There's got to be a bug because this was on the front page 6 days ago:
<a href="http://news.ycombinator.com/item?id=4486108" rel="nofollow">http://news.ycombinator.com/item?id=4486108</a><p>Well the link in the previous post had a trailing slash.
One suggestion I would add: Let them in right now, and confirm later. Sites that require you to wait for an email, click a validation link etc... have a higher barrier to entry. Sometimes email is slow, sometimes it ends up in spam, etc...<p>Just let the users in at first to poke around before forcing them to validate their email. After a day or two (or maybe to access certain features) remind them they need to confirm that email they got if they haven't already. Yes, some people may try your product and you won't have their real email address, the the ROI on spamming these people later is probably not worth the initial friction.
If you've been developing login systems for any length of time, this should be fairly obvious.<p>Be careful about taking that "it’ll get bounced" attitude too far though. The last time I did so I forgot to trim the email addresses and didn't lowercase them. Failing to trim will probably result in the email going through, but then might cause problems later on when you try to match their login ID to what they enter the next time.<p>A similar issue arises for case. Email addresses are <i>supposed</i> to be case sensitive but providers don't seem to take advantage of it in practice. Again, the case a user types varies from time to time (I assumed nobody used upper case... it seems silly). And if you switch to case insensitive login IDs down the line, you may have to deal with duplicate accounts (same email but different case).
Following this advice creates a lot of "I never got my activation email" and "Why won't it let me log in" support emails that are a big pain to deal with. It's pretty important to nip that in the bud, hence immediate email address validation.
we've been doing full mx lookups and smtp RCPT TO: queries for some time.<p>beware: yahoo's smtp servers always say addresses are valid...making validation quite pointless.
I couldn't help thinking while reading this that my main concern with registration systems isn't the complicated Regex as much, but rather the really annoying registry bots that sign up phantom accounts. I'm not a huge Captcha fan, but without something (Recaptcha, ghosted fields, etc) you'll get SPAMMED with tons of fake accounts - and they have valid emails, AND the bots click on the links in the confirmation email automatically. It's really sad.