Non-verified new users?

[essdeeay]

Am I to be alarmed because I created my idnetters account (including specifying an email address) without a confirmatory email?  Is this open to spam abuse?

Steve

[Lance]

Nope it's not. The only time your email address will be used is when you request a password reminder, or we make a forum annoucement (which isn't too often).

I see you have hidden your email address in your profile so it can't be picked up by anyone, and we do not pass anyone's email address to anyone.

[Simon]

The activation emails sent by some forums are mainly to make life a little more difficult for forum spammers (those who join forums purely to advertise).  As Lance said, members' privacy is not compromised without account activation emails being in use, but it's not a bad idea to actually implement these, as it's only one click for the new member, and it can act as a spammer deterrent, as non-valid emails would not then be able to register.

[essdeeay]

I've just sent myself a password reminder, by supplying only my username.  Now, if Mr. Spammer created many fictitious accounts, then 'requested password', that would result in:

a) unsolicited emails sent to unexpecting users (ie. spam)
b) an abuse of this system
c) complaints from users
d) damaged reputation for IDNet

Please will you implement a confirmatory email procedure for new registrations and password changes?  I don't know of any other forum that doesn't have this feature already.

Kind regards,
Steve

[Rik]

Hi Steve

We're always looking at what steps we need to take to protect members, and account activation is certainly something we have considered. Until now, however, we haven't implemented it because there has not been a problem and because it will introduce a delay in new members being able to post. As one of the primary reasons people join is to get help, we have felt that we do not want to put any barriers in their way (especially as they may have limited internet access at the time).

We take a good look at every new user, including checking their IP address (which is also logged against every forum activity). Where we have identified an issue, we have taken the necessary steps to resolve it. I'm sure you realise that I cannot detail the measures we have in place.

I'm not sure I get your point though. If a spammer creates a fictitious account and then requests a password reminder, it will go to the email address they have given. I accept that, if they give us a false email address, it will go to that, but it has never yet happened to my knowledge.

I should, perhaps, make the point that this is an independent forum, not an official part of IDNet.

We'll continue to monitor the situation, and will modify our procedures should the situation change.

I hope this reassures you.

[colirv]

As one of the primary reasons people join is to get help, we have felt that we do not want to put any barriers in their way (especially as they may have limited internet access at the time)

I think that's good, and I think it's the way it should stay.

[Ray]

Hi Steve

We're always looking at what steps we need to take to protect members, and account activation is certainly something we have considered. Until now, however, we haven't implemented it because there has not been a problem and because it will introduce a delay in new members being able to post. As one of the primary reasons people join is to get help, we have felt that we do not want to put any barriers in their way (especially as they may have limited internet access at the time).

I agree with your comments, Rik, I have been on this Forum since June 2006 and I have never seen any  Spam messages appear on the list and I have never received any as a result of being on the list. I think the current system seems to be working well - if it's not broke don't fix it. 

[cavillas]

Spam, spam, spam, spam. Spam, spam, spam, spam. Spam, spam, spam, spam. Spam, spam, spam, spam. Spam, spam, spam, spam. Spam, spam, spam, spam. Spam, spam, spam, spam. Spam, spam, spam, spam. Spam, spam, spam, spam. Spam, spam, spam, spam.

Something I couldn't resist.

[Inactive]

[Glenn]

http://video.google.com/videoplay?docid=5627694446211716271

[Simon]

I'm with Steve (essdeeay) on this, and I do believe that member account activation, as a security measure, is something which should be implemented on all forums.  All it means is that any new members, or members changing passwords will get an immediate email, requesting that they click a link to activate the account.  It takes no more than a couple of seconds, but it does mean that anyone who registers with a non-genuine email address, will not be able to complete the registration.  It won't affect any existing members, unless, of course, they change their password, or ask for a password reset / reminder.

[Rik]

As I say, Simon, we're keeping the situation under review and will respond to any perceived threat. We have implemented other measures to deal with the few instances of spam that we have had, and they should ensure an end to that particular source.

[Simon]

[essdeeay]

Thanks for the healthy discussion, it's good to know that there are certain procedures in place to at least prevent repetitive abuse of the system.  Although the idea doesn't sit comfortably with me, I imagine this may work whilst the forum base is quite small.

I do hope that further discussion may eventually lead to an account activation procedure though!

Merry Christmas to all,
Steve

[Rik]

The protection of our members will always be paramount, Steve. Rest assured that we are very proactive in ensuring the forum remains secure and free from spam.

Have a cool Yule yourself.