Is A New Signup Registration Confirmation Email Even Necessary

MQK8

Well-known member
While struggling to get the DNS configured with the MX record and everything involved using Cloudflare so a new registrant won't receive the confirmation email in their spam or junk folder got me thinking. Is a confirmation email even necessary? With having Hcaptcha, Askimet, Honey Pot and Stop Forum Spam implemented wouldn't that provide efficient spam protection for starters? In today's social media driven world with a "want it fast and right now" mentality I'm thinking maybe many people wouldn't retrieve a confirmation email where they have to login to an email provider to click a confirmation link. I know people will say if the forum's content is good enough they will, but for a brand new forum I'm not so sure. With the odds already greatly stacked against people attempting to start a forum having any form of success is a confirmation link necessary? Also has anyone disable the confirmation email option and what was your experience like? Oh and it would take care of trying to figure out how to set up the DNS Cloudflare configuration. :)
 
Last edited:
It is necessary because of 3 things:

-Spam
-To ensure the entered email does exist and/or is not someone else's
-To mass mail users in the future (they need to be valid so you can send out newsletters)

But I wish the more modern approach in entering a phone number and getting an activation sms would work with XF.
 
It is necessary because of 3 things:

-Spam
-To ensure the entered email does exist and/or is not someone else's
-To mass mail users in the future (they need to be valid so you can send out newsletters)

But I wish the more modern approach in entering a phone number and getting an activation sms would work with XF. I was just thinking of things more on the front end at the sign up process.
SBJ, thank you for information. I never thought of all of that so I guess it is a must to implement. I was just thinking of things more on the front end at the sign up process.
 
It is necessary because of 3 things:

-Spam
-To ensure the entered email does exist and/or is not someone else's
-To mass mail users in the future (they need to be valid so you can send out newsletters)

But I wish the more modern approach in entering a phone number and getting an activation sms would work with XF.
The phone number approach would be nice.
 
Update:

So I know this is elementary information for all forum admins but this was somewhat of a learning curve for me. So after hours of reading Cloudflare's site and trial and error experiments I solved the confirmation email going to the spam or junk folder when using Cloudflare. So this may be of help to other newbies like myself.

So go in your admin set up options and change your email transport method to SMTP. Then put in your host name, username, and encryption SSL
Make sure you have a MX record in Cloudflare. In your CPANEL click Email Deliverability, check that your Email Deliverability Status is valid, then click the MANAGE tab, make sure the domain of your forum is showing and checked valid in the DKIM, SPF and PTR areas.

In CPANEL go to EMAIL ACCOUNTS and create an email address. Like info@exampledotcom, contact@exampledotcom etc, be sure it's the same email address that your username is when you changed your email transport method to SMTP in your backend in email options.

That's it. There may be a better and faster way of doing it but this seems to work for me. :)

 
Yup, keep email confirmation on. Here's recent experience of mine to help illustrate the value of it.

The other day, I noticed a pending user in the ACP, awaiting email confirmation. The email address was a "normal looking" Gmail address.

Still pending several days later, but this time another account had joined it, also pending. Made me wonder...

I checked the IP addresses. They were different, but both resolved to Bharat Sanchar Nigam based in India. What's the chance that this is actually the same spammer failing to activate the account using a fake email address? High, I reckon.

Funnily enough, the accounts are still pending. I'll give it a bit longer and then delete them.
 
Last edited:
Downside to it is that you’ll end up paying someone to send the messages, e,g. Twilio, which in the UK is $0.04 per SMS you send. Might not sound like a lot but that is per message and it can add up.
 
  • Like
Reactions: FTL
Also has anyone disable the confirmation email option and what was your experience like?

Yes, I did about three years ago and absolutely nothing bad happened at all. Previously, significant numbers of confirmation emails were ending up in spam or being bounced back. It made registering almost impossible for some people.

You're still asked for an email when you register and the expectation is you need to enter a valid email to confirm your account - I still mention in my terms this will happen, so it makes people think they need a valid email.

It just happens that you don't get a confirmation email and your account is validated immediately.

There hasn't been any increase in spam or abuse at all for me. I do use add-ons to push dodgy registrations into manual validation (users from other countries, certain email providers, if previously banned etc) and to push any first posts containing links into requiring a moderator to approve them.

Why not try it and see how you get on? People seem quick to tell you the world will implode if you turn the option off, but it has worked out well for me and removed a major registration headache.
 
But I wish the more modern approach in entering a phone number and getting an activation sms would work with XF.


Downside to it is that you’ll end up paying someone to send the messages, e,g. Twilio, which in the UK is $0.04 per SMS you send. Might not sound like a lot but that is per message and it can add up.

If only there was a way to do registration/signup with a phone number that was more modern than SMS and was free, that would be super cool...

1654544120404.png

In theory, someone could even disable registration strictly by email...

