views:

167

answers:

5

After user registers, i send an email with a guid link which user clicks to validate the registration. So it confirms the email exists, but how does that help fight spammers? Cant bots 'click' same link back to the site and validate registration just the same? Its late, maybe im missing something.

+2  A: 

You're right, it doesn't prevent spammers. All it does is create another obstacle for users trying to use your site/service/app. Is that something you really want? You should be removing obstacles, not creating them. It sounds like you're solving a problem you don't even know you're going to have or not.

John Sheehan
so why does anyone bother with such validation?
zsharp
Because they don't care about their users. At scale, it might be necessary. But getting popular enough to need something like this should be your first priority and one way to deter getting popular is to be a pain in the ass for potential users.
John Sheehan
And users just love being able to enter in other peoples emails to sign them up to get mails from companies. It isn't to make it a pain in the ass... it is to stop people from being a pain in the ass to other people.
TofuBeer
Again likely only a problem if you're popular. Focus on the popular problem first
John Sheehan
+1 I firmly agree with this - there is no need at all to verify email on sign-up, unless you are planning on sending a bunch of emails to that address and don't want to be accused of spam. Sending a courtesy email on signup is ok.
thomasrutter
+6  A: 

It makes sure that the user is the actual owner of the e-mail address. You don't want them to enter in just anyone's e-mail address and start having messages from your site e-mailed to random people.

yjerem
+8  A: 

It verifies:

  • the user has typed their e-mail correctly (since this is the only way you have of contacting them, lets get it right)
  • the e-mail address exists
  • it is owned by the person requesting the page

Indeed - it doesn't prevent bots from accepting e-mails from their own e-mail account, but it stops them accepting e-mails from my account... this in turn keeps you out of the legal quagmire of being accused of spamming some random Jo. Everyone wins.

Marc Gravell
A: 

It all depends on how much you think your users will tollerate.

If you running an online store you want to minimize the number of roadblocks along the way or the user may drop out prior to completion of a purchase.

If it is an online forum or similar then the user may be open to going through more hoops.

If its a free online newspaper that requires validated registration to simply read, people may just go elsewhere instead of bothering.

You need to balance what the user will tollerate with the site needs and offerrings.

schooner
A: 

I have a gmail account with a short user name and am often getting email not intended for me, often sensitive stuff like password data or shipment IDs. This happens because some people simply don't know their own email address. If there was some email verification, I wouldn't have to suffer this and their privacy would be preserved.

flodin