Email confirmation on signup

[Talk merit]

I've just signed up to Bitcoin Talk, and I was surprised that I wasn't asked to confirm my email address. I found this slightly disconcerting, as it means that a spammer can sign up with an alt name, and use somebody else's email address. If he makes this public, then it could cause problems for the rightful owner.

One other advantage of requiring email confirmation to a unique address is that it could reduce the number of alts being used by the spammers.

[Cobalt9317]

This kind of issue has been discussed before and it would not take long to search for that thread.
This thread has no purpose.

I'm not 100% sure but I'm certain this email problem had been sorted out.

[Jet Cash]

I/he did a quick search for "email signup" in the forum search, and didn't find anything meaningful.
Can you let me know the thread/post that discusses this, so that this thread can be locked.

[mdayonliner]

I've just signed up to Bitcoin Talk, and I was surprised that I wasn't asked to confirm my email address. I found this slightly disconcerting, as it means that a spammer can sign up with an alt name, and use somebody else's email address. If he makes this public, then it could cause problems for the rightful owner.

One other advantage of requiring email confirmation to a unique address is that it could reduce the number of alts being used by the spammers.

In a registration process the following are the standard procedures

1. Ask for the required information including email address.
2. Send a confirmation link in the email.
3. Active account using the confirmation link.
This way the system can confirm that the registered user own the email address.

In some case...
2a. Send a confirmation link in the email with a validation code.
3a. Upon clicking on the confirmation link once the user are on the new page then ask the user to enter the validation code. If the validation code match with the validation code in the email that sent earlier then active the account.

Wondering why SMF does not have this simple feature.

Someone can create an account with an invalid email account which never exists or with someone else's email account if they have a bad intention. They can do whatever they want and once they get caught then the whole community will blame that original email owner.
i.e: Imagine trump@trump.com¹ is trumps email account. Someone who hates trump (like me ) can easily create an account using this email address, he/she can conduct some super sensitive, highly risky activities in the forum. How would you know that it was not trump himself? In addition lets say Mr. Trump wants to create a BitcoinTalk account (LOL) then he will discover that he already have an account  

¹_{From my imagination only. I hope there are no such email address exists yet.}  

Edit:
Whole trump things will be ruined if the investigators know that BitcoinTalk do not validate email address  

[TheQuin]

Wondering why SMF does not have this simple feature.

I don't think it is a limitation of the forum software but an expression of theymos' desire to allow complete anonymity to forum users. When I signed up there was no requirement to provide an email address at all (I don't know if that is still the case).

[mdayonliner]

Wondering why SMF does not have this simple feature.

I don't think it is a limitation of the forum software but an expression of theymos' desire to allow complete anonymity to forum users. When I signed up there was no requirement to provide an email address at all (I don't know if that is still the case).

In this case I think instead of email address why not use a bitcoin address that you own. A bitcoin address is also a uniqueID.

For any system everyone needs a Unique ID to identify a user. That is why system developers use email address since every email address is unique.

It really make sense when it comes to anonymity. Agencies can trace the email address to find private information about someone (if they provide to the email provider of-course).

Asking for email address seems pointless in my opinion at the time of registration then. It can only create kiosk.

PS: Congratulations on becoming a Hero Member @TheQuin

[Cobalt9317]

I/he did a quick search for "email signup" in the forum search, and didn't find anything meaningful.
Can you let me know the thread/post that discusses this, so that this thread can be locked.

As I've said not completely sure but it does ring a bell.
They are discussing about email registration in a bounty and started talking a similar issue because someones email address used in a bounty.

Edit: They even discuss the larger exploitation of the email address.

Can someone remember that thread?

[TheQuin]

In this case I think instead of email address why not use a bitcoin address that you own. A bitcoin address is also a uniqueID.

For any system everyone needs a Unique ID to identify a user. That is why system developers use email address since every email address is unique.

It really make sense when it comes to anonymity. Agencies can trace the email address to find private information about someone (if they provide to the email provider of-course).

Asking for email address seems pointless in my opinion at the time of registration then. It can only create kiosk.

The unique identifier is the username, there is no technical requirement for any other identifier. It is a very long time ago but I remember the email field being optional. You only need to provide an email address if you want to receive notifications to it. You can also change or add the email after sign up.

PS: Congratulations on becoming a Hero Member @TheQuin

Cheers 

[BTCforJoe]

Can someone remember that thread?

This kind of issue has been discussed before and it would not take long to search for that thread.

You just directly contradicted yourself. What was the point in stating that this thread has no purpose if you're not able to back your claim that this issue has already been addressed? tsk tsk

When I signed up there was no requirement to provide an email address at all (I don't know if that is still the case).

It is no longer the case. I just registered a new account for a new venture that I'm a member of, and although email verification was not required, an address was. Here's what is displayed on the registration page:




While potential scammers could use your email to register an account here, it wouldn't be hard for you to gain control over that account and eliminate the malicious use by the scammer. Simply click on the "Forgot password" link on the sign in page, and you'll receive an email with a unique code that will enable you to change your password.

