Thursday, July 17, 2008

Automatic SMS : Handling Authentication

I've been asked too many times to add SMS to our product, so rather than wait for the business spec I'm just going to go ahead and build it.  Our users are high school students who are trying to get noticed by colleges.  So an event in our system would be "Boston College noticed you."  I want that sent to the students' cell phone.

I get that I can ask the student for a phone number and a carrier, and from there create an email address which will enable me to send a message.  That's easy.

But how do you handle validation?  Say that the student enters a wrong number for one of any number of reasons (malicious, or inadvertent, or they just plain want to stop subscribing later).  Do you just take the number and start mailing it, and the only way to unsubscribe is to edit your profile on the site?  That only works if the person in question is the one who owns the phone number.  If I am sending messages to a phone number who does not want them, and that phone number does not have an account on my system, then there's no way for that person to get unsubscribed.

Is there a best practice for this sort of thing? I'm thinking that when the user first enters a number, we send a message to the cell phone with some sort of numeric key, and the user has to respond to that message.  That would be a standard email practice.  Just not sure if it's convenient on a cell phone.  It wouldn't fix the unsubscribe problem, but at least it would assure that only people who wanted the messages would be getting them, so presumably everybody getting messages would also have an account on the system and thus be able to go in and change their subscription preferences.

1 comment:

Chris said...

It would seem to me that simply making it opt-in would solve the problem. Those who wanted to receive SMS messages would just add their details. The opt-in system would probably be more effective if the SMS receiving options are not part of the main registration, and do require a confirmation. That way, the user does not have to confirm both an email address and an SMS identity at roughly the same time unless they choose to do so.