Make email field optional

[Jυra]

It seems the burden is on the site's webmaster(s) to make their site trustworthy and viewed as safe. People increasingly shy away from wanting to give out their email addresses, as a small site is deemed sketchy until proven otherwise. I don't know of a way to allow this or if an option was ever snuck in, but perhaps times have changed.

[Emissaries]

This is something I have also thought about a lot. I work with children who have been victims of crime, and my board is directed to these children. We talk every day and many of these kids want to be anonymous when they are talking to us. We, and also they, want to be able to register only with a username. But the problem is, the board is spammed a lot and we run into problems when we remove the requirement to verify the account through email. Members who only register to fight.

[Hexsplosions]

I'm curious. How else would you validate the members on your boards?

I've maintained many forums and I outright refuse to register anybody who is unable to validate their e-mail. Additionally, I refuse to validate anybody who changes their e-mail address (not sure if that's an IPS feature or not, but it is on SMF).

The e-mail and IP address of the user are pretty much the only two links you have to that person. In the event they do something unlawful and require assistance from local law enforcement, the more links to have back to a member the better.

As the admin, I always felt the onus was on me to make my members as safe as possible. Validating an e-mail address is a small part of that, but in my opinion an important one.

System > System Settings > Security and Privacy > New registration email validation = Change to "None"

I believe this is the closest you will currently get to achieving what you want. I can't see a way to make the e-mail address optional though, but they don't need to enter a valid e-mail address anymore. You could edit the skin so the form defaults to a standard value and is hidden.

[Jυra]

I don't use email validation on my forums and it should be optional if they want newsletters and notifications.

I think having members ready to post instead of waiting and moving on is a priority. Emails are fairly weak security as I lol'ed at the law enforcement bit.

My only issue is that software bridges use email addresses sometimes, but it would be a benefit most other forums.

[TracyIsland]

Well, some communities are kind of edgy (or focused) and some people find it a hoot to register their friends without their permission. Email validation helps to ensure members did in fact register of their own choice.

[Hexsplosions]

Emails are fairly weak security as I lol'ed at the law enforcement bit.

Stop being a troll.

Validating an e-mail address is a small part of that, but in my opinion an important one.

I already said it was a small part.

I can tell you from first hand experience that requiring validation can safeguard both members and admins from problems in the event of a problem, especially where law enforcement are necessary. I have had dealings with UK police over a "cyber crime" and one of their lines on enquiry was to vet the measures I had in place. I did the bare minimum necessary, but it was enough to satisfy them that no blame lay at my feet.

This is not speculation, it's experience so take it or leave it.

[3DKiwi]

If people want to be anonymous all they have to do is get a gmail etc email address. Not having email validation is like having an open invitation for people to spam you plus if an email address is not supplied the member can't receive notifications.

At my site I now require people to supply their first name and surname. These are only visible to the member and admins. If they want to join they have to supply this, plus of course validate their account. If anything I reckon this makes my site safer. If I have a problem with a member I can contact them and use their real name.

3DKiwi

[Marcher Technologies]

I don't use email validation on my forums and it should be optional if they want newsletters and notifications.

I think having members ready to post instead of waiting and moving on is a priority. Emails are fairly weak security as I lol'ed at the law enforcement bit.

My only issue is that software bridges use email addresses sometimes, but it would be a benefit most other forums.

Did you not wonder why it is required? why moreover IPSMember::load can load a member by email? The email is as unique as the member_id, and very often will out a spammer outright.

[Bartosz.Misiak]

An e-mail adress is not reliable anymore because of services providing temporary email addresses, such as mailinator.com. Therefore, I have disabled email verification altogether and rely on IPS Spam Service to stop spambots. It works very well.

Please have a look at http://reddit.com - their email field is optional and the whole registration form fits right next to the login form. It is so much more appealing to create an account there than it is on IPB forums.

[Marcher Technologies]

An e-mail adress is not reliable anymore because of services providing temporary email addresses, such as mailinator.com. Therefore, I have disabled email verification altogether and rely on IPS Spam Service to stop spambots. It works very well.

Please have a look at http://reddit.com - their email field is optional and the whole registration form fits right next to the login form. It is so much more appealing to create an account there than it is on IPB forums.

