« Welcome to HappyWeb ‘99 — The original Web2.0
The World eBook Fair »

User Authentication and Web Business Models

Several years ago, after a rather annoying week of having one of my email addresses used to send many americangreetings.com “greetings” to unknown masses, having my email address added to americangreetings’ spam list and then wasting a bunch of time complaining bitterly to americangreetings.com with no results, I added americangreetings’ IP blocks to my anti-spam appliance’s blacklist.

I guess they’ve changed IP address blocks since, because I received an email last week saying that I’d sent some person a “greeting” from americangreetings.com. Of course I complained bitterly, noting that in all this time, I was disappointed to experience that they hadn’t implemented any sort of email address validation that would authenticate their user’s ownership over an email address used to generate “greetings”.

A few moments ago, I received a response from americangreetings.com proposing a solution (an evolution from 1999). Their method to prevent email address forgery is to ban everyone, including me the owner, from using their product with my email address. Elegant.*

I suspect that americangreetings.com neglects to authenticate their users because they realize that if they did implement a real email validation step before allowing anyone to send a “greeting”, they’d lose 50% of their traffic because the barrier to use vs. usefulness would be too high for most of their users.

When I wrote the mailing list sign-up routine for Yallery’s Alpha home page, I made sure that all the email addresses submitted to us are validated. About 70% of the email addresses in the list have been validated and will receive email from us as soon as we have something to say. The remaining unverified email addresses will be culled after 30 days.

I wish more Web businesses would value real members vs. eyeballs. Eyeballs forge my email address, members do not.

* This is the same solution used by AOL after I learned that the maximum number of AIM accounts allowable had been created by my email address (and none of them were owned/created by me).

Update:

The original message was received at Mon, 11 Jun 2007 14:23:31 -0400 (EDT)
from exprod8mx36.postini.com [64.18.3.136]

—– Transcript of session follows —–
451 4.4.1 reply: read error from ag28.americangreetings.com.
<blocksend@americangreetings.com>… Deferred: Connection reset by
ag28.americangreetings.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

heh.
sigh.

This entry was posted on Monday, June 11th, 2007 at 11:58 am and is filed under Rants, Yallery. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.