Let say you have a web application that is collaborative in nature. That means, you signup and then you can involve other users with your work.<p>For e.g you work on a document and then want to add more users to come and edit the document from your team.<p>Now as a team admin you can add new users by simply providing the email addresses.<p>Now there are multiple options how the webapp treats the new email addresses<p>1. If the email address does not exist, then create a new user, send an activation link with temporary password to the email address<p>2. The webapp ignores the email address and notifies the Team admin to have the user pre-register prior to getting added to the team.<p>#1 is more convenient and a better user experience but it has potential for someone to abuse the system for spamming<p>#2 Is safe as the team admin and the member have already communicated prior to joining into the webapp, they register and then the admin can add the user as its own team member.<p>How do webapp handle these kind of situation? What is the best practise?
I wouldn't worry about spamming as long as the team admin couldn't modify the outgoing email message.<p>Furthermore, you can add in rate limiting, or limit the number of unactivated users a team admin can have.