Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: Why haven't signup confirmation emails died yet?
22 points by agotterer on Oct 16, 2008 | hide | past | favorite | 39 comments
I have been thinking about confirmation emails today and cant think of a single reason to actually send them. They are annoying and must have a user drop off rate. I know I personally don't return to some low priority sites if I'm to lazy to load my email or it takes more then 20 seconds to get the email.

What is the point and why hasn't this practice died yet? Are there any benefits I'm overlooking here?




Don't require your users to activate immediately, give them a day to do it, and just don't give them access to anything a spammer would love to use - or limit how many times they can do it before they need to activate.

And after they have submitted their details (which should only be critical information — seriously, nobody likes long forms.), don't send them to a dedicated "Thanks for registering" page, its a waste of time for them for them, just take them to the homepage or where ever the magic happens, and present a banner above the content thanking them and giving any info they may need.

And overall, don't get too defensive on spammers; Lets face it, your not going to get much spam until your site is popular — so go easy and don't frustrate your users, and then tighten your defenses later down the line if required.

Those are my post-signup "rules". I love working out how not to annoy users even slightly — sadly a lot of sites don't do it very well! :)


> Don't require your users to activate immediately, give them a day to do it, and just don't give them access to anything a spammer would love to use - or limit how many times they can do it before they need to activate.

This is exactly what we did at a popular site I used to work for. Let them in, let them go crazy, but have a "time's up!" period and a few restrictions to stop spammers.


It adds a cost to creating a user account. Sometimes, you actually want that. Also a user with a valid email address is worth more than a user without one; even with dropoff the value could be worth it.

That said, we don't do it at Justin.tv, and I think it's stupid.


You would know much better than me, but I thought the double confirmation process helped prevent emails from the website (e.g. Justin.TV) from getting flagged by spam filters. Have you guys had any problems with this?


We send a verification email when you sign up; we just don't demand you click the link before you start using the website.


1. Prevents typos (though bounced emails are not a big deal)

2. Makes it so you can't sign someone else up surreptitiously

3. Ensures the email they enter is real

Depending on the site, these may or may not be a concern. For some sites, the drop-off rate is worth the reduction in support hassle.


If I may, I'd like to repeat and emphasize, these two points are very big, in my experience...

2. Makes it so you can't sign someone else up surreptitiously

For some sites, the drop-off rate is worth the reduction in support hassle.


I actually look forward to them cause I tag them so if I forget my login info I can just refer back to it.


confirmation emails are useful if you're looking to verify ownership and existence of a particular email address.

not all apps need this, so not all apps would necessarily want to use it. but if yours does, there's not really a good reason to specifically avoid using them.

just a tool in the toolbox, as it were.


A similar question is why there are so many bloggers who needs me to fill in my email address in the comment form...

I understand that it is the default settings of most blogging software, but that doesn't make it right :-)

If anyone can come up with a single valid reason why the information should be mandatory, it would at least ease my frustration.


One of the important reasons why email should be entered in the comment form is to let the blogger know who commented on his post and if if blogger wants to get back to the commenter, he could with the help of mail-id. If you actually think about it, comments are the only thing which actually connects the blogger and their readers. With the help of mail-id, connection only becomes more stronger.


i'm not here to defend wordpress or their choices. i don't think that the information should be mandatory. but there are some features that make use of the comment's email address. i imagine askimet uses it.


It has benefits from the customer's point of view. Too many people here are looking as it as a hassle. Its not always. sure, as the original poster pointed out, having that requirement on low priority sites, as he calls them, is annoying. But if you're setting up something important, you want to know that everything you set up is correct and your identity is verified. If I was setting up an online trading account it makes me feel better to have a line of communication established.


Good question. I'm kinda torn both ways. One advantage is that you know that the email they provided is valid so that if you do need to send them important updates it will work, otherwise there's no way to invite the users back if they haven't checked your site out in a while. There are compromises you can make like giving access to 70% of your site w/o email confirmation and the other 30% after email confirmation. I'm not a usability expert so someone else may have a better answer.


I think one way to approach it is to only require confirmation if they want to receive email.


