Open jace opened 8 years ago
Related to #135.
UserPhone
also needs a verified_at
column as users may have a business-assigned phone number that gets reassigned to someone else when they switch jobs.
mxsniff
introduced a probe feature in 0.3.1 that can be used to confirm an email address is valid, without actually sending it an email. This can be used in a periodic automated sweep. It is unclear if probing will work at scale though, as mail servers may detect and block unusual behaviour if it crosses a threshold, risking accidentally blocking some email addresses.
The
UserEmail
model should have averified_at
oractive_at
datetime field that records the last time a message sent to this address was opened (especially if it's an explicit probe to confirm the address).Auto-verified emails from Google, GitHub etc logins will have this field set to null, while a manually verified email (conversion from
EmailClaim
) will have it equal tocreated_at
.This field will be critical for use cases like identifying employer-linked email addresses that may have since expired – and preventing account access backdoors from such instances (password reset, automatic account merger based on shared email).