1654544045801.png

What if that also allowed users to receive push notifications/alerts at various messaging destinations? That might even allow you to get XF alerts in realtime on devices/browsers that don't necessarily support Web Push API.

1654544194265.png

Maybe you could extend that further than do something like use Telegram as a two-step verification option...

1654544336972.png

Maybe if someone was thinking outside the box, they could make a cool little add-on... SMS isn't that great, doesn't scale well, costs money, etc, etc. But you can definitely solve some problems with other things. ;)

But to answer the original question, no... email confirmation probably isn't all that necessary.
 
Maybe if someone was thinking outside the box, they could make a cool little add-on... SMS isn't that great, doesn't scale well, costs money, etc, etc. But you can definitely solve some problems with other things. ;)
With SMS I meant the mobile push SMS type of things. If it is actual SMS or something like push notifications, the devs needs to figure it out to make it free.
As long as the user gets verified by entering his phone number or somehow connecting to the website without the phone number so it can be verified.

People ask all the time stuff like "can you be specific about how XF can get more modern" and this is one actual example right here.
 
Yes, I did about three years ago and absolutely nothing bad happened at all. Previously, significant numbers of confirmation emails were ending up in spam or being bounced back. It made registering almost impossible for some people.

You're still asked for an email when you register and the expectation is you need to enter a valid email to confirm your account - I still mention in my terms this will happen, so it makes people think they need a valid email.

It just happens that you don't get a confirmation email and your account is validated immediately.

There hasn't been any increase in spam or abuse at all for me. I do use add-ons to push dodgy registrations into manual validation (users from other countries, certain email providers, if previously banned etc) and to push any first posts containing links into requiring a moderator to approve them.

Why not try it and see how you get on? People seem quick to tell you the world will implode if you turn the option off, but it has worked out well for me and removed a major registration headache.
Seems like just depends on who you ask. Before I figured out how to get the confirmation link sent to the main folder and not falling into the spam folder I never received one spam attempt or signup. I know when I sign up to a website the last thing I want is to retrieve a confirmation link that I may or may not know right off the password to and if I don't I usually just forget the process. But also the last thing I want is a bunch of spam as well. Again I had all of he spam deterrents in place that Xenforo offerss so why I posed the question. I guess it's just a matter of preference. I know Twitter sends a confirmation link but I don't believe Facebook does. To be able to have a smitten of a chance to do anything with a forum these days being up against these billion dollar corporations in California you need great content, the right topic, a lot of luck and yes fast access. I will give it a try to see how it works out. Thanks for the input.

 
That’s all true, just folks who aren’t as tech-savvy might not want to add another app to their phone/make a new account, as not rveryone is on Telegram. Like me, for example, but then again I probably wouldn’t use my phone to register either…
 
That’s all true, just folks who aren’t as tech-savvy might not want to add another app to their phone/make a new account, as not rveryone is on Telegram. Like me, for example, but then again I probably wouldn’t use my phone to register either…
Ya, it’s not for everyone. One thing that is nice about it though is you can require users to have a unique phone number (since you need a phone number to have Telegram), but you don’t disclose your phone number to the site. Like the site owner just sees the unique Telegram ID (basically an internal user ID that is just a unique integer for the Telegram user), but not their phone number.

Like I don’t personally want to give my phone number to a site (ever), but I don’t mind if the sites knows I have a phone number if they don’t know what it is.

In my particular case, the site requires the user to have a Telegram account because of what they do on the site. So my use case, it was a bit of a no brainer to allow them to signup with something they need to have anyway.
 
Also has anyone disable the confirmation email option and what was your experience like?
I've had no email confirmation or visible captcha for 4 years. Out of 9,217 members, I only have 186 accounts with bounced emails; about half from a registration typo and half from deactivated email addresses. So, not bad in that regard.

Regarding spam registrations, I never saw much of a difference with email confirmation on or off. A few years ago I did have a big spammer problem so I turned email confirmation on. It really made no difference - they kept getting through, even with captcha. The only thing that has about 95% stopped them is my /https?:|www\./i as a spam phrase, which will put their first post into moderation if it has a link. That catches almost all of them, and I only get 2-4 spammers joining per month nowadays. I do want to upgrade to @Ozzy47 country registration blocker, though.

I choose not to use email confirmation because in my mind, my forum gets more posts from new registrations. I don't have actual proof but I'm sure having to confirm your email before posting something is enough to discourage a handful of folks from ever making that post, lol.
 
A couple of the forums I manage need a means of vetting incoming members who were previously banned, so it does force them to try to get creative with different email addresses each time they attempt it. And often they are not bright enough to make the new address much different from the old one. If anything, the email confirmation, for us anyway, verifies that they have a known good, valid email address, as many will complain when they do not receive email notifications of new private conversations or forum replies.
 
Top Bottom