This article was published on October 23, 2015

Snapchat sets a poor example for user confirmation emails


Snapchat sets a poor example for user confirmation emails

Occasionally, something pops into my inbox telling me that someone has set up an account with Instagram, Tumblr or some other service using my email address. These are generally nascent spam accounts with names like bigbob14892371 and they’re usually easy to disassociate with your email address with the click of a ‘this is not me’ link in the notification email.

Not so with Snapchat.

Today I received this email.

Screen Shot 2016-01-06 at 10.06.01

 

Note the lack of a link to tell Snapchat that this isn’t me; there’s just a link to confirm. In fact, if it’s not me, Snapchat’s response is essentially ¯\_(ツ)_/¯

“If this is not your Snapchat account, don’t worry, someone probably just typed the wrong email address.”

Yeah, thanks for that. What if this account starts pumping out spam and is associated with my email address? What if I just don’t like the idea of Snapchat having my email address on its servers at all?

There is a Support link though. And there’s a ‘Report Impersonation’ option. I filled it in. To avoid confusion with my actual Snapchat account (which uses a different email address), I just put ‘n/a’ in that field. Oh… I get an error alert.

Screen Shot 2015-10-23 at 16.35.42

So to report impersonation you already need to be a Snapchat user? That’s… not very well thought through… They don’t mean the account that’s impersonating you either – there’s a separate field for that.

I’ve filed a report now, and maybe Snapchat will delete my TNW email address from their servers. Maybe it won’t. I’m not sure what’s going to happen.

Given Snapchat’s stature, and its obvious attraction to those who want to create spam accounts, you’d think a simple ‘This isn’t me’ link in the confirmation email would have been obvious. The service is known for its confusing UI that keeps people older than about 25 from using it, but that shouldn’t extend to basic security. Blocking spammers and fakers from using your email address should be a one-click process.

I’ll update this if I hear back from Snapchat, but this is something to think about for your own apps and services.

Update: Snapchat removed the email address from my account within three hours of me sending my support request. That’s a good turnaround, but a one-click solution would be so much more efficient for all concerned.

Update 2 [6 January 2015]: Snapchat has now added a link to its new user emails that states: ‘If this is not your Snapchat account or you did not sign up for Snapchat, please click here to remove your email address from this account.’ Much better!

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with