Lies We Tell Ourselves About Email Addresses

Posted by theanonymousone 1 day ago

Counter17Comment6OpenOriginal

Comments

Comment by amiga386 51 minutes ago

Add the lie "emails are delivered instantly, so the user can click a link I email them within 1 minute"

And the lie "users always read emails on the same device they're logging into a website with"

And the lie "users can always view HTML email so no need to send a plaintext equivalent, especially if I have a long complex URL I want them to click"

And the lie "Clickable links sent in email are more secure than passwords so I'll stop supporting passwords and instead rely on email delivery of a link for all logins. Whoever clicks that link first is definitely the user who wanted to log in"

Comment by wodenokoto 23 minutes ago

If you have a password reset form, you probably already have a log-in with email with extra steps functionality.

Comment by 23 minutes ago

Comment by CPLX 14 minutes ago

> Clickable links sent in email are more secure than passwords so I'll stop supporting passwords and instead rely on email delivery of a link for all logins

God, I fucking hate that.

I have a fucking password manager, I have various machines and things open. Just let me fucking log in.

If anyone is reading this who is in charge of the internet please stop doing this.

Comment by denkmoon 47 seconds ago

[delayed]

Comment by teo_zero 30 minutes ago

The plus sign is a pet peeve of mine, too. But I stopped keeping a list of bad sites when their number has become double digit!

Comment by adamzwasserman 1 day ago

I enjoyed the deep dice. A lot of sensible advice, and enjoyed the deep dive. A lot of articles do not get a lot of that as right as this article does.

Anyone who also enjoyed it would probably get a kick out of my article on the same subject that goes into the regex (which has some valid use cases): https://hackernoon.com/on-the-practicality-of-regex-for-emai...

Comment by jeffbee 8 minutes ago

This article says that Gmail can't handle address literals. I personally wrote the IPv6 address literal support for Gmail, so this annoys me. I just tested it and it shortened "[IPv6:2001:etc:etc::192.etc.etc]" down to "@2001" then generated an extremely terse mail delivery subsystem notification that I've never seen before. Which is why you should never just rewrite software without understanding why all the test cases are in the test suite!