmation part could be automated. Every damn time I
wish there was a way to easily unsubscribe from their mail list though.

------
maxerickson
So is resetting an account that used a wrong email a CFAA violation? Seems
like it can be.

I think the better option if you aren't going to verify ownership of email
addresses is to have a clear and simple way to detach an address from an
account (if this makes the account useless, delete the account entirely).

I say this having been on the wrong side of trying to remove my address from
all sorts of services.

------
Flimm
You do not need email confirmation in your sign up flow... but you will email
confirmation eventually, as the article says.

However, you may never need a password. Users can log in on other devices
using another email confirmation link, or using log in with Google, GitHub,
etc.

------
gaia
what if elon signs up as elon@spacex.com. he then fills out a personal details
form, which includes a phone number. if a 2nd user comes around and enters the
same unconfirmed email within 48hrs he'd get to see those personal details.

this surely only works in very specific situations...

~~~
beojan
If a second user enters the same unconfirmed email, presumably he would need
to know the original password?

