On Sun, 2010-09-19 at 17:12 +0200, Michael Snoyman wrote:
Let me respond to this directly since a number of people have brought this up:
Due to spam reasons we can't trust the email given via an OpenID provider in general. For example, it would be trivial for me to create an OpenID provider for myself, set my email address as
and essentially spam them. By going with a service like Facebook or Google, we know (or at least assume) that they do proper email validation, so we could immediately accept this value without needing to verify it ourselves.
In other words: Yes, I know there are extensions to OpenID. And no, we can't use it to get a verified email address.
Michael
There are people who for whatever reason don't use Facebook/Google/.... And sending verification e-mail costs practically nothing. Regards PS. If we have on-site registration it would have unverified e-mail as well.