Yes, that absolutely works -- if you have a site where not being able to send people email doesn't diminish the value of the site (e.g., Hacker News is fine without confirming email addresses; but for tarsnap, I need to send people emails saying "hey, if you don't deposit more money into your account in the next 7 days, your backups will be deleted" -- so for tarsnap, confirming email addresses is essential).


As a user if I am actually going to give you money, I would think your service was worth giving my email address out for.

On the other hand I have properly signed up for more than 10 times as many free services as I pay for.


I think for some solutions the quality of data is very important, sometimes crucial. Think LinkedIn, Facebook, which are sites that count very much on the quality of the data they collect for advertisement purposes. Facebook for instance enforces that you enter a valid email address to belong to a network (e.g. Cornell University etc). Maybe someone creates a solution, a 3rd-party app which could do the trick (maybe even use Twitter for that). Ideas?? :)


If you're ever going to be sending your users email, you should have people confirm their accounts -- otherwise, you're just another "they opted in, really!" spammer.


I strongly believe that if you want to receive email from a site you would enter a valid email address. At least thats how I do it.

For something like a paypal account, verifying your email address makes sense, if for nothing else making sure you made no typos. But for most simple sites the confirmation email seems like overkill and an unnecessary extra step.

If its to prevent spam, this is even easier to automate then cracking captcha. If its for making sure the email address is valid for future annoying emails. Just give people a reason to want email from you and they will be more then happy to use a valid address.

Quick registration and getting someone on the site as quick as possible should be the number of priority. Get rid of long registration forms and confirmation emails!


I strongly believe that if you want to receive email from a site you would enter a valid email address.

You're missing my point. When sites don't require people to respond to registration confirmation emails, I can sign up using your email address, resulting in you getting a flood of spam.

This battle was fought in the early years of the spam war -- companies would send out spam and claim that people had asked to receive the email, and when anyone complained that they hadn't, the spammers would just say "oh, someone else must have signed you up". (For more background, see the spamhaus page on this topic: http://www.spamhaus.org/mailinglists.html)


To be fair, if they are going to be sending spam I dont think they care if you validate your email address. Enter someone elses address and as long as it doesn't get a bounce back, its valid in their eyes.


I wonder who [email protected] is, he's been getting my signup emails for over a decade now...


I go through periodically and delete fake accounts. If a person can't put in good information they are a waste of space in the database. Anyone who has a web based application I imagine must do the same.


Funny thing... I've been using him as well for at least the same time! He must be a very popular guy!


I think the point might be to confirm that the email the user is signing up with is a valid email address which belongs to them. It's especially helpful if a user wishes to reset a password. This might help prevent users from creating multiple accounts.

Sure, it's easy to get around, but for most users they simply comply. That been said we don't use email validation on any of our websites.


If you have an app with paid & free levels of service, it prevents people from creating multiple, free accounts.


We just removed ours.

The only benefit I can name is that it confirms your ability to communicate to the user if they lose a password, etc.

And, it probably incrementally adds to the value of your company (presumably a company would rather have 500,000 confirmed email addresses than 500,000 unconfirmed ones... Of course, given drop-off...)


You need an out-of-bound communication to retrieve password and authenticate the account. If you can weather users not being able to retrieve their password, then by all means take out e-mail activation, but if you want to build a robust application, you should keep it in.


Are you talking about double opt-in? I have a site where if I don't use double opt-in via a confirmation email (with "click this link to activate") then I get a ton of bots filling out my form and cluttering my inbox.


(Why) don't you use captchas?


the form is prominent on the front page of the site and a captcha would make it look ugly.

Plus the reasons stated above, such as validating that the person submitting the email address actually owns it.


In some applications (games) you want a way to enforce that a single person has only one account. I know email verification is only a weak way of enforcing that, but it helps somewhat.


The answer lies there: http://virteal.com/ThePerfectLogin

Item 1 of the "check list" is titled "Optional registration"


There are a lot of reasons to do it depending on the application.

One that comes to mind from my own experience is if you need a valid email address for further transactions.


Unless its an e-commerce site, just don't do it!


unicity of users


E-mail confirmation gives you uniqueness of e-mail addresses, not of users.


One word: Spam

You can't rely on things like captcha's, not anymore. But requiring an email address is at least a small difficulty. And if you get a whole bunch of signups from a single ___domain in a short period (And it's not, say, gmail) you know something's up.




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: