I’ve always wondered why email verification emails reveal the underlying link. I’m sure I’m missing something, but isn’t this:
more human than this:
Maybe there’s a good security purpose to revealing the underlying address, but hell if I’ve ever paid attention to the random characters. When I’m resetting a password, I’ve got my mental model set: expect email, open email, find link, click link, done. Paying attention to the URL doesn’t enter into the equation. I guess that’s an argument for “why bother? no one notices it anyhow”, but I tend to think we decide how “human” an interaction is based on the smallest of details. Foursquare is trying hard to strike an authentically human tone in this interaction. Seems worth it to go the extra few inches.
On the plus side, whenever I see ugly URLs that could just as easily be masked, this pops into my head:
[BTW, I don’t mean to pick on Foursquare. Everyone does this and password reset emails are clearly at the bottom of the priority list. It’s just something that bothers me from time to time.]
UPDATE: Chris Sutton makes a good point. One argument for showing the whole link is so that people can copy and paste if their mail client doesn’t launch the link correctly. I’ve been a Gmail user for years and haven’t experienced that issue in a long while, but that’s a very plausible explanation for why companies do things this way.
UPDATE 2: Fair point from Michelle Renee Paul: maybe it’s an anti-phishing thing. To meet that concern, though, I’d probably offer another detail, e.g., “We noticed you changed your email recently from firstname.lastname@example.org to email@example.com. Was that actually you?”