This entire article runs on the assumption that the user will, at a time they choose, type their email address correctly.
This turns out not to be the case.
I've just spent over 2 hours tracking someone down who had registered for a service, but provided an email address that bounced. This is a service that is delivered via email, so this just broke the whole thing.
By all means, don't verify email addresses by habit, but be aware that there are people who really will type their own email address incorrectly.
Added in edit: I have upvoted this, because anything that encourages implementors to improve the UI is to be encouraged. Too many developers seem to run on automatic ...
It has been interesting to see the rise of forms that wish you to type in your email address not once, but twice. In an attempt to verify the user entered it correctly.
Those forms annoy me no end, if the mail is invalid you'll get a bounce and will (presumably) not consider me real. I'll not see the mail and will try again later.
In general, I've found that users really are idiots when it comes to typing that in. One of the things my company does is organise events, sometimes free, sometimes paid for. Hundreds of people sign up. In order to be allowed entry, they will need to get an e-ticket (which is emailed to them a week in advance). My boss considers e-mail verification too much of a hassle. The result? Roughly 10% of the users mistype their own e-mail address (a similar percentage mistype their own name), usually with a single letter missing -- obvious typos.
This very problem accounts for the majority of support requests in case of those events (yes, more than 50% of all tickets is because the user entered incorrect information).
> I've found that users really are idiots
> when it comes to typing that in.
They're not idiots. It is normal for people not to work at the level of precision that this sort of thing requires. Decades of work on these sorts of things have shown me that it is computer programmers who are not normal. The ability to get thousands, even millions of characters exactly right is extremely unusual, even with extended training.
Some people just can't do it, and user interfaces that expect them to will lead repeatedly to unsustainable levels of error.
Your anecdote only serves to support this. You can't assume that 10% of the people are genuinely idiots. They are real people with skill sets that don't match yours.
Programmers don't get things right with that precision either. They get it right only after many cycles of feedback and iteration. From many layers: the IDE, the compiler, code analysis tools, and finally runtime behavior.
Postal mail addressing doesn't permit any sort of feedback loop. The "user" has no indication at mailing time of any problems with the address. So it's no surprise that errors are common.
If you want email addresses to be correct, then you need that feedback loop, which means email verification.
If I get the post code wrong but the rest of the address right, the letter will get through. If I make a typo in the name or address, the letter will get through.
If I make even the tiniest of typos in the email address, it'll fail.
I've written a totally wrong post code and city name before and still gotten a successful delivery. (Totally wrong as in, post code for my previous house in a different region, and the name of a neighbouring city instead of my city.) When I saw that I was really impressed with the postal service, and not quite as impressed by me. :)
I have no first hand information about overall rates, but there are dead letter offices, teams of people dedicated to finding the right destination for ill-addressed items, and I personally get snail-mail delivered to me, despite having errors in the address.
There is a resilience in snail-mail that has no equivalent in email.
You cant just say "dont ask me to verify", despite the good reason you've set out. Verifying your email is critical in some cases.
I run a company called Checkout 51. The end result of someone using our service is that we send them money. Its critical we have the correct email address for a range of reasons such as them trying to recover their password, support communications and simple account notifications (i.e. we've sent your cheque OR your account has been credited)
I would love to not verify peoples email addresses, but in some cases its important to do so in order to provide the best possible user experience.
Agree, I've had numerous situations with a site I created that didn't have email verification where users reported problems logging back into their account.
The problem should be pretty obvious. They click the "I forgot my email" button so we generate a new password, send it to the email account they registered with and it bounces back. User emails, we try to do a search for it, find it and discover random slight misspellings such as .con.
With verification at least the user is aware that they didn't enter their email properly.
Additionally we send messages about rewards, ones that users would want to receive.
Yeah that is the primary issue we encounter regarding logins. People often type .con .cim etc (mainly from our iOS or Android apps) and the end result is confusion.
Our support staff can normally find the email using a %like% type search and correct it for the user, but without verification these users invest time in an account that they ultimately can lose access to without our assistance (not a good experience).
Almost as irritating: requiring that people sign in to your site via Facebook or Twitter, which in turn requires that they be members of these websites. I'm looking at you Medium.com.
For a lot of services, verifying e-mail addresses is primarily a means to filter a majority of spam accounts - think bulletin boards, buy/sell sites, etc. It is by no means perfect, but it's an easy, low-hanging fruit. It is only secondarily a check to see if the user misspelled his or her e-mail address (which is often checked by having two e-mail fields and comparing them).
I would still say that tracking down a misspelled e-mail address or have the user completely confused at the next login (because they don't realise they misspelled it) might be worse than having the break in the registration process.
Most web browsers remember the email address that was entered on login forms or even on signup forms their email might be pre filled for them. But it's true if the user enters the wrong email address and then never notices it's incorrect, could result in a problem later down the road if the email address is a login.
Perhaps a notification after a few days along the lines of "verify your email address is correct" top of the page in cases where it appears they haven't received your welcome email would be more appropriate. Rather than barricading them from using the service.
I have an email for the form firstname.lastname at gmail -- and apparently many people with my name can't remember that that is not their account (I can tell from the geolocation info on some of the emails, England, Tennessee, Georgia, Florida, etc). I've been signed up for countless services without verification, and have received DishNetwork bills (enough info to change their subs), gas receipts, Kmart crap, dating website stuff, etc. I have received confidential business deal emails from more than two of them. It is ridiculous that people can't recall their own email address.
