89
Email Verification
under review
Duncan Hamra
1) At the moment, anyone can signup with any kind of email address (no confirmation required) and get access to my content/product/service.
2) I require members to signup before they can get access to my content. If they can add a fake email, that completely invalidates the "gate" in "gated content." It's also important when sending out required emails like Terms of Service updates.
3) There are some hacky workarounds https://community.memberstack.com/c/community-support/email-verification-process
4) Enable an optional email verification step. Let me use my own email verification emails. Let a service like Mailchimp verify emails.
Activity
Newest
Oldest
Lighthouse Global, Inc.
Any word on this and possible inclusion with MS2.0? We're starting to see more and more spam/fake addresses signing up to access our free content and it would be great to have this built in.
Naitik Mehta
Lighthouse Global, Inc.: Hey there! Yep, this is
definitely
included in our roadmap for 2.0. While we are most likely going to launch without it (in an effort to get a simple version of 2.0 out for Beta), we agree that this is important and we'd like to add it into the product at some point post-launch. :)Naitik Mehta
Merged in a post:
Email Change Verification (Security Risk)
Matthew Palmer
1) The problem →
If a user is signed into a website and this account is through Memberstack, anyone could go into their profile modal (with access to their computer) and change the email with no verification in place.
2) Why is this important →
If a user is paying for a subscription service of some kind and their account is stolen from them in some way va email change in the profile modal, they have no security in place to prevent it from happening. They don't have an option to confirm this change.
3) What's your plan B →
N/A
4) Possible solutions we could build for you →
An extra step when a user changes their email which would require them to confirm this change from their email. Memberstack currently only sends out a password reset email, but it also needs an email change confirmation one too.
Naitik Mehta
under review
Josh Lopez
recently made a video doing a workaround https://community.memberstack.com/c/ama/memberstack-office-hour-6-mar-19-8-30am-pst
T
Tim Schmidt
One way that this could be accomplished is by calling an email verification e.g. https://mailboxlayer.com/. There are others, but this is one that I used on another project.
T
Tim
Very applicable. We're trying to create a discounted offering for students at .edu email addresses. I could currently register with a made up .edu email address and still get access which defeats the purpose of only allowing signups from specific domains...