[prsimp]

"In the edge case, where some unauthorized person has signed up using my email, then include some directions at the bottom of the email that instruct me how to deal with the abuse. And an extra benefit: If I have a good experience with your site reporting the abuse, I’ll be more interested to legitimately check out the site."

I'm not sure if I just don't understand what both of you are saying, but it seems he addressed this point towards the end of the post. I can't see how his solution ('click here if this isn't you') is any different than 'click here to confirm this is you' as far as potential abuse is concerned.

[zb]

Because if you're the innocent target of a malicious sign-up then you shouldn't have to take any further action - particularly action that could expose you to further harm, such as clicking on a link randomly emailed to you from some site you've never heard of - to avoid having your email address associated with the account.

Edit: You also shouldn't have to be watching your email like a hawk 24/7 just in case somebody signs you up for something, so that you can stop them from impersonating you before they do any damage.

In short, it's the difference between opt-in and opt-out. Identity theft should almost never be opt-out.

[swombat]

More than that - a number of services (for example B2B SaaS) depend on knowing the email identity of their user. Are you John Jones <john.jones@goldmansachs.com>? Of course you are, you signed up with that email address and the system accepted you.

If a system like, say, Woobius, doesn't confirm emails, people will abuse this lack of feature.

[joemi]

Such a "not me" link only prevents abuse if the person receiving that email checks their email the instant it's sent and clicks the "not me" link instantly as well. Otherwise, someone could sign up for a site using a random person's email address and then do something malicious depending on the site/service... send emails/messages, post nasty forum messages, etc.

Granted, not all sites/services can be used for such maliciousness, but in those cases that the site can be used maliciously, a "not me" link is a corrective measure and not preventative measure.

Edit: zb put it more eloquently than I did.

[tomjen3]

If I get a strange Email I am going to assume it is spam, which means I report it as such and whomever send it will have trouble sending email to gmail users in the future.

[sunchild]

Opt in vs opt out. It makes a difference under the law.