You're ignoring that most modern apps will give you rudimentary account access even before you confirm your email address. Which would be difficult to do if that account already exists.
My answer to this problem would be to let them in anyway. Store all session data with a cookie or (brand new) UUID, perhaps persisted via localstorage for the long-term users.
The email should still indicate new or existing user, and provide them a link that they can use to associate said UUID with their login and pull all the data onto their account as if they'd been logged in the whole time.
They'd need to be informed that all account data is accessible only on that computer, at least until they've confirmed their email address. I kind of imagine this is the existing behavior for many applications, though.
Additionally, if the service doesn't require emails to be authenticated, then they shouldn't be using them for much more than account recovery or notifications (once authenticated). Otherwise, I can sign up for that service with somebody else's email as long as they haven't signed up before, and then if that person ever wants to sign up for this service, either they're out of luck or the original (perhaps misguided) customer is out of luck.
That was the inconvenience I was referring to in my post. Either a new user needs to verify their email before using the site or you need someway to immediately tell the user that an account with that address exists.
This process also won't work for the small minority of sites that don't require email adresses. HN is one example.
And the entire point is moot for most social sites as it is trivially easy to check for the existence of a user by going to their profile page. Why bother going through all this email trouble when I can just go to twitter.com/TheUsernameIWantToCheck to see if that user account exists?
> Either a new user needs to verify their email before using the site or you need someway to immediately tell the user that an account with that address exists.
> Why bother going through all this email trouble when I can just go to twitter.com/TheUsernameIWantToCheck to see if that user account exists?
I totally agree. Twitter usernames are hardly private information, though. As I said, make sure truly private information is kept private.
Keeping in mind the UX, though, most users may not realize how easily their user id ( email/username, etc.) can be discovered. Seeing the login screen confirm that their username exists but their password is incorrect may in fact scare existing users away.
Determine what's best for your demographics, and ideally A/B test the heck out of it.
This is the actual concern. If you require an email check before someone messes around with the product, there's a potential dropoff that people can (rightly) be concerned about.
