undefined | Better HN

0 pointssamatman2y ago0 comments

This is more restriction than necessary, and unkind to users who may be technically unsophisticated, distracted, sick that day, or just kinda dumb.

Include a link, make it a part of the core domain, short, and prominent: https://example.com/contact. If the user isn't logged in, lead with a login flow explaining "If you received a message from us, login for details", and include a contact form, phone number, and if there's a chat with customer support, that too.

These are all things a phish can spoof to some degree, but that's not a good reason to force the user to figure out how to resolve whatever problem you're bringing to their attention.

0 comments

hn_throwaway_992y ago

> This is more restriction than necessary, and unkind to users who may be technically unsophisticated, distracted, sick that day, or just kinda dumb.

Couldn't disagree more. By sending outbound links in notifications we're only perpetuating the idea that it's OK to click those in the first place. It's hardly any more difficult to just open your browser yourself. I also don't like the idea that we're not willing to accept the absolute mildest of inconveniences, when on the flip side we have loads of stories of people's lives being completely ruined when their life savings are stolen by scammers. It'd be like telling people not to lock their doors because that adds 5 seconds to the time it takes to enter your house.

samatmanOP2y ago

It's a mild inconvenience to you, to some number of your customers, it will mean they never follow-up on whatever presumably important message you were sending them.

Keep telling people not to click on links, ever. The ones who listen, and are paranoid about taking that advice literally, will look the company up on a search, or copy-and-paste the link instead of clicking it.

If I get a link from a company I have an account with, and the link is from their URL, I'm going to click it. I'll also check to make sure there wasn't some kind of redirect or Punycode involved.

But you're not helping your customers by refusing to provide them with an important affordance just because scammers might do something similar. That kind of logic doesn't help anyone, because "anyone" breaks down into two groups: the ones who click, and the ones who don't. The ones who click get to resolve the problem, the ones who don't have to do a search first, exactly what you're suggesting forcing everyone to do.

j / k navigate · click thread line to collapse