Came across a new issue for me. I am working on my first site that uses the email verification for user registration. For the most part, it works great. But then when my client started testing the system they reported that they all received the ‘Email Address Validation’ email AND the ‘Welcome’ email at roughly the SAME time without having interacted or clicked anything. Then when they DID click on the link in the ‘Email Address Validation’ email they got the error ‘Unable to Validate Token’. I contacted their IT department (they all used the same email domain) and found out they use a service called ‘Microsoft SafeLinks’ which tests each link within an email for viruses and such. This ‘test’ is apparently triggering the validation.
Is there a way around this?
IT guy suggested a 2-step process vs a 1-step (like the current C5 setup). Could I pass the token as a url parameter and then have a button like “Complete Registration” that goes through the rest of the process?
The link in the email would be…
http://domain.com/landing?tk=c462b1f4e927
and then the button on the page would be…
http://domain.com/login/callback/concrete/v/c462b1f4e927
Would that be safe?
Any ideas appreciated and at the very least hopefully this post will save someone else from banging their head against the desk trying to figure out what’s going wrong 
Thanks!