Confirming website registrations

Confirming email addresses during a website registration process is a good practice. It stops people from creating fake accounts, abusing  resources and using that site as a mechanism for harassment. But simply sending out a confirmation mail is not sufficient to prevent problems, particularly when everything about the process assumes that unconfirmed registrations are actually valid and not problem accounts.
I’ve had a couple recent experiences with companies attempting to use email confirmation, but failing pretty miserably. In each case a website set up a process where a user could register an account on the site. Both sites required confirmation of the registration email addresses as part of the process. But in each case there were some major failures that result in non-customers getting email.
Tomorrow I’ll talk about those two specific cases. I’ll also provide specific suggestions on how not to fall into the same trap and actually send opt-in email.

Related Posts

Evil weasels and random monkeys

I’m doing testing on a new release of Abacus at the moment, so I’m in a software QA (Quality Assurance) frame of mind.
One of the tenets of software QA is “Assume users are malicious”. That’s also one of the tenets of security engineering, but in a completely different way.
A security engineer treats users as malicious, as the users he or she is most concerned about are crackers trying to compromise their system, so they really are malicious. A QA engineer knows that if you have enough users in the field, making enough different mistakes or trying to do enough unusual things, they’ll find all the buggy little corners of your application eventually – and crash it or corrupt data more reliably than a genuinely malicious user.
As a QA engineer it’s easier to personify the forces of chaos you’re defending against as a single evil weasel than a million random monkeys.
In the bulk email world the main points where you interact with your users are signup, confirmation, unsubscription and click-throughs. Always think about what the evil weasel will do at that point.
Signup

Read More

The great debate

While surfing around last night, I discovered that the email experience council is running a poll. “The Great Email Debate Topic #2 – Single Opt-In or Double Opt-In?”
The email blogs have been discussing the question for a few weeks now, since one ClickZ columnist decided to stir controversy by claiming that “it is impossible to grow a list using double opt-in.” The original column inspired many other people to comment on the issue.
This is really a tempest in a teapot. There are situations where no address should be added to a mailing list without some sort of confirmation or verification step. Senders must protect themselves from bad subscription requests and double opt-in is one way to do this. Likewise, there are situations where a single opt-in with good list management will create a very clean list. Double opt-in isn’t necessary to stop spam.
Senders who think that they can’t grow their list with double opt-in are already behind the 8-ball in terms of list management. Yes, lists will grow slower. In the present environment, many users are very used to submitting a registration to a web page and then looking in their mailbox for an email to complete the process. No longer is “double opt-in” a foreign concept. Social networking sites, web forums and mailing lists commonly use double opt-in.
The challenge is for marketers to construct a signup process that is engaging enough to convince users to check their mailbox and click on the link. Senders with good marketing strategy will be able to do this, when it’s necessary.
Not every mailing list has to be double opt-in, but every engaging list could be without decreasing the number of subscribers.

Read More

How not to build a mailing list

I mentioned yesterday one of the major political blogs launched their mailing list yesterday. I pointed out a number of things they did that may cause problems. Today, I discovered another problem.
This particular blog has been around for a long time, probably close to 10 years. It allows anyone to join and create their own blogs and comment with registered users. As part of their new mailing list, they added everyone who has ever registered to their mailing list. They did not send a “we have a new list, want to join it?” email, they added every registered user to the list and said “you can opt out if you want.”
This is such a bad idea. My own account was used once, to make one comment, back in 2005. Yes, 2005. It’s been almost 5 years since I last logged into the site. Sure, I have email addresses that go back that far, but not everyone does. That list is going to be full of problems: dead addresses, spamtraps, duplicates, unengaged and uninterested.
Seriously, they’re adding people who’ve not logged into their site in 5 years to a mailing list. How can this NOT go horribly wrong?
My initial thought was this was going to blow up in a week. I’m now guessing they’ll start seeing delivery problems a lot sooner than that.

Read More