I recently read something on A List Apart going against sign up forms, but what about activation emails? Are they a big no no, or a useful tool in the fight against bots? Is there any proof that an activation email actually drives away users?
Having a user's email can be extremely useful and many times necessary. When you make changes to your TOS/privacy policy, you can send them notifications. When they receive an internal private message, you can send them a notification. You can also send them updates about your service. Also, email is probably still the most powerful marketing vehicle. If you ignore it, you've just lost a very powerful ally in your path to success.<p>Now, how you collect this email is also extremely important. The best way to collect emails is through double-opt-in. User first requests to receive messages from you (a checkmark during the signup is sufficient) and then they confirm the subscription when they receive the email. Why is this important? It prevents people from claiming that you're a spammer. If you follow this procedure and if you keep these records (i.e. dates, IPs etc), you can defend your email when you get spam complaints from other postmasters. It is CRITICAL that you followup on these spam reports since you can easily get blacklisted on all of the email services and your emails will never be delivered. If you use email list services (like Aweber etc),they require you use double opt-in and won't allow you to add an email without it. I like these various email contact services since they deliver emails to inboxes of pretty much all of the email service providers and they fight every spam report on your behalf.<p>So yeah, I understand the need to have an easy signup but you should also think ahead. My suggestion is to start with no double opt-in and add it later on as your site grows and you start receiving spam complaints.
In my opinion the more hurdles you present the more users you drive away.<p>There are legitimate reasons for introducing hurdles like requiring registration, requiring activation e-mails, etc. Ask yourself whether the benefits of activating outweigh the potential downsides. If you're requiring activation e-mails to prevent bots from signing up, how significant of an impact will those bots have on other users? On a forum it may be pretty significant, as the site can be flooded with unwanted posts. There are other cases where a bot signing up would really have no substantive impact on a user, because they wouldn't be inconvenienced by the bot.<p>That's a rather roundabout answer, but it effectively boils down to this: you should remove every unnecessary barrier between your user and your site. I consider an unnecessary barrier something that doesn't improve the quality of the site and/or the user experience.
If activation mails were to get me back to where I was when I was REQUIRED to register, then I would find them less annoying.<p>Instead, they get me to some new windows, on some profile page. And when I get back to the original window, guess what? I have to "login"!<p>Dude, I just registered and now you want me to "login"?<p>Conclusion: Activation emails suck. At least the way they are implemented today.<p>BTW: When I enter my email address and password in a "login" form, please don't blame me "You are not registered", register me instead!<p>"login" + "register" = "login" -- There is no need for two actions.
I've moved to using soft email confirmation, meaning that it doesn't prevent the user from doing anything, it just removes a message on their dashboard or whatever reminding them to confirm their email address.<p>Context is everything, but 99% of the time soft confirmation or no confirmation at all is fine.
We've used a hard activation process previously, and only around 40% - 50% of people who signed up actually activated. Think about that ... over half of our users who spent the time getting to know the product enough to sign up didn't even get to use the site properly.<p>Now that I think about it, I think it's crazy... and I'm not using any activation on my new site. If they got their email wrong during sign-up (an occurence a lot more rare than 50%), they can just change it or sign up again.
While in most cases you probably don't want to prevent users from signing up, there are cases where a few hurdles can be a good thing. If you have a site that depends heavily on user-generated content and registration is pretty much exclusively for posting privileges, the registration process can be one means by which you filter for higher quality, more committed users (assuming your site is in any danger of having lots of users who will submit low-quality content).
Look at it from a business perspective:<p>What do you gain from having an e-mail:<p>- usually nothing, unless you send your users spam.<p>What do you lose from having an e-mail:<p>- around 10% of your potential customers. (the number probably varies wildly from site to site)<p>- People who lose their password can't get into their account, unless they choose to provide an optional e-mail adress.<p>To me that is a pretty clear choice.
Ativation emails are an outdated idea. It only takes one service to freely give away email addresses to make an activation email quite moot. The theory is that a genuine user can confirm sign-up using an out-of-band channel. So, if you want an account on a website then you confirm this action via an email. Some web based email systems get you to confirm via SMS. However, there's two problems with this practice. Web surfer != email user. Secondly, the out-of-band channel is open to abuse. For example, email or SMS details being sold to spammers.<p>A better approach is assume abuse and counter it with transparent levels of trust. This forum is close to ideal. Some counter that the existance of accounts themselves invites a futile game of whack-a-mole with people abusing trust. Others argue that it is a concise method to undo damage.<p>Regardless, you should allow users to do as much as possible without creating an account or giving an email address. If you don't then someone else will.
Every day we loose something like 30% of users just because of activation emails. We can't change this since we have a partnership that it is currently forcing us to take the verification email but I'll not include any kind of a priori verification email in my next applications.<p>A decent way to handle the problem is to add the field in the profile and tell the user to fill the field in order to get notifications and to recover the password. It may be a good idea to display a warning in the profile if there
is no verified email address for the account. The best way
to make sure the users will actually enter their email
addresses is to do something very useful with notifications
and/or reports.
With the advent of services like mailinator (<a href="http://www.mailinator.com" rel="nofollow">http://www.mailinator.com</a>), it is getting easier to bypass these precautions, but at least it can be useful in ensuring the registrant is a human?
Two huge reasons that activation emails are worthwhile:<p>- validation (to a reasonable extent) that a user is who they say they are<p>- enhanced security for users<p>The whole war on sign up forms and the like is far overblown imo. If your users are going to have even a moderate level of ongoing interaction with your site (especially if your site has social aspects to it) it is necessary to include some form of identity verification.<p>I, for one, would think quite poorly of a company that allowed someone else to sign up for an account using my email address.
the way we're handling this:<p>1) require no registration<p>2) allow registration for convenience or features that obviously require it.<p>3) send out an activation email, but don't bug or even inform the user on the website about it.<p>4) don't enforce activation.<p>since for many users activation is an automatism already, you'll still be able to verify a lot of email addresses, but without having to wait/check-spam for the email.
We stopped using activation email since the beginning. For simplebucket we took a different approach. By directing the site's usage strongly tied to a user's valid email address, we don't have to have activation email.<p>To upload their photos and later to admin those photos, our users have to go to this "secret url" that they will receive when they first upload their photos.
I really like the idea of the soft activation, but for this site a working email address is pretty important (I think at the moment - of course that might change).<p>I also like the suggestion of the "you're not registered - here's the form with bits already filled in" style login.<p>Thanks for all the suggestions, and keep 'em coming!
I think the point of the A List Apart article was to get your visitors involved before requiring a full sign up. Show them your app is actual valuable and useful to them before you require any commitment on their part. Once they're engaged a small sign-up form or an activation email is no longer a hassle.
I say don't use them at all. If your users are giving you fake emails then they don't really care too much about your service and are just testing it out, so why not let them test and play around and minimize resistance, maybe they will like it and end up adding a real email address or even subscribing.
What about in the situation where you're actually contacting other users on behalf of the registered user (think event planning)? In those cases, shouldn't you at least try to verify that the user is who they say they are? What are the alternatives?
activation emails are trivial nowadays. too many bots beat the system. it used to add a level of security, but it doesn't anymore.<p>and you may be able to say the same for CAPICHAs later once someone devises a way to break them consistently.
why not use authentication APIs from yahoo/gmail/hotmail etc for the login/account creation process. It will accomplish not only validating email address, but also creating an account in one step.