[TheQuin]

It is no longer the case. I just registered a new account for a new venture that I'm a member of, and although email verification was not required, an address was. Here's what is displayed on the registration page:

In that case, as it is easy enough to get an anonymous email I don't see any reason not to include a verification email on sign up.

[mdayonliner]

While potential scammers could use your email to register an account here, it wouldn't be hard for you to gain control over that account and eliminate the malicious use by the scammer. Simply click on the "Forgot password" link on the sign in page, and you'll receive an email with a unique code that will enable you to change your password.

What if I discover someone used my email address and created an account back in early 2013? Now I heard about BitcoinTalk forum and I wanted to join. I figured out the email has already been used. Taking your suggestion I reset my password and login. Then I see...

1. The account is Legendary account with rad tagged from all DT members plus from a lot of regular members. The account is a mess.
2. The account is a Legendary account with and included in DT
.
.
n. There could be n^th scenarios.

In both cases (1 and 2, forget about the rest) for the forum I have no idea what to do since I am a newbie. Case 1 is an injustice for me since originally it was not me, Case 2 might be a blessing but again it's not me originally.

Will I not face a great problem to keep my real impression here?

PS: I'm playing with my imagination again, It does not mean that in reality it's impossible  

[Cobalt9317]

I'm not 100% sure but I'm certain this email problem had been sorted out.

You just directly contradicted yourself. What was the point in stating that this thread has no purpose if you're not able to back your claim that this issue has already been addressed? tsk tsk

If you quoted my entire comment you'll understand that my memory doesn't serve me right.
I'm not the type of guy who do a research over a simple discussion I only rely on my memory and this searching of the said thread misaligned my nerve cell.

if this is unhealthy for the sake of community I don't care beggars can't be choosers I prefer to do things on my own as we are all swarmed by a lot of teenagers who live down the basement of their parents classified as shitposters.


@O.P Sorry I misinformed you with something so stupid but if you look that thread you can see that similarly that is the same circumstances.

[TheQuin]

1. The account is Legendary account with rad tagged from all DT members plus from a lot of regular members. The account is a mess.
2. The account is a Legendary account with and included in DT
.
.
n. There could be n^th scenarios.

In both cases (1 and 2, forget about the rest) for the forum I have no idea what to do since I am a newbie. Case 1 is an injustice for me since originally it was not me, Case 2 might be a blessing but again it's not me originally.

I case 1 just change the email on the dirty account and make a new account.

In case 2 just thank some unknown fool for the gift.

[Alone055]

1. The account is Legendary account with rad tagged from all DT members plus from a lot of regular members. The account is a mess.

That should not restrict you from making another account as he just used your email address but the account was made with his own IP address. So you can simply create another account without any problems since your IP has a clean history in the forum. And if you wish to use the same email for your new account, do what @TheQuin said.

2. The account is a Legendary account with and included in DT

I don't really think a person having enough potential and knowledge to get included in DT would use someone else's email address to create an account and use it like his own as he would probably know he can lose access to it anytime in future if the original owner of the email he used finds it out.

[mdayonliner]

case 1 just change the email on the dirty account and make a new account.

That should not restrict you from making another account as he just used your email address but the account was made with his own IP address. So you can simply create another account without any problems since your IP has a clean history in the forum. And if you wish to use the same email for your new account, do what @TheQuin said.

Hmm... I wonder why did not I think of that before. Seriously I missed the trick first hand 


I wish there was a fool somewhere to use one of my email few years ago 

Anyway In general I think asking for no email was ok at the time of registration. So far I know unless you change an email address you can not create another account giving the same email address. If someone needs notifications then that's another case. They will not give a false email coz they need information in their inbox.

Since we already have a unique identifier, we do not need to play around with email.

The unique identifier is the username, ...

 

[yudif]

I think a lot of member here will wish that someone uses their email ids while registering here. When the profile is aged and ranked up, that person with the access to the email will simple takeover the account by using forgot password option.

Regarding your concern about someone using your email for registration and then doing illegal activities here, if any investigation is done, this will be revealed. Do not worry about these things at all.

[Lehbane]

I think Mr. theymos are working on it like the KYC, and for your info, using someone email is a little bit risky when you are using different password for every account, not only your account for this forum but into other site too, when you forget your password with your account using someone's email it a bye bye moment!!


Next question: you can only use one email to create one account in this forum right?

[selezneve]

I think Mr. theymos are working on it like the KYC, and for your info, using someone email is a little bit risky when you are using different password for every account, not only your account for this forum but into other site too, when you forget your password with your account using someone's email it a bye bye moment!!


Next question: you can only use one email to create one account in this forum right?

No, this information is right. In a recent post, he mentioned that he is not going to implement any KYC here. You might be confused with his post as he stated using some phrase like "I will do it as soon as the hell freezes over". It means that he will not do this.

Even if you remember you password and are using the email of another user, it is very risky. He can always use the forgot password option and get access to your account. he does not need to know the current password for that purpose.