It seems that this feature is a great opportunity for people to impersonate others using another domain name.
- I register with @coolcompany.com
- I get the “change email address” button when registering but pending activation.
- I wait a few hours with that window open (or maybe a few minutes) until I get approved, you never know, maybe they are super effective.
- I click change my email address, and I basically can put whatever there, but I am already approved!
The admin does not get a "@coolcompany.com has not activated, and @another.com is pending", no, instead, I have approved someone I thought it was from @coolcompany.com, but actually it was just using that domain to get approved, as I don’t get another pending approval item.
Is this by design? is it a bug? I could not find a topic like this in the forums.
My big question is, can I deactivate this feature? I honestly don’t want it.