Why Do We Send Confirmation Emails?
https://stackoverflow.com/questions/7069228
-
26-12-2020 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What good does it do to require the user to provide an email address, just so we send him/her one email to complete the registration process? It certainly won't protect against (D)DoS attacks, and I don't see how it increases security.
Solution
The first thing that comes to my mind is that it allows them to actually confirm the account. Its a simple thing that double checks that the user actually signed up for the account and actually wants it. (See Scenario)
Scenario A:
I hate George so I am going to sign him up for all of these websites. That way he gets all this mail from them that he does not want.
Scenario B(Exaggerated)
Someone decides to register a billion accounts. With no confirmation your site now has a billion accounts that are never going to be used. Also if these are legit emails then a legit user could not register with them. (Again much more unlikely to happen)
OTHER TIPS
A user's e-mail address is used to keep in contact with that user (read: spam their e-mail) and to allow the user to recover a password should they fail to remember it.
The confirmation e-mail confirms that the user is not for some reason attempting to register an account attached to an e-mail account not owned by them. If a user could register an e-mail without confirming, this could be used to harass another individual.
