The Underscore Archives

on 12/11/07 10:21, Daniel Course at dancourse at gmail.com wrote:

> Do we need to use activation e-mails or does a CAPTCHA tell us to the
> same level if the user is valid?

CAPTCHAs are hated by usability people, but beloved of site admins.
Activation emails are pretty pointless, it's easy to set up a hundred fake
AOL accounts and click on any links in emails sent to them.

When doing some sites with phpbb (I know, I know) we were getting tonnes of
robot spam from allegedly properly signed up users, even with the default
phpbb captchas turned on - then I installed freecap and it dropped to 0.

However, you have to provide audio versions, or at least a way for people
who can't do captchas for whatever reason to contact the site admin and
authenticate that way.

NB Some robots get around captchas by getting to that stage of registration,
snaffling the captcha pic, posting it on a site that allows free porn if the
user will just type in the word, getting the word and sending it back to the
original site. Sneaky, and used a lot for creating fake hotmail, aol, etc,
accounts for signing up to sites that need auth emails ;)

Oliver.