Email Address Validation In Web Apps
If you’ve ever signed up for some sort of web-based application, you’ve likely been asked to supply your email address. Often, the email address isn’t used for anything more than sending you information on specials or sales or whatever. But in more and more cases, the email address you supply is used as a way to reset the password for your account on the web application. And in both these cases, if the web application doesn’t verify your email address (by sending you an email first) you should make darn sure that you enter in the correct email address. If you don’t believe me, read on.
Regardless of how the email address is to be used, a validation of some kind should be required before the user can continue and/or the email address is used. It’s a win/win situation for both sides; the user wants to ensure that his account on the web app is safe and that they can reset their password if required and the web app owner wants to ensure that they aren’t sending email to someone who doesn’t want it. That said, I’m sure most users get annoyed when they are forced to wait for some sort of validation email to arrive. Yes, I agree it’s a pain, but you’ll be much happy than the guy who signed up for an Expedia.com account and used my google email address as his contact email (in his defence, his first and last name are the same as mine).
It started on November 4, 2005 when I received confirmation of a trip to the Turks and Caicos booked via Expedia.com. The itinerary detailed the trip times, flight numbers and passengers. But it wasn’t my expedia.com account (I don’t have one) and I certainly didn’t book the trip to the Turks. In the interest of being a good citizen, I tracked down a support email address for expedia.com and sent them a nice note explaining that this user had obviously entered in the wrong email address. The reply from Expedia.com came six weeks (yes, SIX weeks) later, and they had this to say:
Please accept our apologies regarding the misunderstanding with your account. It seems that the account holder may have entered an incorrect e-mail address that is why you have been receiving confirmation e-mails from Expedia. You may keep getting more emails from Expedia.com in the future and it may take a while until they change it. Meanwhile, we ask for your patience in this matter.
I figured that meant that they would contact the customer and let the customer know that the wrong email address had been entered. It would then be up to the customer to change the email address. Okay, seemed fine. Except that emails from expedia.com continued to arrive telling me about various specials they were having… for another two months. And when another travel itinerary arrived yesterday, I decided enough was enough.
So I went to the expedia.com website and went to the sign in page. Lucky for me, Expedia.com has a link that allows me to reset my password and even sends the login account number to the email address they have on file. And mere moments later an email had arrived from expedia.com with my account number and a link that allowed me to reset his password. So I logged in and changed his email options so no more special offers or other similar information emails would be sent to me. But then curiousity got the best of me and I continued to peruse his account. I now know his phone numbers (he lives in New Jersey), the address of his emergency contact (also lives in NJ and has the same last name), and the name and phone number of his travel companion. This is where it gets interesting; the two trips he’s taken so far have been short trips to resort-type destinations on odd dates and it’s been with a woman who lives in Connecticut. Seems a bit suspicious to me and you’d think he’d be a bit more careful with that kind of information.
In any case, the story ends here. As of this afternoon, his account password is still the same as what I changed it to yesterday and I suspect that it will remain until such time as this other Douglas plans another trip. But the important thing here is to remember that when a web application imposes some constraints on you, whether it’s the length of your password or the need to have a number in your password or email validation, it’s very likely that the web application designers are doing it for your own good and not to annoy you.
Thu, 09 Feb 2006 23:48 Posted in General
