So we have a simple login system for our automated reminder system which asks for various details such as name, address, mobile number and lastly, email address.  The email address is quite important as this is a purely online system and so most communication is done through email (such as notifications, billing reminders, special offers, etc).

 
Upon registration an email is sent out confirming the new users email address and password.  Lately I´ve been getting messages rebounded from some of the various free email providers such as Hotmail.  Chances are this is because the user hasn´t checked their account in the last month, as opposed to a false address (since they are along the lines of some_random_string_of_crap74@hotmail.com).
 
I originally didn´t want to use email verification methods as it makes it a more complicated registration process and as it´s a paid for service, I expected users to be responsible with the information they gave.  On second thoughts I´ve decided to implement a verification process where the user is logged in when they click on a link in an email they receive to an address they specify.  This must be done within a certain time which is stored in the database.  This means that anyone not verifying will have their account disabled.

 
The downside to this is that legitimate users would suffer a delay before they can use their account, so I decided to give them a 24 hour grace period, then log them out and disable their account if they haven´t verified by this time. Hopefully it´ll give a more robust system.

This entry was posted on Friday, March 11th, 2005 at 1:03 pm and is filed under Email & Spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.