What if the confirmation email belongs to somebody else? [closed]

Question

Closed. This question is off-topic. It is not currently accepting answers.

---

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed 9 years ago.

Improve this question

This is probably a extremely uncommon case, but:

What would happen if user A registers an account in a website with an email that doesn't belong to him and uses it without confirming it (as many websites now allow you, at least in a limited way) and then some other person, user B, tries to register an account with the same email which he actually owns?

Would a message "that email is already associated with an existing account" show, would it let both user A and user B access the site with the same email or what?

Answer 1

In my solutions i almost always use email as user identifier which means there can only be one user associated with an email address. This would mean if someone used someone elses email it would indeed result in 'this email is already in use'.

However, the real owner of the adress could easily get a password reminder to his email.

Solution to faking email addresses; Send out an account activation email to the email specified to be able to finalize the registration process.

In what context does your problem / question arise?

Answer 2

It would likely give you the message "that email is already associated with an existing account". And User B would have to use a different email to make an account.

And this is strictly in general. Any website can have any implementation. I assume you're asking because you're going to implement your own idea of this feature.