Am I understanding correctly that the /register page asks for an email address it does not store or even use before throwing it away?

I think the expectation, generated by the great many sites that work this way, is that you'll get an email shortly after clicking Register, and that until you validate your email, you won't be allowed to post at all, even with moderator approval.

Whether this actually cuts down on spam or not is secondary to the preexisting expectation. Fossil needs a good reason to violate the Principle of Least Astonishment here.

Internally, I think you can do this by not applying the "3" capability until after the user validates their email address.

> Right now, self-registration only creates a USER table entry.

But since [4c43f2cd] it also requires the SUBSCRIBER table -- input verification in register_page() tries to avoid duplicate email addresses (stored in SUBSCRIBER)

The SUBSCRIBER table isn't created by fossil init, it's created when Email Notifications are turned on the first time.

If you dont want/need email alerts but want self-registration you must one-time-enable a (dummy) Email Notification Configuration to prevent

Database error: no such table: subscriber SELECT 1 FROM subscriber 
WHERE semail='foo@bar.com' AND suname IS NOT NULL AND sverified    

on the /register page.

accounts should have to confirm their email address

I am against this.

It would require:

• the user to operate an SMTP server or signing up for a third-party account
• Fossil to operate an SMTP server or use a third-party one and keep an updated list of temporary email providers.

Besides I think anything that involves unsigned clear-text electronic postcards without envelopes is a privacy nightmare.

The requirements you're against are irrelevant in this thread, the topic of which is email alerts, so the presence of SMTP on both ends is a given already. Fossil doesn't require that you confirm your email address if you don't get email alerts, nor can I think of a good reason for it to do so. Unlike the OP, I don't see that confirming your email address reduces the incidence of spam: spammers can generate and confirm arbitrary numbers of fake email accounts.

As for the "privacy nightmare," the Fossil forum feature was created to serve the needs of the Fossil and SQLite projects, which present their forum on a public web site, so there's no point worrying about the lack of privacy in standard SMTP.

If you want Fossil forums to turn into a crypto-nerd private messaging system, that seems like a wholly separate topic worth taking up in a new thread. I'd suggest that you bring along concrete suggestions for ways to make that work. Bonus points if your scheme discourages spammers, trolls, etc.

For example, I think a moderation feature can work in a purely anonymous system. We don't have to know who a comment came from in order to reject it. If a nuisance poster can't get his messages through, he's likely to stop posting eventually unless it's actually a bot.

I suspect if you've created a crypto-nerd paradise, you'll want stronger anti-bot protections than the ones currently provided.

Clarification: verifying your email address when signing up for Fossil email alerts doesn't give a useful signal to Fossil forums about that account's likelihood to send spam to the forum, but it does prevent malefactors from signing other people's email addresses up for email alerts, presumably in order to harass them.

That is, if we did away with email address verification in this forum, the forum could be used to send "spam" to arbitrary email addresses, if you define that as "unwanted and unsolicited email."

Yes you need to validate an email address before sending messages to it, as if you don't you will quickly get your SMTP server blacklisted by the likes of GMail, Hotmail etc. as they will identify that you are trying to send emails to non-existing addresses, something that spammers are known to do.