Require Account Email For Password Reset Emails

(Originally stated here by WishNite)

Please. This has to change. I saw 6 password reset emails in one day a few months ago, and I could have easily gotten more. No one needs this spam in their inbox. Require the email or something, just make it hard/impossible to spam inboxes.


I agree with this. Strangely I haven’t gotten a single one in months, but I used to get them all the time. Sometimes multiple in a day.



FFS Support



a 2 step verification would help

But people aren’t getting into accounts, just mindlessly entering a username for a password reset email.

It seems like staff would be the ones having the biggest problem with this?
e.g. builderman’s email inbox “ROBLOX Password Reset (1853956)”
would think they would have wanted to have that fixed long ago.
or did they just fix it for themselves and leave us with the spam?

Maybe they hired someone who’s only job is to delete them


They probably use the amount of password reset emails he gets as an indicator for concurrent monthly players.


I’m getting spam blasted with these right now, please make this happen…

If anyone wants to tag whoever handles web security (I think TobotRobot), go ahead.

I would recommend having an email filter for these. It’s pretty easy in gmail to set up a filter where they skip the inbox and are all grouped under one label. Then they don’t bother you and you still have them if you need one.


But should we have to do this? Also, how would we know if someone actually did get into our account while we are away (ex: email notifications on phones)?

I’m not saying it shouldn’t be changed, but until it is it is pretty easy to work around. I get so many of these that I would never read them anyway, so they wouldn’t be useful for notifying me of someone getting into my account.

Kinda late but relevant again. I have a mini heart attack every time I see the notification and have to rush onto my account to make sure it’s just the request to reset my password.

who do we have to pay to get this to happen :confused:

Dang HomingBeacon, back at it again with the mini-heart attacks

Seriously, can this happen pleeeeeaassee…


Support 100%

I don’t think it would be a good idea to require email: many users forget which email address they signed up with. But I would like an account setting to control this behavior: that’s what Twitter does and it seems to work: