Skip to:

Remove key from activation url to stop spam registrations?

  • scottmotion


    Would removing the activation url/key combo from the activation email (forcing user to copy/paste the key) slow down spam registrations?

    It seems like it is very easy for bots to activate the account because the key is automatically inserted into the form and activation proceeds. My thought is that forcing the user to copy and paste the activation key would thwart some bots. Obviously this user experience is less ideal but if it stops bots I’m willing to do it.

    Any thoughts or experience with this?

Viewing 3 replies - 1 through 3 (of 3 total)

  • michaelabf


    Hi Scott,

    thanks for raising this issue, bots registrations are a constant issue on my site, but pretty successfully controlled with a combination of:

    – limit permitted registration email domains to the most common, Gmail, Yahoo, aol, etc. No weird stuff allowed.
    – BP Registration Options plugin, but requires a lot of manual moderation.

    Your point: I must say that not a single bot registration attempt on my site was ever able to activate the account by successfully responding to the activation email. They simply generate non-existent email addresses so never become active.

    Your experience is different?



    TBH this was just an idea I had while looking at the scope of possible ways to stop spammers/bots. I’ve implemented a few things already like reCaptcha, Ban Hammer, redirects, honeypot. You’re probably right that many of the bots are stopped at the Activation step IF they are using a disposable email. I assume smart ppl would have developed a way to activate spam accounts if needed. Then again maybe they just go for the low hanging fruit.

    I am curious though how you’re so sure bots aren’t registering? I have about 1,200 registered users and the vast majority are Gmail address. Alot of them look suspicious, like Username: dien01234567 Email: dien0134567@gmail. I have a very eclectic audience, so I have to be careful which email services I block. But even so I can’t believe all these Gmail users are real…



    Hi, site is 3 years old, 13,000 members, approx. 1100 active daily, but not a single instance of multiple-user spam-messaging, forum spamming, blog comment spamming, etc.

    The site is a (very mild) NSFW dating site, niche interest, so is a prime target for bots, but so far no big issues.

    If you want to compare ideas/methods then please provide some form of contact, happy to provide info in private.

Viewing 3 replies - 1 through 3 (of 3 total)
  • You must be logged in to reply to this topic.
Skip to toolbar