Configuring email confirmations

It is recommended to use all types of email confirmation that Xperience provides or allows you to implement. The email confirmations protect the users from being subscribed to mass emails and inform them of potential malicious attempts to change their passwords.

Email confirmation for newly registered users

It is recommended to require new users to confirm their registrations on your website via email. This protects the users and their emails from identity theft – it prevents other users from registering with someone else’s email address.

To require the users to confirm their registrations, implement registration functionality with email confirmation. See Enabling user registration.

Administrator’s approval of newly registered users

You can configure the system to keep the accounts of newly registered users inactive until a site administrator confirms their registration. This is useful for protecting the system from being overwhelmed by fake users and spambots and it also allows the administrator to verify user identities and the account types they created.

Using this feature will improve your website’s security, but it can also significantly slow down the registration process and fend off potential users. It depends on the purpose of your website and on how important the true identities of users are. See Enabling user registration.

Administration password change via the Forgotten password functionality

When changing their password through the Forgotten password functionality on the administration interface sign in page, users are required to change their password through a password change link sent to them in a change password request email. An additional confirmation email can be sent upon a successful change of the user’s password if the Send password reset confirmation email option in Settings -> Membership & Security -> Passwords is enabled.

To learn more, see: Configuring password resets for Xperience administration

Marketing email double opt-in

The double opt-in functionality, also referred to as confirmed opt-in or closed-loop opt-in, adds an additional security layer to user subscriptions. When users subscribe to receive mass emails, the system sends a confirmation message to their email address first. Only after the users confirm the subscription by clicking the link included in the message will the system add their addresses to the subscription mailing list.

Using this functionality is strongly recommended, as it protects the users from receiving large amounts of unsolicited emails without their knowledge. It eliminates scenarios where users submit incorrectly typed email address for subscription, or subscribe someone else’s address out of malice.

You can enable and implement double opt-in functionality for newsletters:

• Enabling double opt-in for newsletters
• Implementing newsletter subscriptions