Confirmation Fails


Yesterday I talked about registration confirmations. Today I’m going to talk about a couple recent experiences with websites and their registration failures.
The first experience was with Yelp. One of my readers decided I needed a Yelp account and created one using my laura-questions email address. Yelp understands that people will be jerks and so sent me an email to confirm the account.

Hi Laura,
Thanks for joining Yelp.
To protect your privacy, please confirm your email address by clicking here:[REDACTED] We look forward to seeing you on Yelp.
— The Yelp Team
If you did not sign up for Yelp someone probably mis-typed their email address so just ignore this message.

I’m pretty sure it wasn’t a typo, but in the grand scheme of things if I don’t have to unsubscribe, I’m pretty happy. I continued to be happy with Yelp, until about a week later. At that point I started getting Yelp newsletters to laura-questions. It seems that “ignoring the message” doesn’t mean they won’t contact me, just that I don’t have access to the fake account that someone set up for me. Even worse, the unsubscribe link didn’t work because the account had not been confirmed.
Yelp doesn’t accept email, so eventually I had to open a case with their legal department to get them to stop sending me newsletters that I hadn’t asked for, nor confirmed. They seem to have fixed the problem at this point.
I understand this is a fairly rare situation, but there are a lot of things that Yelp could do to improve the experience of people who have fake accounts created by harassers.
Obviously, Yelp could trivially fix the problem by not sending newsletters to any unconfirmed address. But a lot of marketers will tell you that recipients are lazy and they won’t confirm but they will happily receive email. In some cases, the marketers even have data that shows definite revenue from mail sent to unconfirmed addresses. Not ever mailing those addresses seems to be a bad idea. At the same time, marketing to those addresses also seems like a poor idea.
There are some things I would suggest to clients in order to respect recipients who don’t confirm but not lose revenue due to recipients who don’t confirm but want the email.

  1. Limit what users can do on the website before they confirm their email address. Facebook, for instance, does not allow installation of games or internal messaging until an account is confirmed. This stops users from giving fake addresses but actually using the services provided by a website.
  2. Set up a limited marketing campaign to unconfirmed addresses. Instead of just adding those users to their normal marketing stream, they could send a confirmation reminder or two. Ideally these would be a small version of the newsletter: “here’s what you missed by not confirming your address. Confirm your address by <DATE> in order to get our newsletter and all the benefits of your account.
  3. Use website data to determine engagement. If someone creates an account, never confirms and never logs in, then it’s very likely this is a fake account and they shouldn’t be mailed at all.
  4. Make it easy to unsubscribe from mail, particularly when the address is unconfirmed. Even folks who run spamtraps will sometimes give senders the benefit of the doubt and try to unsubscribe. If that unsubscribe doesn’t take or is hard, that may result in a blocklisting.
  5. Have a link in the confirmation message that allows the recipient that says this registration is fraudulent, don’t ever email me again.

The second situation is with the New York Times. Apparently, I created an account on the website at some point. A few weeks ago I got an email from them.

Dear Registered User,
You previously registered your e-mail address on Our records indicate that
you did not confirm your email address.
Please note we have confirmed your email address so that you can now receive important
e-mail notifications and updates from To start getting all of the news you
want delivered right to your in-box, simply select your free newsletters now:

I know this is an account I created because it came to a tagged address. What I don’t know is how long ago I created the account. I have no trace of mail to that address from the NY Times in my mailbox which has archives back to mid-2010. That means the registration is at least 36 months old. With no communication from the NY Times in that 36 months, I bet that mailing had some pretty bad delivery.
Clearly, confirming addresses for your recipients is a very bad idea. However, there are things the NY Times could have done better.

  1. Instead of sending me an email saying they were confirming my address, they could have sent me an email asking me to confirm my address.
  2. Limit the addresses emailed for confirmation to those accounts that are currently active. Not only do I not remember signing up, I don’t have any trace of the login data for my account. That means I’ve not logged into with that account. Using website data is a great way to interact with users outside of email. The NY Times could identify active users who’ve not confirmed and send them confirmation emails.
  3. Limit the website functionality for NY Times for users who’ve not confirmed. The NY Times has been desperate to find some way to monetize their website, and that means they are doing a lot with interstitial ads and restricting article reads. They have the ability to stop users from logging in if the email addresses are not confirmed. That wouldn’t affect people like me who create an account and then forget they have it and never use it. What it would do is convince people who were actively logging into the NY Times to confirm. No confirmation, no logins at the paper, no commenting on articles, no access to archives, whatever the NY Times wants to restrict from non-registered and non-confirmed users.
  4. Allow an opt-out! The message was tagged as a “service message.” The footer said I could unsubscribe from promotional emails, but did not allow me to opt-out from more service messages. This is a bad idea, particularly when the NY Times is confirming my address for me.

Confirming registrations at websites is a good step for many commercial sites. It gives so many benefits to both the recipient and the website. But confirmations can be handled poorly, as the above two examples show. But there were simple, small things that both companies could have done that would have changed their spam to legitimate email.

About the author

1 comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  • The New York Times was the first ‘too big to block’/’too spammy to not block’ conundrum I had in my brief career in the email industry.
    …and that occurred in 1999. No shit, they were easily the biggest point source of spam on my network at the time. Massive volume of mail, and literally no bounce-handling whatsoever, since I was measuring a lot of the scope of the problem in double-bounces, because those were a good indicator of open relays back then. And a spamrun against my entire userbase spread across dozens of open relays would do about as much damage as the average daily output from the New York Times.
    I think they might have been the first legitimate brand to figure out “How To Do Email Really Badly”.

By laura

Recent Posts


Follow Us