SD Ruby, I'm working on a site that launched in a private beta today, private in that basic HTTP authentication is required to get into the site. I need some advice on security versus ease of sign-up.
We send a confirmation email after someone signs up for an account. It contains a link that has to be accessed in order to "activate" an account. Of the 10 people who signed up today 3 of them either didn't get the email or had to dig into their spam folders to find it, or perhaps folks were just too lazy to simply click the link. Regardless the client is concerned that the email confirmation requirement is going to seriously stifle the volume of sign-ups. My concern is that if we don't have some sort of confirmation step we'll be overrun with spam accounts and "wild sex girl pics" (as I saw on the SDRuby home page - yikes!). I suppose we could use a CAPTCHA in lieu of the confirmation email -- we have to do something to cut down on bogus accounts. I'd appreciate anyone throwing out some ways they've handled this in their Rails apps. Also, if there are any email gurus here what are your top tips for preventing email from a new domain from being classified as spam? I checked spamhaus today and neither our IP nor our domain were listed anywhere. I did learn from the client that he had GoDaddy setup email for the domain we're now using, so I suspect that may be at the root of the false spam issue. Any tips are appreciated! Cheers, Chris -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
