upvote

points

by gus_massa3 days ago |
comments
upvoteby ryandrake3 days ago|
next
[-]
> we have to send a few thousands of confirmation emails

What are you confirming, and why do you have to send it as E-mail? If it's sign-ups, just "confirm" using the same system that the user used to sign-up. Presumably HTTP.

reply
upvoteby em-bee3 days ago|
parent|
[-]
on most services you sign up by using an email address (or a phone number) as an identifier. these need to be verified to make sure it's actually yours and not someone else's, or a typo.
reply
upvoteby direwolf202 days ago|
parent|
next
[-]
If you used a username, you wouldn't have this problem. As it stands, signing up someone else's address for a lot of sites to spam them with confirmations is already an attack vector that's used in the wild. And that's legitimate spam and should be reported as spam and sites that do this are spam amplifiers.
reply
upvoteby ryandrake3 days ago|
parent|
prev|
[-]
They don't need to be verified through E-mail or through the phone, though. A simple landing page after you sign up that says: "We signed up [E-mail] for this service using [phone number]. If this is incorrect, [click here] to make corrections" would work, too.

Frankly, I'm getting tired of having to constantly "verify" this and "confirm" that every time I sign up for or log into an online service. It's especially annoying after I've already signed up. Every bank that I haven't logged into for the last 5 milliseconds hits me with a "confirm your E-mail yet again" flow. I'm going to just start using "password" for my password if these guys keep insisting on round-tripping through my E-mail every time I need to do anything.

reply
upvoteby gus_massa2 days ago|
parent|
next
[-]
We didn't want too many fake accounts. We didn't ask for phone numbers. It's very easy to get a burner email, in case someone wanted to avoid giving the main email. Burner phone numbers are harder.

Also, an important use is password and username recovery. We even got password or username request 30 minutes after signup! They had quiz to solve if they want to help during studding and it's good to track them.

We had a lot of wrong emails, in particular it was common someone@yahoo.com instead of someone@yahoo.com.ar because Yahoo! offer both options. Also someone@gmail.com.ar that does not exist, but that never stop users.

(If it help, we never asked to confirm the email again after the registration.)

reply
upvoteby em-bee3 days ago|
parent|
prev|
[-]
how do you prevent malicious use intentionally signing up someone else without verification? and how do you verify your own email if you are not technically competent enough to know how to spell your email correctly? (probably not an issue for students, but just seeing stories here on hackernews about people receiving emails not meant for them shows that this is an issue)
reply
upvoteby ryandrake3 days ago|
parent|
[-]
I guess whether that matters depends on the actual application. As long as it's not spamming (E-mail or phone), the impact of having an incorrect email address may be low.
reply
upvoteby xigoi3 days ago|
prev|
[-]
Why are you making the students use their personal e-mail rather than the school e-mail?
reply
upvoteby em-bee3 days ago|
parent|
[-]
it's probably the other way around. students use their private email, and they somehow can't make them use a school email.
reply
upvoteby xigoi3 days ago|
parent|
[-]
Then make the system use the school e-mail automatically without asking them? That’s how it works at my faculty.
reply
upvoteby gus_massa2 days ago|
parent|
[-]
IIRC, we don't give an automatic email for students.

I'm in the first year of the University of Buenos Aires. Everyone with a high school title can get into the First Year, no filtration before the first year. There are more than 50.000 students per year. The fist years is shared between the 13 Faculty (branches?). Each one has a different policy about the email for students. Moreover, inside each faculty each department has a different policy about the email for students (IIRC ~20 years ago in computer science every student got an email, but in math you got an email only after getting a undergraduate-TA position in ~3rd year).

Now the whole University has a deal with Microsoft so I got an email there. And also the First Year has a deal with Google so I got another email. Each faculty may self host or has another(s) deals with someone else, so I have another email in my old faculty. Three in total. I may even ask nicely to get a email as visitor in other departments/faculties, but I'm too lazy to do that. And some coworkers work in two or more faculties so add a few more emails for them.

Back to students, I have no idea how many emails they get now. Also, they may get the email a few months after the semester began, or not, I'm not sure and in the best case we definitively can wait until all the paperwork is done.

reply