[minitech]

The convenience advantage is significant, and it goes farther than convenience, since it’s very common for services to have their verification mail blocked or sent to spam. (Bonus pain: there’s no user-visible difference between delayed and blocked mail.)

The privacy advantage is also significant and real: no, not every web app sends an onboarding reminder, and the current state of web apps came to be without this functionality, so you can expect behaviour changes for those services that value the privacy, plus new services/authentication options to spring up that weren’t previously possible.

[chrismorgan]

> it’s very common for services to have their verification mail blocked or sent to spam

So instead, there’s no verification mail and it’s the next message, the one that you actually wanted, that gets blocked or sent to spam.

The “privacy advantage” that the issuer can’t learn the identity of the application that wants to send mail seems to me to be a significant functional liability. If it instead produced a token that said to the email service provider “see, the message was invited”, now that would be useful. (It would raise concerns of its own, but it would at least be useful.)

[tracker1]

Now THAT would be an interesting idea to implement... My gmail matches my username, and I can't even begin to count the amount of services, systems and people that don't understand how to get an email address that have entered mine.

Example: you can make orders from mlb online without verifying your email, and then you get marketing emails regularly. In that case, I was able to call the very senior citizen who thought he could just use any address he wanted.

I can't remember the dating app that let someone sign up mobile using my email address... I hijacked the account (password recovery) and changed the prompts to "I'm an idiot that doesn't know how email works." ...

[0x073]

> The privacy advantage is also significant and real

Depending which privacy, currently if I input a email into xyz noone can trust that this email belongs to me. In the future every email input can verify if the mail belongs to me, that scream abuse and more new things that try to fix the old.

[jstanley]

Can you maybe reword this comment? I can't work out what you're trying to say.

[0x073]

Nowadays, email inputs are just plain inputs. If they gain the ability to automatically verify an email address through JavaScript, there’s a high risk that this feature could be abused by scam or phishing sites.

[withinboredom]

It'd likely be gated behind something like a physical user interaction (like accessing location) and require the human to approve it.