Address Authentication
Email address authentication is a technique for validating that a person claiming to possess a particular email address actually does so. This is normally done by sending an email containing a token to the address, and requiring that the party being authenticated supply that token before the authentication proceeds. The email containing the token is usually worded so as to explain the situation to the recipient and discourage them from supplying the token (often via visiting a URL) unless they in fact were attempting to authenticate.
For example, suppose that one party, Alice, operates a website on which visitors can make accounts to participate or gain access to content. Another party, Bob, comes to that website and creates an account. Bob supplies an email address at which he can be contacted, but Alice does not yet know that Bob is being truthful (consciously or not) about the address. Alice sends a token to Bob's email address for an authentication request, asking Bob to click on a particular URL if and only if the recipient of the mail was making an account on Alice's website. Bob receives the mail and clicks the URL, demonstrating to Alice that he controls the email address he claimed to have. If instead a hostile party, Chuck, were to visit Alice's website attempting to masquerade as Bob, he would be unable to complete the account registration process because the confirmation would be sent to Bob's email address, to which Chuck does not have access.
Read more about this topic: Opt-in Email
Famous quotes containing the word address:
“Surely the writer is to address a world of laborers, and such therefore must be his own discipline.”
—Henry David Thoreau (1817–1862)