2009-09-27
Some suggestions for registration confirmation emails
As a practical matter, I think that registration confirmation email should have at least three characteristics:
- it should always be initiated by that user; there should be none of
the invite-your-friends features that are beloved by marketers.
(Yes, I'm completely serious about this.)
- it should not have any user-entered text whatsoever. Any user
entered text will be exploited by spammers,
and you don't have any need for it anyways.
- it should be devoid of marketing material in general. No 'thank you and welcome to <X>, the best place in the world for <Y>' or the like. Imagine that you are the most paranoid anti-spam person in the world getting this email, and try to make it so that it is not even possibly marketing anything. You can put all of that stuff in the email that they get after they confirm their address.
Hopefully it goes without saying that you should rate-limit the amount of registration confirmations that you'll send to any one email address. Since people's anti-spam systems do eat email, I think that you should allow a couple of repeats more or less immediately but then start backing off. Do tell the user about it, because if you've done your job well most of the people running into the rate limit should be real users having email problems.
(More sophisticated systems are possible and probably friendlier. For example, you might notice when messages bounce and allow faster retries for that.)
Per AutosendExcludeAddresses, putting the IP address that submitted the request into the confirmation email does nothing to make people feel better about you, and may even make you look more spammy. The real cure is to take steps to block abuse to start with.
Why you can no longer have an 'invite-your-friends' feature
Marketing people absolutely love having an 'invite your friends' feature on your website, where your existing users can stick in the email addresses of their friends to have you send invitations to your service to them. Unfortunately, there are a number of problems with it that mean you can't have one any more.
First, if you provide any way to have user-entered text (even in the form of the sending user's nominal real name), spammers will exploit it. Second, even with no user entered text at all it is still going to annoy at least some of the recipients; in fact, you will be sending spam by the UBE definition, since it is email, it is unwanted by at least some recipients, and you will be sending it in bulk.
For the sake of both your reputation and your marketing, it is much better to persuade your users to send personal email messages from their own accounts. If you want to help them out (and increase the chance that they'll actually send the message), you can supply cut and paste ready messages that they can just dump in their mail client, with personalized links and everything.
Sidebar: the distrust problem
Merely having an invite-your-friends feature will cause some people to distrust you for reasons that boil down to 'the well has been poisoned by spammers'; too many untrustworthy websites have kept such email addresses and later used them for additional purposes (marketing, selling them as valuable assets, or whatever).
It follows that if Marketing absolutely forces you to have an invite your friends feature, you should under no circumstances actually keep a copy of these email addresses (or at least not a usable copy; use a hashed version for anti-abuse purposes). And you should have a clear and prominently mentioned policy about it.
(Do not say that it falls under your general privacy policy, unless your privacy policy is 'we never keep email addresses, we get rid of them right away'.)