When designing a web application it’s common to see the following user registration process:
- User fills out the registration form, including their email and password.
- After submitting, the user is told to check their email for a confirmation link.
- After waiting for the email, they click the link and are marked as “activated” on the site.
- The user can now start using the site.
The thinking behind this is that you need to make sure the user has provided a valid email address, and one that is actually theirs.
However, there are a number of problems with confirming email addresses this way. It breaks up the user’s flow; if I’m signing up on a site I’m eager to start using it. Needing to wait for an email breaks that flow.
Second, email is a notoriously unreliable delivery mechanism. Because of the huge amount of spam prevalent nowadays, email providers are especially quick to err on the side of spam, if they even deliver the email at all. Confirmation emails in particular can often appear spammy, as they usually have a long link with a lot of random characters, and often contain only the user’s email address without their real name.
The last thing you want is someone choosing to sign up for your site, only to never start using it because they got distracted waiting for an email, or move on to something else because the email never comes.
Rather than blocking all functionality until the email address is validating, instead consider allowing as much use of the site as possible. When they get to a point where it’s necessary to know that the email they signed up with is correct, you can say something like “We need to verify your email address before you can proceed. Click here to re-send”. This also has the benefit of giving people a chance to re-send the emails if it was missed the first time.
Most functionality doesn’t require a verified email address. The main exception is that you don’t want to send out too many emails without knowing a user’s address. Otherwise, I could signup with someone else’s address and cause them to be spammed. This means you might want to wait on things like notifications (friend requests, direct messages, etc). Other than that, there’s little that’s truly required.
It can be tempting to require a verified email address for all functionality. However, the added complexity is worth the improved user experience.
