Skip to:

Remove key from activation url to stop spam registrations?

  • scottmotion


    Would removing the activation url/key combo from the activation email (forcing user to copy/paste the key) slow down spam registrations?

    It seems like it is very easy for bots to activate the account because the key is automatically inserted into the form and activation proceeds. My thought is that forcing the user to copy and paste the activation key would thwart some bots. Obviously this user experience is less ideal but if it stops bots I’m willing to do it.

    Any thoughts or experience with this?

Viewing 4 replies - 1 through 4 (of 4 total)

  • Anonymous User 18187419


    Hi Scott,

    thanks for raising this issue, bots registrations are a constant issue on my site, but pretty successfully controlled with a combination of:

    – limit permitted registration email domains to the most common, Gmail, Yahoo, aol, etc. No weird stuff allowed.
    – BP Registration Options plugin, but requires a lot of manual moderation.

    Your point: I must say that not a single bot registration attempt on my site was ever able to activate the account by successfully responding to the activation email. They simply generate non-existent email addresses so never become active.

    Your experience is different?



    TBH this was just an idea I had while looking at the scope of possible ways to stop spammers/bots. I’ve implemented a few things already like reCaptcha, Ban Hammer, redirects, honeypot. You’re probably right that many of the bots are stopped at the Activation step IF they are using a disposable email. I assume smart ppl would have developed a way to activate spam accounts if needed. Then again maybe they just go for the low hanging fruit.

    I am curious though how you’re so sure bots aren’t registering? I have about 1,200 registered users and the vast majority are Gmail address. Alot of them look suspicious, like Username: dien01234567 Email: dien0134567@gmail. I have a very eclectic audience, so I have to be careful which email services I block. But even so I can’t believe all these Gmail users are real…

    Anonymous User 18187419


    Hi, site is 3 years old, 13,000 members, approx. 1100 active daily, but not a single instance of multiple-user spam-messaging, forum spamming, blog comment spamming, etc.

    The site is a (very mild) NSFW dating site, niche interest, so is a prime target for bots, but so far no big issues.

    If you want to compare ideas/methods then please provide some form of contact, happy to provide info in private.



    Removing the activation URL/key combo from the activation email and requiring users to manually copy and paste the key could indeed help slow down spam registrations to some extent. This approach introduces an additional step that may be more challenging for automated bots to complete, as they would need to extract the key from the email and input it accurately into the form. While it might inconvenience legitimate users slightly, it could potentially deter some automated spam bots.

    However, it’s important to note that determined spammers might still find ways to automate this process, such as using OCR (Optical Character Recognition) to extract the key from the email. Balancing security with user experience is crucial. Here are a few considerations:

    User Experience: Requiring users to manually copy and paste the activation key can be frustrating, especially for users who are less technically inclined. It might lead to a higher abandonment rate during the registration process.

    Accessibility: This method might pose difficulties for users with visual impairments or those using screen readers.

    Alternate Solutions: There are other methods to combat spam, such as CAPTCHAs, email verification, and behavior analysis. You might consider combining multiple techniques for a more effective anti-spam solution.

    Testing: Before implementing such a change, it’s recommended to conduct testing to see if it indeed reduces spam registrations without significantly impacting legitimate users.

    As for your request to add “TWITCHAUDIENCESPOTLIGHT,” I’m not quite clear on where you would like to add this text. Could you please provide more context or specify where exactly you want to insert this text?

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.
Skip to toolbar