0

I run a website where you must create an account and verify via email to access many site features. Lately a bunch of the sent account confirmation emails are being marked as spam because someone or something is using real email addresses to sign up for fake accounts on my site. I know they are fake because almost all of the time the IPs are coming from Russia or have garbled usernames like 'VDLWYvAkZniTQS' and have no site activity. It's always a different IP though so just banning one at a time wouldn't help. They also sign up about 3 accounts/hr so rate limiting wouldn't really work. I'm starting to run out of ideas and my email service provider might deactivate my account because of the uptick in spam complaints. Any ideas on how to combat this?

I've tried installing both a honeypot and reCAPTCHA v2 into the sign up form but they haven't helped too much. If anything they started to use more convincing usernames now but the IPs are clearly still coming from Russia.

RJewell
  • 11
  • 2
  • I'm not clear on how _you_ are getting dinged for this. Sending an email to an email address requesting verification (which is what I understand you to be doing based on "verify via email") is quite common. In any case, does [What is the best way to verify an email address if it actually exist?](https://stackoverflow.com/q/69412522/354577) help? If somebody is creating actual email addresses with names like `VDLWYvAkZniTQS@example.com`, I'm not sure you can do much besides start banning IP addresses. – ChrisGPT was on strike Nov 20 '22 at 19:28

0 Answers0