The RESTful authentication gem ( http://github.com/technoweenie/restful-authentication ) has a nice code generator for activation emails:
./script/generate authenticated user sessions --include-activation That code provides a good start to build off of and should work out of the box IIRC. Although RESTful-auth is still being updated, it seems most people are favoring Authlogic ( http://github.com/binarylogic/authlogic ). You could use the generated code as an example/scaffold for Authlogic + OpenID. I found this guide ( http://www.slideshare.net/JamesEdwardGrayII/sending-email-with-rails ) while searching for an answer to Chris's spam related question. Chris, this isn't the reference I was looking for, but here are some suggestions on mass-emailings and how to prevent them from ending up in someone's spam box: http://www.slideshare.net/ibelmonte/massive-emailing-with-linux-postfix-and-ruby-on-rails . Depending on how far you take it, it can be rather complex and may be more worthwhile to outsource this task. I think Patrick has the best suggestion of using a service like MailChimp/Sendgrid/Constant Contact. I have been very happy with Mailchimp and the extra metrics/features are an added bonus Best regards, justin On Aug 10, 10:59 pm, Gk <[email protected]> wrote: > FWIW, my take is that it's not too much to ask that users of an > application provide a legitimate, working email address by which you > can actually contact them. That being said, the whole 'click here to > activate' round trip can definitely be a PITA, so we have approached > this by adding OpenID, Facebook, and Oauth (Twitter) along with good- > old 'gimme an email and pw' registration. > > -Gk > > On Aug 9, 10:20 pm, Chris McCann <[email protected]> wrote: > > > > > SD Ruby, > > > I'm working on a site that launched in a private beta today, private > > in that basic HTTP authentication is required to get into the site. I > > need some advice on security versus ease of sign-up. > > > We send a confirmation email after someone signs up for an account. It > > contains a link that has to be accessed in order to "activate" an > > account. Of the 10 people who signed up today 3 of them either didn't > > get the email or had to dig into their spam folders to find it, or > > perhaps folks were just too lazy to simply click the link. > > > Regardless the client is concerned that the email confirmation > > requirement is going to seriously stifle the volume of sign-ups. My > > concern is that if we don't have some sort of confirmation step we'll > > be overrun with spam accounts and "wild sex girl pics" (as I saw on > > the SDRuby home page - yikes!). > > > I suppose we could use a CAPTCHA in lieu of the confirmation email -- > > we have to do something to cut down on bogus accounts. I'd appreciate > > anyone throwing out some ways they've handled this in their Rails > > apps. > > > Also, if there are any email gurus here what are your top tips for > > preventing email from a new domain from being classified as spam? I > > checked spamhaus today and neither our IP nor our domain were listed > > anywhere. I did learn from the client that he had GoDaddy setup email > > for the domain we're now using, so I suspect that may be at the root > > of the false spam issue. Any tips are appreciated! > > > Cheers, > > > Chris -- SD Ruby mailing list [email protected] http://groups.google.com/group/sdruby
