Best practices for phone and email verification

When collecting new customer numbers at signup, you will want to focus on three critical areas:

To avoid any confusion, it’s best to put country codes in a dropdown menu next to the number collection field. This makes it easier to collect numbers in the recommended E.164 format.

Cross reference the country code with the IP address the user is signing up from. While mismatches could indicate legitimate practices (i.e. use of a VPN), it could also be indicative of fraudulent action.

We strongly recommend all phone numbers be formatted to the industry standard E.164 format.

Users will sometimes intentionally enter incorrect data. Avoid this by checking number validity at signup with Number Lookup.

Avoid sending confirmation codes to numbers that are unable to receive them like landlines or SIPs.

Send a one-time PIN to users in order to verify they have access to the number they’re signing up with.

This prevents actors from signing up with someone else’s number and helps your business ensure that you are collecting a unique, authentic sign-up.

If users are in an area with poor reception, they may not be able to receive your SMS or voice OTP.

Define rules and failover channels to ensure delivery of critical authentication codes – or use a solution that takes care of that for you.

Sometimes customers enter the wrong number by mistake – maybe they missed a digit or entered their number neighbor.

Display the number they entered and give them the option of correcting any mistakes instead of waiting for an OTP they’ll never receive.

Keep customers verified throughout their customer lifetime with you and store their preferred 2FA channels for quick and easy authentication.

And keep customers protected with silent mobile verification always on in the background to seamlessly authenticate them and keep their account secure.

These are some of the most common best practices to prevent email list contamination and maintaining proper email list hygiene.

Verify emails for validity at signup using a real-time API email validation tool to minimize the risk of invalid emails entering your database.

This tool should check for mailbox and syntax validity, as well as whether the email is a catchall, temporary or role-based address.

Confirm that the person signing up to your service has access to the email address by sending them a single use code, or even a simple link.

Performing either action can ensure that the customer has access to the email address.

When sending any code, take care to ensure that the code will not be visible in the email notification on a mobile device.

Potentially malicious users in possession of someone’s device may be able to see codes above the fold and use them for their nefarious purposes.

Keeping email subscriber lists clean by periodically performing bulk checks helps keep your costs down and, more importantly, your email sender reputation up.

We recommend cleaning lists at least twice yearly, or ahead of every big campaign. Remove any invalid, high bounce addresses from your lists.