HACKER Q&A
📣 NikolaNovak

Why don't email verifications ever let me DENY the verification?


I have a name that's apparently common in Europe. Every couple of weeks I get an email asking me to verify/confirm my email address.

They never ever seem to have a button that says "DENY VERIFICATION " or "Nope, that's not me"

Small shops I never heard of and big, international, well known businesses - they never have a "Do not approve / register / verify" button.

(Today I just got half a dozen emails from PayPal - apparently somebody is using my email address to register. Based on subsequent emails, even though this email was never verified, they continue to do their business and register. PayPal won't let me deny usage of my email, submit a ticket, or contact support for help without logging in, which obviously I cannot and do not want to do - I'm not to the one who got registered!).

So what is the point in email verification emails, if there's no way to deny it / indicate "Nope that's not me, don't do it"?

  👤 nomilk Accepted Answer ✓
The role of email verification is as a simple check for whether the email entered is controlled by the user entering it. A non-reponse by the owner of the email implies denial. So it's denial by default, and that only changes if specific action is taken (i.e. clicking on the confirmation link).

I suspect the reason for not having an explicit 'deny' button is based on cost-benefit analysis. The benefits might be limited to 1. Improved user satisfaction, and 2. Minimise the risk that a user might accidentally click the confirmation link. But I suspect these aren't enough to outweigh the extra (arguably unnecessary) effort of implementing it.

👤 withinboredom
Marking the email as spam will report it to the company via a feedback loop mechanism and you should stop seeing emails within a day or two. Companies that have this set up correctly will take a spam complaint of a verification email as a deactivation of the account.
👤 mtmail
Facebook has "That's not me" after a failed login. I think denying then triggers the original person/IP to be banned for a while.