Why isn't email required anymore?

magnusvhendin

Or to be more precise, why was this moved to the interstitials step in the registration?

I'm referring to this commit.

I don't really see why this was needed. If the forum requires a valid email address, why not just show that at registration, and not as an after thought? Even if you tick "Require new users to specify an email address" at /admin/settings/user#user-registration, you only get prompted in the optional email input during the interstitials.

gotwf

@magnusvhendin In case you missed it, you may want to check out this related thread:

https://community.nodebb.org/topic/16281/email-address-requirement-during-registration

crazycells

@gotwf I think what @magnusvhendin is suggesting is that if the email address is required, then it should be asked on the same page, which I believe is a more expected and common approach.

magnusvhendin

@crazycells That's exactly what I mean. The way it was implemented now is very confusing. I get the need to remove email as a factor (GDPR etc), but I don't understand the way it was implemented. And for some forums emails could be crucial, so why put it after registration? I know it's not technically after registration but, still not where expected.

No where else have I encountered a registration where you don't input your information all at once. I even feel that the TOS could be a checkbox with a link to the information.

But in the end it's the decision of the NodeBB team and I don't want to nag about it. I'm just interested in the reasoning.

gotwf

@crazycells said in Why isn't email required anymore?:

if the email address is required, then it should be asked on the same page

fwiw: I concur. I was trying to be helpful by pointing OP to the related thread. Since it was on topic of email and registration. But I realize they are technically separated issues.

@magnusvhendin said in Why isn't email required anymore?:

But in the end it's the decision of the NodeBB team and I don't want to nag about it. I'm just interested in the reasoning.

That would be interesting to me as well, if for no other reason than inquiring minds tend to be curious about lots o' stuff...

julian

@magnusvhendin Hey there, sorry about the delay, I've been on vacation the past couple of days.

The reason the email was made optional is because not all sites require email, and even if they did, any semi-determined individual would just put in random garbage.

There were two issues with this:

1. Incorrect emails would bounce, causing reputation issues over time
2. NodeBB prior to this change would allow any email to be entered, even other peoples' emails. A lot of sites do this, and it's not necessarily something we should guard against, but I personally find it really annoying when someone uses my email to sign up for random sites.

With this change, an email must be confirmed before it is associated with the user account. This allows the forum admin to be absolutely certain that the email is genuine. Otherwise the user just has no email address, which is perfectly ok too.

julian

Now, as for why the email entry is in an interstitial, I think that is mostly an aesthetic decision. There may have been other considerations, but I cannot recall them right now.

I think a registration page should be slim by design, asking only the required questions to proceed.

After that, the interstitial page would ask all optional questions (unless otherwise configured). Email can be skipped, although TOS and GDPR questions need to be checked.

magnusvhendin

@julian I agree with you on the extra steps (TOS etc), but just not on the email bit.

For me these are the logical paths:

Do not require email

1. Input username and password.
2. Click register
3. Fill in optional information

Require email

1. Input username, email and password
2. Click register
3. Fill in optional information

This makes it very obvious what is and what isn't optional.

That said. It's obviously up to you but I don't think it would be a huge amount of work to do this. Is it something that you would approve as a PR or do you want to keep it as is?

gotwf

@julian said in Why isn't email required anymore?:

There were two issues with this:

Incorrect emails would bounce, causing reputation issues over time

I run my own mail server and my forums are "small" so the bounces land in my queue/spool and are not a real problem. I see how this could cause significant grief otherwise, especially on larger forums.

I also use IsTempMail, which seems pretty effective on its intended targets. I wonder how many others do? Been a while since I played with those knobs but iirc, it was pretty painless to set up.

NodeBB prior to this change would allow any email to be entered, even other peoples' emails. A lot of sites do this, and it's not necessarily something we should guard against, but I personally find it really annoying when someone uses my email to sign up for random sites.

Hard nut to crack, this one. Maybe add a disclaimer to the welcome message along the lines of "Somebody, hopefully you, used this email address to register for our community at URL. If this was not you we apologize for the inconvenience."?