Oren wrote:So I've seen someone trying to sell
Spaml.com on sitepoint.
So now a simple confirmation email is not good enough and we have a new issue to deal with.
Not good enough for what?
The goal of email confirmation (usually) is to confirm that you can reach a user at a particular email address. It helps reduce the number of bots because it increases the difficulty for them to sign-up.
There are other solutions that do similar (although the no-click approach is interesting), so it just reduces some of the difficulty. Think of it as an arms race. We get better, and so do the spammers.
Oren wrote:What do you think? Is there anything to do against it? Does it even worth the effort? Even before that, you could go and open a new email account just so you could register on some site which you don't want it to have your real email.
Well, there are three communities to deal with:
1. Spammers. Use moderation systems which prevent content showing up immediately. Thats independent of the sign-up process, and should reduce any potential for spam by a huge amount. That coupled with the complex sign-up requiring email confirmation, and it should reduce the value to a spammer by enough to keep them out. Add in a feature that watches for behavior like multiple signups, sending to large numbers of people, and so forth, and you should be golden.
2. Real users that you want to reach (but that don't want to be spammed). Don't spam them. Use a random re-confirmation every 30+X days, to ensure that they didn't use a throw-away address, and once it is confirmed say, 3 times, they are a legit user with a legit email address. Then avoid sending them content they won't want, so they don't change to a throwaway address.
3. Users that are absolutely exhausted with maintaining 100+ logins. Don't force them to! Unify your logins across your site (forum+wiki+blog+++++), or better yet, use OpenID, so they can have one (reasonably secure) login for *all* sites.
In either case, a little bit of extra verification of humanity will result in a higher signal to noise ratio.
This is really nothing new. curl/wget/snoopy, and some good scripting skills could handle the signup, email access, and so forth up until now. This just lowers the bar a little further for the spammers, and makes life easier for users that are tired of hundreds of logins.