FWIW, my take is that it's not too much to ask that users of an application provide a legitimate, working email address by which you can actually contact them. That being said, the whole 'click here to activate' round trip can definitely be a PITA, so we have approached this by adding OpenID, Facebook, and Oauth (Twitter) along with good- old 'gimme an email and pw' registration.
-Gk On Aug 9, 10:20 pm, Chris McCann <[email protected]> wrote: > SD Ruby, > > I'm working on a site that launched in a private beta today, private > in that basic HTTP authentication is required to get into the site. I > need some advice on security versus ease of sign-up. > > We send a confirmation email after someone signs up for an account. It > contains a link that has to be accessed in order to "activate" an > account. Of the 10 people who signed up today 3 of them either didn't > get the email or had to dig into their spam folders to find it, or > perhaps folks were just too lazy to simply click the link. > > Regardless the client is concerned that the email confirmation > requirement is going to seriously stifle the volume of sign-ups. My > concern is that if we don't have some sort of confirmation step we'll > be overrun with spam accounts and "wild sex girl pics" (as I saw on > the SDRuby home page - yikes!). > > I suppose we could use a CAPTCHA in lieu of the confirmation email -- > we have to do something to cut down on bogus accounts. I'd appreciate > anyone throwing out some ways they've handled this in their Rails > apps. > > Also, if there are any email gurus here what are your top tips for > preventing email from a new domain from being classified as spam? I > checked spamhaus today and neither our IP nor our domain were listed > anywhere. I did learn from the client that he had GoDaddy setup email > for the domain we're now using, so I suspect that may be at the root > of the false spam issue. Any tips are appreciated! > > Cheers, > > Chris -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
