[SEMI-GEEK] Are activation emails needed - and if so - how do we convince you they aren't spam?
Here's an odd but important problem, at least for us here at BlogBridge.
When you sign up for a BlogBridge account, we, like many other sites, send you a confirmation email to verify that your email is for real.
Truthfully from a security point of view, I am not even exactly sure what it proves. That at one moment in time the person creating the account also was able to receive emails at an arbitrary email address. So what? It's so easy to get a temporary free email account, that I am not sure what it does.
So that's question one: does an activation email really provide any benefit to anyone? Any comments?
Now a question that has come to our attention is that in many cases a person's spam filter intercepts the activation email so the person never even sees it, and hence the account is never activated, and hence the account appears not to work.
So scenario: The sender and recipient both want the message be received, but there is a a big-brother spam filter (like Google Mail, which I think is the bestest) that insists on sidelining the email into the spam filter.
So that's question two: Is there any way to assure a non-junk email actually makes it through? Any answers?
When you sign up for a BlogBridge account, we, like many other sites, send you a confirmation email to verify that your email is for real.
Truthfully from a security point of view, I am not even exactly sure what it proves. That at one moment in time the person creating the account also was able to receive emails at an arbitrary email address. So what? It's so easy to get a temporary free email account, that I am not sure what it does.
So that's question one: does an activation email really provide any benefit to anyone? Any comments?
Now a question that has come to our attention is that in many cases a person's spam filter intercepts the activation email so the person never even sees it, and hence the account is never activated, and hence the account appears not to work.
So scenario: The sender and recipient both want the message be received, but there is a a big-brother spam filter (like Google Mail, which I think is the bestest) that insists on sidelining the email into the spam filter.
So that's question two: Is there any way to assure a non-junk email actually makes it through? Any answers?
Comments
Answer 1: One big benefit is that it prevents some malicious person from signing me up for a service and associated junk mail (unless they can read my mail)! It also allows you to avoid having your database cluttered and resources consumed by spam attacks on your sign-up form.
Answer 2: Well, that's the spam filter problem in and of itself, now isn't it? I'm guessing you're looking for heuristics to prevent your activation emails from being filtered out as spam. What I'd do is run some of them through common spam filters (e.g. SpamAssassin) and see what rules they trigger, then modify the mail as appropriate to prevent triggering. If you don't have a misconfigured domain or mail server you should be reasonably safe with most content.
Also, a bug report: Tab ordering on this form is wrong; for some reason the "prove you are a real person" box comes first in the tab order, so tabbing from it to start typing my comment wipes out my name instead. Bad tab ordering in web forms is a pet peeve of mine...
Posted by: Jered | February 22, 2007 12:31 PM