How to prevent gmail+1 trick with user sign up

I offer a free credits trial for my users but some abusing it with the gmail trick. How to prevent users sign up with the same email when they use the gmail trick like this?

Screenshot 2023-11-10 103938

this two mails will also land in the inbox of this one: examplemail@gmail.com
examplemail+1@gmail.com
examplemail+test@gmail.com

Thank you.

Your users are pretty witty :laughing:

This is an interesting issue. Saving the emails as a text and having a workflow to check the texts if the new email contains something from the list of texts would (probably) be possible but its highly inefficient and would use up TONS of WUs, especially when you have lots of users.

Maybe you can also try adding a mobile number for verification? You know, those mobile verification codes.

Will follow this thread for the other creative and more efficient solutions!

1 Like

This is what I use in my Apps. A verification code sent to my users. The user can’t register with a pre existing identical phone number. And they also have to confirm their new number if they want to change it.

I know it is not an ultimate solution but it is something extra to prevent this kind of abuse.

1 Like

Awesome! What third-party service are you using?

SMS (SMSBird) and WhatsApp (Wati.io).

The user chooses how he wants to receive the token

1 Like

Oooh, I never thought about this. For some reason I find it a little funny. Anyway, I use a couple of methods to stop people using temp emails or other duplicate account creation tricks:

  1. Fingerprint data type which contains IP address, device fingerprint (using Fingerprint.js) etc. When signup, search for matching fingerprints. Pretty resistant to VPNs.
  2. Spam email detection API
  3. IP address reputation API
  4. Using these, create a ‘score’ that’s the chance of them being malicious. Depending on the score:
  • send a warning email
  • require phone number verification (I try to avoid phone number verification unless I feel it’s necessary as it’s costly and also reduces conversion rates.)
  • deactivate the account altogether

It was important to me to avoid free trial exploitation as one of my apps is AI focused so each user has a tangible cost.

2 Likes

SMS verification is a widespread solution to the verification problem.
It is much more effective than Email verification, however it is also much more expensive, as all sms/whatsap providers charge for it.
It is also relatively more complex to set up without any bugs.

That being said: email verification is still a very useful thing for many businesses.
You can stop users from plus addressing to multiaccount simply by using a little regex.

‘+(.*?)(?=@)’
It will find all characters between a + and a @.
Use bubble’s ‘find and replace’ function to replace it with nothing (‘’) ie. remove it.

If the result matches with any other prior email then terminate the worflow or trigger another workflow to tell them they’re being naughty.

3 Likes

This topic was automatically closed after 70 days. New replies are no longer allowed.