Please have a look at http://community.invisionpower.com/resources/guides.html/_/advanced-and-developers/integration/ips-connect-r27 and http://community.invisionpower.com/resources/guides.html/_/advanced-and-developers/integration/login-modules-r42

how much lost functionality is it worth?

it is never used for direct authentication, it is used as a unique key to request authentication from an external service.

[Bartosz.Misiak]

No functionality has to be lost as nobody forces website owners to disable the requirement. Should they do that, accounts created without the address could, as a workaround, be created with an email in the form of <uuid>@example.com. Voila, simple as that.

But it IS a workaround - it doesn't have to be used if the services you mentioned were properly redesigned with the possibility of an e-mail lacking user in mind.

[Marcher Technologies]

No functionality has to be lost. Accounts created without the address provided could, as a workaround, be created with an email in the form of<uid>@example.com. Voila.

But it IS a workaround - it doesn't have to be used if the services you mentioned were properly redesigned with the possibility of an e-mail lacking user in mind.

and pigs fly around on little golden wings.

look around.

google, facebook, twitter, msn, and more all use email as that identifier, you in fact login with that and your password on some, and all require it.

Sure, you could randomize it, and however would the user be able to reset a lost password, or recieve email notifications?

It is baked deep into the script, and there is no reason seriously to make such optional with so much functionality literally relying on it(or at all even).

[Bartosz.Misiak]

They wouldn't. It's their choice. If you care about spamming users with notifications then leave verification enabled.

As the OP mentioned, there are websites with focus on privacy or simplicity, where the e-mail field becomes a burden. Especially if a user wants to create multiple accounts on a single website. Some boards allow this due to privacy concerns - you don't have to, but don't force your idea of a website on others.

All the services you mentioned feed off users giving them more or less personal data so they can sell targeted advertisements. Not really the best examples for privacy-concerned people.

[Marcher Technologies]

They wouldn't. It's their choice. If you care about spamming users with notifications then leave verification enabled.

As the OP mentioned, there are websites with focus on privacy or simplicity, where the e-mail field becomes a burden. Especially if a user wants to create multiple accounts on a single website. Some boards allow this due to privacy concerns - you don't have to, but don't force your idea of a website on others.

All the services you mentioned feed off users giving them more or less personal data so they can sell targeted advertisements. Not really the best examples for privacy-concerned people.

I don't know how much privacy a site that by very nature, would allow a bot to easily and in seconds create hundreds to thousands of accounts could really provide, a captcha of any kind is but one tool, requiring a valid unique email, while less valuable, still slows it.

Any spam service I am fairly certain IS IP/Email based, even IPS'.

If Reddit isn't a blatant example of a stream of endless banter posted by anyone with two seconds with no privacy I don't know what is.

It is not like it is even displayed to anyone publicly, just admins/the user, so I have no idea why removing it's requirement sounds at all wise.

And no... If the user asked for a notification of an item by following it, and have email enabled for notifications, then they EXPECT that email of site activity, it is no spam.

[Jυra]

Should they do that, accounts created without the address could, as a workaround, be created with an email in the form of <uuid>@example.com. Voila, simple as that.

That's a wonderful idea.

And I agree spambots are best blocked.

I was not trolling at all about emails and law enforcement, as seriously someone can just make one up or do something that isn't worth law enforcement's time while using their normal email.

[Marcher Technologies]

That's a wonderful idea.

And what happens when IPB continues on it's merry way, and tries to send out notifications to email's that don't exist for every user you have registered in this way following anything or asking for a password reset(this is the actual real issue, even excluding notifications, what happens here, just make yet another account versus resetting the password because no email will ever be recieved)?

[Jυra]

I'm sure they would make the forum understand that those emails aren't real.

Also...notification emails will likely go to their spam bin. Doesn't sound like a good way to notify users.

[Marcher Technologies]

I'm sure they would make the forum understand that those emails aren't real.

Also...notification emails will likely go to their spam bin. Doesn't sound like a good way to notify users.

are you serious? half of the time the only way I know a post was made in response or of interest(i've followed) is that email notification.

on a busy board, inline is useless.

Unless your server is blacklisted, that has to be specifically done by the user, marking it as spam in the interface of the web or os client.