

A better way of validating an email address - alentodorov
http://alentodorov.posterous.com/a-better-way-of-validating-an-email-address#

======
dsr_
I use mutt. I'm not the only one. There are also people who read their email
in emacs. There are people who turn off image loading in HTML-capable mail
readers.

All of these are the kind of people you want using your service or software:
clueful and security conscious. When they recommend something, people listen.
As customers, they're less likely to ask a FAQ and more likely to point out an
actionable bug or deficiency.

The only problem I have with 'click-to-confirm' email messages is that some
services deliver them slowly. If you can fire off an email when I click
Register, I can be reading it and cutting-and-pasting the URL or ID code five
seconds later. A message that doesn't arrive for ten or fifteen minutes means
I have to context-switch away and then back.

~~~
mseebach
There is a very clearly featured "Alternatively click here" link.

------
gerggerg
_A better way (for marketers) of validating an email address._

Technically nothing has been validated. You've proved that the email address
exists. But it's deliberate use hasn't been validated. And that's the whole
point of validation.

------
dablya
Comment in the post says it all.

~~~
elisee
Yes ("Disadvantage of this is that anyone who receives that mail will get
registred without their consent if their mail client automatically shows
images.").

If people do insist on using this method, they should at least add a prominent
link to cancel the account in the e-mail.

But what if some random e-mail client prefetches the image and the e-mail end
up never being read or whatever? This is not robust.

~~~
mseebach
> But what if some random e-mail client prefetches the image and the e-mail
> end up never being read or whatever? This is not robust.

The whole point of not loading images is the privacy concern, so if your email
client (which is any email client with any kind of traction in the past
decade) offers (and defaults to) not loading images, it will indeed not hit
the URL.

~~~
nemeth
> The whole point of not loading images is the privacy concern, so if your
> email client (which is any email client with any kind of traction in the
> past decade) offers (and defaults to) not loading images, it will indeed not
> hit the URL.

I'm not sure this is accurate, this link is a little old but it indicates
quite a few webmail/desktop clients load images by default:
[http://www.campaignmonitor.com/blog/post/2559/current-
condit...](http://www.campaignmonitor.com/blog/post/2559/current-conditions-
and-best-pr-1/)

~~~
mseebach
Several of the clients that is listed as displaying images by default doesn't
do so any more. Yahoo, Hotmail, Apple Mail, Thunderbird, Outlook Express and
Entourage are among these IIRC.

Perhaps "decade" was too generous a word to use. Certainly any client that has
traction _today_ defaults to not loading images. Now, that certainly doesn't
mean that there are no clients that does this, and that no-one changed that
setting.

~~~
noobiscus
Irrelevant.

That the possibility for an email client to be so configured that it would
AUTOMATICALLY process a false positive validation, makes this system utterly
unusable for any developer with a [brain|conscience].

~~~
mseebach
No, I do think it is relevant.

If the purpose of the validation is simply validation, then what you call a
false positive isn't actually false, as the e-mail address evidently was
valid.

Including a very clear "I did not ask for this" link in the e-mail would allow
false positives to undo any damage done.

Just because a technology can be used for bad (and this one is indeed - anyone
auto-loading images in e-mail will be flooded with spam for that exact reason)
it does not imply that any use of the technology is bad.

------
agwa
I don't really see the point because you still have to switch to your email to
open the message. I think a better solution is to let your users start using
your service immediately, but require they click the email validation link
within 24 hours. Or offer reduced (less abusable) functionality until they
verify. Of course, this won't work for all services, especially if spammers
can start abusing their account immediately.

~~~
mseebach
Spammers can provision an unlimited number of email addresses, so you won't
stop a spammer by requiring him to validate an e-mail address.

I can think of three reasons you want to validate an e-mail address like this:

\- Confirming that you've typed your e-mail address correctly and that it is
reachable

\- Preventing you from impersonating someone else

\- Opt-in for sending you e-mails. Not really to prevent you from
spamming/harassing/annoying someone else (there are many ways other ways to do
this), but to prevent the service from having e-mails marked as spam.

I'm sure the last one is the strongest, as being blacklisted from one of the
big e-mail providers would really hurt most online services.

------
jayferd
Clicking on "Show Images" is no faster than clicking on a verify link. ...and
although you and I know that loading images requires an extra HTTP request,
it's not intuitive.

