Add "reject this" link to registration email


Status Graveyard
10 years ago
2 years ago


(Reporter: timeless, Unassigned)





10 years ago
I just got this via email:
Welcome to Firefox Add-ons.

Before you can use your new account you must
activate it - this ensures the e-mail address you
used is valid and belongs to you.
To activate your account, click the link below or
copy and paste the whole thing into your browser's
location bar:

Once you successfully activated your account, you
can throw away this e-mail.

Thanks for joining Firefox Add-ons
-- Firefox Add-ons Staff

It appears to be me, however there was only one link to click, no way for me to complain that the link was not requested. I clicked the link and instantly someone else's password for my email address was active.

I did not ask for the account (at least, I don't remember asking for it). But the email provides no way for someone to investigate the "registration" other than clicking on the link, by which time, the damage is done.

Comment 1

10 years ago
btw, if you don't have sufficient logging to remember all account details (original first/last name, registrant ip address, etc.) please let me know, i'll file a bug asking you to ensure that the next version retains such information.
I think it's pretty standard practice that if you didn't request an account, you don't click on the link confirming that you did request the account.


10 years ago
Severity: blocker → minor
OS: Windows XP → All
Hardware: PC → All
Version: 3.0 → 3.2

Comment 3

10 years ago
I agree with Justin. However, what we may need to do is add a maintenance job that will expire new user registrations after a little while (2 days?). We have quite a bunch of unverified user accounts that just take away space and block nicknames, but don't serve any purpose because nobody can log in before confirming their account.

Comment 4

10 years ago
it may be standard practice somewhere else, however bugzilla's standard practice has been two links. one to affirm and one to reject.

i'm also used to this from other good services on the web.

but yes, auto expiring is also a good thing (bugzilla tokens expire after a couple of days, in this case if you don't have a reject option then 2 days is a good maximum).


9 years ago
Severity: minor → enhancement
Summary: Add-ons registration email is unacceptable and enables phishing → Add "reject this" link to registration email
Bug 444010 cleans up inactive accounts and we have recaptcha to prevent a bot from creating thousands of users.  I think we should move on.
Last Resolved: 9 years ago
Resolution: --- → WORKSFORME


2 years ago
Product: → Graveyard
You need to log in before you can comment on or make changes to this bug.