Why don't we do email verification in reverse?(blog.yossarian.net)
blog.yossarian.net
Why don't we do email verification in reverse?
https://blog.yossarian.net/2022/08/20/Why-dont-we-do-email-verification-in-reverse
5 comments
These are good points, thanks.
I use a native email client so I haven't tried this in a while, but the last time I used a `mailto:` link with Firefox and Chrome both offered to open it in GMail. I wonder if they've removed that since, or whether it requires some additional system permissions that not everyone configures.
Ultimately, I don't think either flow works well in a situation where you have multiple browsers or multiple individuals using the same OS account. That being said, you should be able to configure your browser to offer multiple `mailto:` options, including multiple GMail sessions.
I use a native email client so I haven't tried this in a while, but the last time I used a `mailto:` link with Firefox and Chrome both offered to open it in GMail. I wonder if they've removed that since, or whether it requires some additional system permissions that not everyone configures.
Ultimately, I don't think either flow works well in a situation where you have multiple browsers or multiple individuals using the same OS account. That being said, you should be able to configure your browser to offer multiple `mailto:` options, including multiple GMail sessions.
I don’t think this would work for users using aliases for their email signups.
In the existing system, [email protected] can be verified.
In the proposed reverse method, sending emails from [email protected], not [email protected], breaks the sign up flow.
This is true for catchall emails where people register using [email protected] (a forwarding address) but their real address, [email protected], as well.
In the existing system, [email protected] can be verified.
In the proposed reverse method, sending emails from [email protected], not [email protected], breaks the sign up flow.
This is true for catchall emails where people register using [email protected] (a forwarding address) but their real address, [email protected], as well.
You're right. I'd actually argue (maybe controversially) that this is a feature -- tags and other optional metadata in email addresses are not standardized as unique identities; they're just how Google and a few other email providers have decided to interpret the local part.
That being said, I make use of Google's +-style filtering, so this would also break my own uses :-)
That being said, I make use of Google's +-style filtering, so this would also break my own uses :-)
Because it’s easy to fake email from your account.
The problem is I never configure my browser mail client. I am not sure even how to for GMail. And using mailto: links seems so retro, and rare. At best if I see one I will right click Copy Email Address, then past that into another browser.
I use multiple browsers on the same device, and multiple devices. Setting them all up to open an email client is a pain. And whose email client? Multiple users per PC. And no we don't want to log out and log in again when we borrow the laptop.
And another problem is spoofing. You can't trust an email you receive. And if you are too strict in verifying the source, there are probably genuine people who can't get past your checks because they haven't set up all the SPF, etc. stuff.
I don't think this is practical.
What I would like as an improvement though:
1. Sign up. 2. Let me do as much as possible without verifying. 3. Get verify email. 4. Clicking links confirms and then leaves a dead tab and encourages me to close it. - this keeps things tidy, I return to the tab where I was actually working on the page I want to be on. 5. Because I have verified, the other tab knows (using JS can know in real time) and I carry on.