Members Activated without Magic Link Confirmation

Hey Ghost Team,

I’ve run into something that might be worth a closer look — especially when it comes to email confirmation and deliverability.

I recently noticed that a paying member was marked as an active member even though they had a typo in their email address (they typed example@gmal.com instead of example@gmail.com). Because of that, they never received their confirmation email, and all of their alerts were bouncing.

What tipped me off was that they had 0 emails opened, and it showed a bounce status. Since it was a premium member, I manually checked and spotted the typo. I corrected the email address myself — and after doing so, everything is working fine again.

But this raises a couple questions:

• If members with incorrect emails are being marked as active, what’s the point of the email confirmation step?
• Is this a bug or intended behavior?
• Shouldn’t email confirmation only mark someone as active after they’ve verified a valid, working address?

This made me think there might be more people in the same situation who mistyped their domain (gmal.com, yaho.com, otlook.com, etc.) and I just haven’t caught it yet. Ghost obviously can’t validate the first part of the email (name@…), but I feel like a simple string match could flag obvious domain typos and prompt users with something like:

“Did you mean gmail.com instead of gmal.com?”
or
“Did you mean yahoo.com instead of yaho.com?”

Another small improvement that could make a big difference: when the popup appears after sign-up telling them to check their email, it would be super helpful to actually display the address we sent it to in bold or larger font. That way, users could instantly catch their mistake if they see a typo.

This is in Ghost’s best interest too — not just for user experience, but also for protecting deliverability and sender reputation. If I hadn’t caught this one by chance, I would’ve never known what the issue was and would of guaranteed a cancellation.

Curious if this is something already on your radar or if there’s a workaround I might be missing?

I run ads to get new members, and because I do that I get a lot of new members each month. However, about every 90 days I go through and look at anyone who has received a min of 20 emails and have 0 opens. I had just been deleting them in mass without even checking if they were bounces or not. But every 90 days I am deleting around 300-500 people which now that I think about it just seems very extreme. With Ghost sender reputation being high, I can’t image it being email service providers bouncing them for reputation reason (though I cant say for sure.

Thankfully I did save all those members in files before deleting them, and I am going to go through them and look for obvious typos in the domain to see if I can confirm that these people were typos.

I am no expert, but is it also possible that say a person has typed in the correct email, but never confirmed their email address, that they would still be added as an active member based on this current discovery, but result in bounced emails due to never having confirmed their email. This would just bloat our member list and be a drain $ all the way around on time, ad spend and so on. I know ghost charges based on the number of members, but all of us that care deeply about analytics, open rates etc will end up deleting all of those people anyways which results in our member count not going up which then also hurts Ghost $.

I’ve deleted over 2000 people in the last year for not ever opening a single email, and now I am concerned they simply made a typo.

Thanks for all the awesome work you guys are doing — just hoping this can make the platform even stronger.

If someone signs up as a paying member, they get activated without email confirmation. I suspect that’s what happened here.

It’s not a good idea to delete members with paying subscriptions, and ghost warns you if you try it that it doesn’t cancel them in Stripe, and doesn’t let you bulk delete paying members in the dashboard. But maybe you’re doing these deletions via the API?

FWIW, some email clients block open tracking, so that complicates wanting to delete anyone who isn’t opening.

I should of been more clear, I was bulk deleting everyone that this was happening to that wasn’t a paying member, but I didn’t confirm if they’re emails were bouncing. I will going forward. I just knew they had selected certain newsletters and have never received any of them. I don’t want to pay for member I had no way to make money on so I would bulk delete them because I get so many new members due to ad spend.

What you said about paying members makes sense. When I said I was bulk deleting people, I meant free members, I should of stated that. The paid members I just leave there and have no way to contact. I wish they’re phone numbers were provided in stripe or something so I could contact them. So unfortunately, I just leave them there and hope they contact customer service so I can figure out what their real email is, and update it. But that hasn’t happened yet, what happens is a charge back because these people have no way to even cancel their account because they don’t know they used the wrong email.

If I am not thinking about this correctly, point me in the right direction :)

Is there no way to ask them to type in their email address twice instead of once, so they would have to make the mistake twice and far more likely to realize it?