I have a membership site in beta right now... At the moment, when a user registers, it marks the account as unverified and sends them an email with a link to verify their account.
The real reason for doing this is to make sure they entered their valid email address correctly.
So I was contemplating on removing the verification step to make it faster and easier to sign up. Just have it create an account that they can log into straight away.
The site uses PayPal for payment processing, so no sensitive data stored locally. It also only asks for a username, email address, and password when they register. So, really the most sensitive piece of info is the email address.
If I decide to do this, what sorts of problems could I be facing? Obviously, spam is one - but I'm developing ways to deal with that. Anything else?
Would you strongly recommend against this, and why? If it matters, I'm building it on the ASP.NET MVC platform.
Thanks in advance!
I'd say that the workflow of sign up, get e-mail, click on link in e-mail is now fairly ubiquitous and wouldn't put off the majority of users. I wouldn't go as far as saying that in general users expect this and would distrust a site that didn't do this, but it is getting that way.
It gives an added sense of security to users who now know that you're discouraging spammers in the first place rather than just dealing with them after the fact.
See also backslash17's answer about ensuring that the owner of the e-mail address is the one doing the signing up.