On a semi-related note... we get about 100 new signups a day. A certain percentage have trouble verifying their email. It's hard to say why. Usually, our support team handles it. For some reason, someone sent a ticket my way with 10 emails in it that were unable to verify their email.
I sat on it for a day and then looked into it. By the time I looked into it
* 5 of them managed to verify their email - I assume they found the email we sent them and clicked the link
* 2 of them does not have an email in our system. I assume he's probably just wrong about what address he signed up with. If you go look at unverified emails you find stuff like
rbrooks@gmai.com and other mispellings.
* the remaining 3 are unknown.
The ticket initially asked me to just go ahead and verify all of them. My response was... "I'll be happy to, but also, this is an extremely common and effective social engineering tactic." And it is.
We are a god damn information security company, and as long as no one like me protests, we are happy to verify a user if they call or email and say it didn't work for them. The internet is well and truly ****ed.
(Also a week or 2 ago they sent out a fake phishing email and like 30% of our work force clicked on it and entered in their username and password. Literally what the ****. I would be naming and shaming those guys and if they were in *anything* other than like sales... jesus.)