Set time limit on POST form in Rails

Question

I got a website where you can sign up for newsletters. Signing up does only take a click from the user to register it's email in the database. I figured that this might be a problem since there's no cooldown/time limit or what so ever, so i guess it would be possible to make some kinda script to spam my database with emails.

I've been thinking of implementing a Captcha or something, but I'd rather go with some kind of cooldown on signing up. Something like, you can only sign up 2 emails each 15 minutes, or something like that. What would be the best solution here?

Answer 1

The method you use is single opt-in. It's no only inefficient but also possible illegal.

For inefficiency, the reason is you may get lots of invalid emails and your system is busy to send emails to these invalid addresses. The reason may come from spam trying and users' errors.

For legal, in Europe you can only send emails to people who opted in your service. The only valid way to prove they are opted in is they have confirmed opt-in link in email. http://www.lsoft.com/resources/optinlaws.asp. Having their emails alone is not a valid reason because you can buy emails from others.

So, the correct strategy is to use double opt-in. When a user fill email and submit, he will get an email asking his confirmation of this action. Once confirmed, he would be a valid subscriber and start to get emails.

Also, with double opt-in, your concern of junk opt-ins will be minimum because it becomes harder to spammers to confirm email, also they don't have too much motivation to do that.

Answer 2

If you have a signup table, you can check the for the number of signups from a particular user in the last 15 minutes

Signup.where("user_id = ? and created_at >= ?", user_id, 15.minutes.ago).count

If the above count is greater than or equal to 2, then don't allow