If only they would ALL send verification emails!!!!
I have a similar issue. I've gotten peoples apple account activation emails when buying new iPhones, emails from realtors, and emails from teachers about a student intended for their parent. I got a contract for a new business just this week which said it was time sensitive and was asking for a signature via right signature. I was hoping there was somewhere in rightsignature to say that the contract was sent to the wrong address but nope all you can do is sign the thing. Luckily the contract listed a phone number and I was able to reach the account manager who had a phone number for the client and got it sorted out.
Verifying an address this way is called "double-opt-in". It's the most effective way to ensure the people you're sending mail to actually want to get mail from you.
If you don't do this, you'll have a lot more people marking your mail as spam, increasing your abuse score, and making it more likely that your legitimate mail will get filtered.
It's best to describe this as "confirmed opt-in". The term "double opt-in" can also be used by marketers to describe them having received your email twice. Using "confirmed opt-in" is unambiguous. "Double" could mean anything, and in any case registration and confirmation are two separate steps of a single opt-in.
I'm surprised to see Mailchimp using the "double" term.
It is irresponsible to send more than one email to a user-submitted address without verifying it. Otherwise abusers can use you to get emails sent to someone they are targeting.
Since you can only send one email, it has to be the verification email.
You need to send the verification email at registration time, since users are likely to mistake it for spam if you send it at some arbitrary point later.
If, on the other hand, you have no need to send email at all, then there's no need to collect the address and thus no reason to verify it.
Many users will see the first few words of the welcome. Few will read enough to realise they can verify. Even fewer will actually verify.
Later, your users will wonder why they're not receiving emails from you. If you send them out despite not having verification, then you've got the abuse problem again.
Abused (non-)users will just see every email as spam and ignore them, including the first welcome one. If you continue to send emails out, they will continue to be abused.
Bet bugbear is any site that insist on labelling it username when you try to log-in but it's really your email address. If I don't use the site regularly then I can never remember whether it's going to be user123 or user123@example.com. Frustrating experience that is then often followed by the same site have an unusual set of password acceptable letters that I can never remember so I then have to get everything reset.
For reference, about 20 minutes ago this item triggered the flame-war detector circuit and the resulting penalization of the ranking got it dropped off the front page.
Just so people know why this has 7 points in quick succession, but is not on the front page:
Fascinating. I'd love to see some sort of visual indication of how "flame-y" a thread is (besides just using it as an input on total hotness calculation.) In fact, could HN be alternately sorted by "least flame-y posts today", bypassing hotness? Would that, perhaps, bring all the objective how-to articles up, and push the editorials down?
To prove they control that email address, to ensure they didn't put it in wrong, and to protect poor bastards like myself with common email addresses from getting SPAMMED with mail for idiots who don't know their own email address.
----
Seriously, as someone with a VeryCommonName@gmail.com -- I nearly everyday get dozens of emails from services that do not verify addresses. AT&T, Boost, Netflix, and many more.
At will I can reset these peoples passwords, delete accounts, upgrade/downgrade services, and do much more. There are too many for me to constantly deal with them, and the root cause is this idiotic authors recommendation.
What we need is the exact opposite, we need EVERYONE doing verification of email ownership before sending mail to that account -- else it is borderline spam and harassment.
I am in AWE of how spectacularly the author missed the point.
In addition to ensure they typed their email address correctly, I am happy with email verification as users seem to have taken my (short and sweet) address as their catch all email registration. And there's nothing I can do about these reminder emails apart from one provider as there's nothing in the email to tell them 'it's not me so go away'. They just tell me to ignore the email. It's just annoying I have to 'ignore' 100+ emails in my inbox that keeps popping up.
Another gripe I have is some of them don't even care whether or not you verify the address. I receive receipts and shipping status all the time.
Uh ok... so if you don't take their email address... how do they reset their password when they (inevitably) forget it? Or do you mean they can put in whatever email they want and you'll accept it? Because if it's the latter, then you've just allowed them to cause you to spam whoever they feel like.
You have to verify email addresses. There's no other way to recover passwords. And if your users value their specific account, then they need to be able to get into that account, even if they forget their password.
It's a one to many reltionship. That's why. Yes auser can have an infinite number of email address, but an email address should belong to one user only. Why create a new user id that has to be unique and that I have to remember when I have this unique thing you can additionally use when I firget my password?
How about verifying at a later time, and granting access temporarily? At some point they'll check their email? Does this strategy work? And if they typed their email address incorrectly, maintain a cookie to point to the account and allow them to set a new email address (if persistent login is enabled)?
Being as polite as possible I would say yes please. When I sign up for a service I may only intend to try it out with the potential of using it long term. So if my email address were incorrect, fixing it later would be something that mattered to me at that time.
Perhaps this is not ideal for the service provider because then they cannot spam me but as this article points out I would just mark those emails as spam or filter in a modern inbox anyway.
This turns out not to be the case.
I've just spent over 2 hours tracking someone down who had registered for a service, but provided an email address that bounced. This is a service that is delivered via email, so this just broke the whole thing.
By all means, don't verify email addresses by habit, but be aware that there are people who really will type their own email address incorrectly.
Added in edit: I have upvoted this, because anything that encourages implementors to improve the UI is to be encouraged. Too many developers seem to run on automatic ...