At least at the time of writing, if you had enough foresight and engineering time to set something like that up, you had enough foresight and engineering time to not make your system treat email addresses as meaningful identities.
Perhaps I'm missing something, but an extremely high percentage of the sites I have accounts on use my email address for authentication. Those that don't often suffer from username squatting. Maybe most sites are just doing it wrong, but what's the prevailing alternative?
Your email address isn't your identity. It's a name associated with your identity, but the identity itself is your account. Or put another way, not all valid email addresses are valid identities for these websites.
If the website is doing things right, they have other means (like a CAPTCHA at the least, or phone verification, or you buying an item from them) before deciding that an email address really is an identity.
I guess I still fail to see the distinction. CAPTCHAs really only keep out bots . . . they do nothing for keeping out Mailinator abuse. Throwaway phone numbers are easily obtainable. They might not be as cheap as Mailinator, but the point is Mailinator made it faster and cheaper for people. Buying an item doesn't really work out when the expectation is you offer a free trial and that's where the bulk of abuse occurs.
I realize this was a non-comprehensive list and I'm not trying to just attack it. I think I agree with the core assessment around what constitutes an identity. But short of some really draconian methods, I think you're basically trading off one insufficient method for another. And at that point, you may as well focus on making things easy for people, which typically means just working with email verification.
FWIW, when faced with Mailinator abuse I resorted to requiring a credit card number to sign up for a trial of my SaaS product. The abuse stopped immediately. But there were other impacts to the business as a result. I still debate the wisdom of it and how much of this should have been foresight. As a bootstrapped company, dealing with abuse was just a resource drain and forced me to focus my efforts on dealing with a segment of the population that was never going to give me money. Suffice to say, it was all very disheartening.
Anyway, thanks for sharing your thoughts on the matter.
