Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
Normal
The solution is to avoid creating a user record or accepting any additional registration information until the user has confirmed their email address. It makes no sense to run denylist and spam checks until that happens.The current system also allows enumeration of emails, and it makes it easier for people to try various banned email addresses until they find one that isn’t banned, since they don’t have to confirm each time. It also permits nefarious actors to pollute denylists with impersonated email addresses, and it allows them to exhaust API credits for paid spam mitigation services.
The solution is to avoid creating a user record or accepting any additional registration information until the user has confirmed their email address. It makes no sense to run denylist and spam checks until that happens.
The current system also allows enumeration of emails, and it makes it easier for people to try various banned email addresses until they find one that isn’t banned, since they don’t have to confirm each time. It also permits nefarious actors to pollute denylists with impersonated email addresses, and it allows them to exhaust API credits for paid spam mitigation services.
We use essential cookies to make this site work, and optional cookies to enhance your experience.
See further information and configure your preferences
