Spam dispatch via double opt-in mail

[icehawk-de]

We use double opt-in registration and manual activation by an admin.

The registration form is protected by sr_freecap. Unfortunately, this no longer offers protection against spam bots, so that they can register successfully. The resulting double opt-in mail was „correctly“ declared as spam by our hoster and the mail delivery was blocked by the server.

Are there any other ways to secure the registration form? Can you give me any tips or possibilities?

[sbusemann]

Hi, in the latest versions of the femanager a new setting was introduced which can prevent deletion of profiles. This approach will be added also for confirmations. This can prevent spam bots in the future.

[icehawk-de]

OK. We are using the 6.4.0 on a TYPO3 10.
Is it here also implemented?

Can you give me a hint into the documentation?

[sbusemann]

https://docs.typo3.org/p/in2code/femanager/8.1/en-us/Features/ConfirmUserConfirmationRefused/Index.html
This works at the moment only for refusting profiles. A simular feature is planned also for confirmations. You can sponsor this, if you want it fast.

[Danielvdv]

The problem is that the bots use the registration to send spam and sr_freecap is actually useless. It should be possible to integrate other Captchas like hCaptcha. The function you describe does not explain exactly how this is supposed to work, how it further prevents bots and how reliable it ultimately is.

[sbusemann]

It is not the same as a captcha solution, but it is an additional step, that has to be confirmed.