Email Verification
complete
Duncan Hamra
1) At the moment, anyone can signup with any kind of email address (no confirmation required) and get access to my content/product/service.
2) I require members to signup before they can get access to my content. If they can add a fake email, that completely invalidates the "gate" in "gated content." It's also important when sending out required emails like Terms of Service updates.
3) There are some hacky workarounds https://community.memberstack.com/c/community-support/email-verification-process
4) Enable an optional email verification step. Let me use my own email verification emails. Let a service like Mailchimp verify emails.
Duncan Hamra
complete
This feature is now live in Memberstack 2.0 🎉
Thank you for your patience. Here are the docs to get started → https://docs.memberstack.com/hc/en-us/articles/8437630733083-Email-Verification
Duncan Hamra
in progress
Hi @all, we are ready to begin development on this feature 🎉 I've recorded a 4minute video detailing our favorite solution, and I'm excited to hear what you think.
A few things I did not mention:
- The email content is editable & will use your logo + brand color.
- You have 100% design control of the verification UI on your site.
Duncan Hamra
You can leave your feedback/comments here.
Lighthouse Global, Inc.
Duncan Hamra: This looks great so far! The free plan flow preventing access to content is exactly what we have been hoping for. A couple questions for your consideration would be:
How will Memberstack handle existing accounts with unverified emails through this new flow?
And will it be possible to prevent users from creating duplicate accounts using an already registered email address (if so, how would that be handled)? Duplicate accounts aren't a dealbreaker for us but it makes a considerable amount of extra work when it occurs, so it's preferable to avoid.
Duncan Hamra
Lighthouse Global, Inc.:
How will Memberstack handle existing accounts with unverified emails through this new flow?
All existing accounts will be marked as unverified. So, if you block access to contact all of these people need to verify their email before they can access gated content. If you allow access they will see a prompt to verify their account (instructions here https://docs.memberstack.com/hc/en-us/articles/8437630733083)
And will it be possible to prevent users from creating duplicate accounts using an already registered email address
This should already be possible 👍 are you having an issue where people are able to create an account with the same email address? If so please reach out to support and let them know what is happening 🙏
Lighthouse Global, Inc.
Duncan Hamra: Thanks for the reply! Awesome to see, this functionality will definitely allow us to stick with Memberstack for a long time.
The duplicate accounts were my mistake - Memberstack is handling everything properly, we just have external sources on our backend we need to reconfigure. 🙃
Duncan Hamra
planned
Planned for Q3 of 2022. Will share solutions as they come together for feedback.
Lighthouse Global, Inc.
Any word on this and possible inclusion with MS2.0? We're starting to see more and more spam/fake addresses signing up to access our free content and it would be great to have this built in.
Naitik Mehta
Lighthouse Global, Inc.: Hey there! Yep, this is
definitely
included in our roadmap for 2.0. While we are most likely going to launch without it (in an effort to get a simple version of 2.0 out for Beta), we agree that this is important and we'd like to add it into the product at some point post-launch. :)Naitik Mehta
Merged in a post:
Email Change Verification (Security Risk)
Matthew Palmer
1) The problem →
If a user is signed into a website and this account is through Memberstack, anyone could go into their profile modal (with access to their computer) and change the email with no verification in place.
2) Why is this important →
If a user is paying for a subscription service of some kind and their account is stolen from them in some way va email change in the profile modal, they have no security in place to prevent it from happening. They don't have an option to confirm this change.
3) What's your plan B →
N/A
4) Possible solutions we could build for you →
An extra step when a user changes their email which would require them to confirm this change from their email. Memberstack currently only sends out a password reset email, but it also needs an email change confirmation one too.
Naitik Mehta
under review
Josh Lopez
recently made a video doing a workaround https://community.memberstack.com/c/ama/memberstack-office-hour-6-mar-19-8-30am-pst
T
Tim Schmidt
One way that this could be accomplished is by calling an email verification e.g. https://mailboxlayer.com/. There are others, but this is one that I used on another project.
T
Tim
Very applicable. We're trying to create a discounted offering for students at .edu email addresses. I could currently register with a made up .edu email address and still get access which defeats the purpose of only allowing signups from specific domains...