Spam Signups

Imagine working on a site like Netflix where you provide free user signup and paid subscriptions. The free signup is there to attract more users to use the product and eventually activate them to paying users. The problem is when some users start automating account creation to use for their own “good”.

Spam signups might seem annoying and harmless at first, but soon it will start to be a problem for your infrastructure. Some unoptimized parts of your code will start creating heavy loads for your servers. Pushing some fixes to optimize your code will improve servers' performance but it will not stop spammers.

There are few ways you can deal with spammers;

1. Adding reCaptcha to free user signup. The reCaptcha is a plugin owned and operated by Google that provides a smart algorithm for preventing a computer to bypass it. It's quick and easy to set it up but it will not necessarily kick out spammers. Bots are getting smarter and somehow find their way to bypass reCaptcha.
2. Email verification. Sending email verification after signup can work but it’s not that hard to create a bot to open an email and click on the verification link. An alternative option would be to use email verification software like briteverify, TheChecker, Snovio, etc.
3. Limit user activity. It’s important to monitor what spammers are doing with these free accounts. With the right info, you can determine what limitations and restrictions to set in place to avoid misuse. You can limit; concurrent logged-in devices, or free accounts only for a month.
4. Fraud detection tools. Using fraud detection tools is more designed for signups with fraudulent credit cards. This might come in handy when you want to avoid chargebacks or credit card frauds. Good software that helps with this is Kount.
5. 2FA. 2 factor authentication is an extra security check where the user receives a verification code on their mobile phone, which they have to provide in their signup form, during the security check.