I propose some type of visitor pass before the need to formally register. This would allow users to gauge how usefull the site would be for them. It would retain users who would be active and give the site an engaged and invested user base.
I don't prefer registering at all coz email is always spammed. 99/100 time I just move on to the next site. These companies selling our emails should be ashamed of them selves of how unpleasant they've made the internet. I know a friend that works for a email service provider. Guys pay them to let spam through to their email user base.
All the big email service providers... Google, Apple, Yahoo, all do this. Really don't know why they have spam filters or tools to mark stuff as spam even... they are the idiots letting these emails through.
If I decide to try a web service, i create an email address using their name and only give it to them. Most of them sell the email address they get.if I get spam on that email, I complain to them and shut down the address. Since I have my own email server, I can still see traffic to a non-existant email address. The worst offender has been checkmate.com. Still get email on that address over seven years after being deleted. Anothe noteworthy offender was citte.com. Huge spam traffic but eventually subsided.
Greg, I tried to reply to your email but you smtp server would not talk to mine so:
There are many was to skin this cat:
Using public email hosts -
Just create email accounts and then direct that account to forward all to your main account. If you want to respond, don't respond from your main account. Log in to the one that forwarded the email
Then when you are done with it just delete it.
Using your own email server:
I use the free version of MailEnable on windows. (I built a server based on windows using free services because a linux biggot bet me I couldn't)
I use UltraVNC to manage the sever remotely, but the process is the same but can chose any account name.
NOTE: there are some tricks to setting up your own email . Just ask if you need help. I've done it but I'm not an expert.
Custom Server- role your own:
I have been working on an email server that allows me to just give out an email address off the top of my head without pre-creating it. Basicly, the server will accept email to any mailbox until I say otherwise. I had it up and running and then had a major hard drive failure and am still trying to recover from that.
You know those lists of ~50 questions that go around social network sites that "help your friends get to know you?" You post your answers, everyone feels better, etc. LOOK at those questions! Somewhere in there is some of those types of questions that sites use as security questions:
What was your mom's last name before she was married to your dad?
What was the name of your first pet?
What's your favorite book?
What is the last name of your grandmother on your father's side?
Who is your best friend?
You have to know that those questions make their way around to some sort of database somewhere and are used later.
This is like those questions. Why would anyone volunteer what scheme they use to log into a web site? Imagine a hack where that list of people are now known to be easier to hack because they use the same information or scheme on each site. It's a dangerous kind of question. I know it's slight overkill but really, I'd rather give away as little information as possible to the internet by way of militant cyber-security in exchange for just a bit smaller attack surface. Am I wrong?
I get your concern over social engineering but the limited response options and generic nature of the options here don't really lend themselves to exploitation unless someone recognizes who you are (account-wise) and has already compromised an account or two on various sites.
Not the email password right??? I hope not, but I suspect some people do. Never use your email password on other website/services. I doubt some of the website owner care enough to exercise due diligence to protect your information. Also, try to use a password that the adversary cannot use it to guess the password for other website/service.
Tons of people just use Facebook connect which is basically the same premise. A single "super user" account for all their website account needs since so many sites allow those "connect through" options now. A prime example of a bad idea security-wise gone viral.
There are really just a few websites (about 10 to 20?) that I frequently visit and want to have an account with: email, Facebook, CP, LinkedIn...
And then there are the millions of websites that require you to create an account for "your convenience"...
A web shop I'll order from once and probably never again. Why the hell do they need me to register? There are a few who have "express checkout" and just let's you enter your details once without creating an account, but they are few.
It's a shame that websites are like that, the "register" button has become a turn off that makes me lose interest in the site almost immediately (kind of like a beard on women, except when you're a dwarf and dig bearded women).
If the site is "important" to me, I use my real email address, because I have some business with the site.
If the site is not important, like some comment-forums on various sites, where I just want to drop a line I register with a special spambox address/alias which is not forwarded to my main inbox (see it like a ignore-all-mailbox).
Most of my passwords are generated and in a password-safe - in most cases I do not even know them - I pick them from the safe.
I generally use the same Username (or minor variation) but use site-specific email addresses (all on my own domain, so they come through a catch-all into my primary email account). That way if someone sells my email (or is hacked) I know the root source of any spam; it also makes it easy to filter any email if I decide I don't want/need whatever they want to sell me.
I don't need to pay any particular attention to anyone who's behaving. ebay would, for example, be ebay@ , etc. Self maintaining reference.
Those who miss behave have the email routed directly to themselves in some manner - and possible a couple hundred SMTP emails telling them about my displeasure. Each of the SMTP's is different, with a randomized from email at a major email domain; body and subject slightly modified on-the-fly.
If I'm really in the mood, the SMTP mailer will send any number of emails with a gap between them so they're more likely to be interspersed with real email - more hassle to delete. Depends upon what kind of mood I'm in.