On Sun, 2010-09-19 at 17:12 +0200, Michael Snoyman wrote: > > Let me respond to this directly since a number of people have brought > this up: > > Due to spam reasons we can't trust the email given via an OpenID > provider in general. For example, it would be trivial for me to create > an OpenID provider for myself, set my email address as <insert someone > else's address here> and essentially spam them. > > By going with a service like Facebook or Google, we know (or at least > assume) that they do proper email validation, so we could immediately > accept this value without needing to verify it ourselves. > > In other words: Yes, I know there are extensions to OpenID. And no, we > can't use it to get a verified email address. > > Michael
There are people who for whatever reason don't use Facebook/Google/.... And sending verification e-mail costs practically nothing. Regards PS. If we have on-site registration it would have unverified e-mail as well.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Haskell-Cafe mailing list [email protected] http://www.haskell.org/mailman/listinfo/haskell-cafe
