Activation emails
I recently read something on A List Apart going against sign up forms, but what about activation emails? Are they a big no no, or a useful tool in the fight against bots? Is there any proof that an activation email actually drives away users?
49 comments
[ 4.6 ms ] story [ 43.3 ms ] threadWhat do you gain from having an e-mail:
- usually nothing, unless you send your users spam.
What do you lose from having an e-mail:
- around 10% of your potential customers. (the number probably varies wildly from site to site)
- People who lose their password can't get into their account, unless they choose to provide an optional e-mail adress.
To me that is a pretty clear choice.
They should have a "Don't mail me bro" checkbox. I don't always agree with their definition of "spam".
There might of course also be other valid reasons for wanting an e-mail adresse.
I think that the metrics support this view as well.
All your users have it-- have you thought about when your users might like to be notified about new activity relating to them? (opt-in, of course)
You just shouldn't request an obligatory email adress, or even worse a confirmation by email, unless you really have to. It tends to scare a lot of users away.
Also if you are running a service with termed licensing, an email communication is how you drive the license renewal process. This sort of communication does not qualify as spam, because it is more of a service reminder rather than an unsolicited commercial offering.
I was referring more to the sign-up stage though, where you tend to lose a lot of potential customers with obligatory confirmation e-mails.
But if you can get the conversation going after the critical sign-up step, you should by all means do so.
There are legitimate reasons for introducing hurdles like requiring registration, requiring activation e-mails, etc. Ask yourself whether the benefits of activating outweigh the potential downsides. If you're requiring activation e-mails to prevent bots from signing up, how significant of an impact will those bots have on other users? On a forum it may be pretty significant, as the site can be flooded with unwanted posts. There are other cases where a bot signing up would really have no substantive impact on a user, because they wouldn't be inconvenienced by the bot.
That's a rather roundabout answer, but it effectively boils down to this: you should remove every unnecessary barrier between your user and your site. I consider an unnecessary barrier something that doesn't improve the quality of the site and/or the user experience.
Daniel
It is similar to the "crime of opportunity" in real life .. or a "heat of the moment" if you will. Make people pause or engage before posting and most of them change their minds about posting crap.
Context is everything, but 99% of the time soft confirmation or no confirmation at all is fine.
The biggest reason we want an email address at all is for password resets. We have a decently large list of customers, some paying, others playing for free.. But if you've invested months, weeks or years into the game, and you lose your password, we want to have a way to help.
Currently, if this happens, we go into the database and manually verify your billing address, time you signed up, recent activity and the like, but it's a very manual and potentially error-prone process. Giving them a way to reset it automatically would help quite a bit.
The second thing we use it for is notifications. Since Chron X is an interactive game, some users request to have us send them a note when it's their turn. We wouldn't want to start sending out turn notifications without a confirmation, to avoid having users inconvenience others. ("Yeah! Send all my turns to billg@microsoft.com, and my second email, sjobs@corp.apple.com")..
We've been debating this internally for a while, arguing between easier signup (no conf), and better security, and lower customer service time (conf).
Soft-conf is a good tradeoff for us.
1) require no registration
2) allow registration for convenience or features that obviously require it.
3) send out an activation email, but don't bug or even inform the user on the website about it.
4) don't enforce activation.
since for many users activation is an automatism already, you'll still be able to verify a lot of email addresses, but without having to wait/check-spam for the email.
and you may be able to say the same for CAPICHAs later once someone devises a way to break them consistently.
Now that I think about it, I think it's crazy... and I'm not using any activation on my new site. If they got their email wrong during sign-up (an occurence a lot more rare than 50%), they can just change it or sign up again.
A while ago I put more rigorous user tracking on a site of mine and found that a very large percentage of the dead accounts where just duplicates from active users.
- validation (to a reasonable extent) that a user is who they say they are
- enhanced security for users
The whole war on sign up forms and the like is far overblown imo. If your users are going to have even a moderate level of ongoing interaction with your site (especially if your site has social aspects to it) it is necessary to include some form of identity verification.
I, for one, would think quite poorly of a company that allowed someone else to sign up for an account using my email address.
Now, how you collect this email is also extremely important. The best way to collect emails is through double-opt-in. User first requests to receive messages from you (a checkmark during the signup is sufficient) and then they confirm the subscription when they receive the email. Why is this important? It prevents people from claiming that you're a spammer. If you follow this procedure and if you keep these records (i.e. dates, IPs etc), you can defend your email when you get spam complaints from other postmasters. It is CRITICAL that you followup on these spam reports since you can easily get blacklisted on all of the email services and your emails will never be delivered. If you use email list services (like Aweber etc),they require you use double opt-in and won't allow you to add an email without it. I like these various email contact services since they deliver emails to inboxes of pretty much all of the email service providers and they fight every spam report on your behalf.
So yeah, I understand the need to have an easy signup but you should also think ahead. My suggestion is to start with no double opt-in and add it later on as your site grows and you start receiving spam complaints.
Fuck compulsory registration.
Instead, they get me to some new windows, on some profile page. And when I get back to the original window, guess what? I have to "login"!
Dude, I just registered and now you want me to "login"?
Conclusion: Activation emails suck. At least the way they are implemented today.
BTW: When I enter my email address and password in a "login" form, please don't blame me "You are not registered", register me instead!
"login" + "register" = "login" -- There is no need for two actions.
I had the exact same idea, but maybe registration should require a captcha too, so..
A decent way to handle the problem is to add the field in the profile and tell the user to fill the field in order to get notifications and to recover the password. It may be a good idea to display a warning in the profile if there is no verified email address for the account. The best way to make sure the users will actually enter their email addresses is to do something very useful with notifications and/or reports.
I also like the suggestion of the "you're not registered - here's the form with bits already filled in" style login.
Thanks for all the suggestions, and keep 'em coming!
A better approach is assume abuse and counter it with transparent levels of trust. This forum is close to ideal. Some counter that the existance of accounts themselves invites a futile game of whack-a-mole with people abusing trust. Others argue that it is a concise method to undo damage.
Regardless, you should allow users to do as much as possible without creating an account or giving an email address. If you don't then someone else will.