ofbiz-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bruno Busco" <bruno.bu...@gmail.com>
Subject Re: Customers e-mail verification to complete registration
Date Wed, 01 Oct 2008 05:28:12 GMT
Many thanks to you both for sharing your experience of the ecommerce world.

What you say makes a great sense and makes me more confortable with having
(or making someone have) an ecommerce site without captcha and e-mail
verification.

When I will have some time I would anyway try to have an email verification
feature that could be enabled/disabled following David's hint about the
contact list.

-Bruno

2008/9/30 BJ Freeman <bjfree@free-man.net>

> The only attraction on most robots, from my experience with store
> owners, is if there is a forum or blog associated with the ecommerce
> site. This is usually used to increase rankings for SEO.
> The main thing that Ecommerce faces is Fraud orders, where a person will
> flood a site with bogus orders. neither captcha or authentication will
> do anything to keep this from happening. IP addresses and countries are
> usually enough to spot such bogus orders.
> Also note that a lot of People don't want any information outside their
> address to be delivered to, so they will put in a bogus email address.
> The email verification will save a bounced emails when the notification
> emails are sent. On the other hand once a bounce email is returned .
> that my be, depending on the bounce, a way to verify the email address.
>
> David E Jones sent the following on 9/29/2008 10:01 PM:
> >
> > On Sep 28, 2008, at 11:17 PM, Bruno Busco wrote:
> >
> >> 2) Since we have no captcha function I am worried about robots that
> could
> >> generate thousands of false accounts filling up the database. Having
> >> neither
> >> captcha and e-mail verification could expose the ecommerce too much,
> >> don't
> >> you think so?
> >
> > What is the worst case scenario for these? Extra registrations?
> >
> > There are many forms of denial-of-service attacks, I must admit I've
> > never heard of one that specifically targets automated account creation
> > on ecommerce sites. Usually automated account creation is used for sites
> > where public postings can be made, like free email and public forums and
> > such.
> >
> > Whatever the case, it's really not my decision unless I'm running an
> > ecommerce company myself. That's something I'd generally leave up to a
> > client to decide on. If someone did ask my opinion, I'd say the
> > inconvenience to a customer (and corresponding abandoned carts) may not
> > be worth it. Of course, it should also be considered that adding captcha
> > and/or email verification may not have any effect on customer conversion
> > rates and what what. If a company really wanted to know either way the
> > best approach would be to do random testing of using and not using each
> > across a large customer base.
> >
> > -David
> >
> >
> >
> >
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message