Moving Turing / Captcha test to confirmation Email rather than form

Question

Hello Guys I have been using ReCaptcha in my apps register forms. I have seen a lot of examples of captcha in signup forms. My question is if I implement a custom Captcha such as when a user Registers I send a confirmation email and a auto generated code/passphrase/ turing test that is converted into an image with some sort of effects to distort it. Since we are sending a confirmation email anyway why not use it for a turing test and get rid of captcha in the form?

I understand that the advantages/disadvantages can be

1) If the user has entered an incorrect email then he wont get access to turing test but that is the whole point of a confirmation email. 2) Distorted image may not be readable and/or refresh-able but since we are just distorting sth that is an autogenerated by code we can make it a little bit more readable than scanned images that captcha images.

I can only think of the above two situations. Please point out any thing else that you think should be taken into consideration.

Answer 1

Having a CAPTCHA that covers the registration process is important to protect you from bots whose sole purpose is to generate as many users as possible with the intent of using those users to post/add content on your site with links back to a site that they are trying to improve SEO on. This is only one way in which malicious users can utilize multiple accounts on a site for their own purposes.

The registration email protects your users as much as you by creating a way a means of resetting lost passwords, proving ownership, etc.

Both parts should be included when validating users. I also recommend running ip counting on new user attempts. Typically, locking after the 2nd user created is fairly safe as long as you provide a link that states why they have been prevented and a means of creating additional accounts on that ip.

None of these procedures is failsafe but together they provide a medium level of anti-spam protection. Of course, these days people defer user maintenance to social media sites like Google and Facebook.