Is captcha required when I have email verification step, while registration?

Question

I am building an asp.net mvc web application. Do I need to use captcha while user registration. Because we make the user verify the email, by the standard way, like sending a link in the email and when the user clicks on the link, the email is verified.

Do you think bots can actually open an email and verify? And moreover the bots will need a new email address for every registration.

Answer 1

I think the jist of it can be summed up like this:

• captchas help protect against automated signups
• email confirmation helps protect against impersonation

Email confirmation is much easier than a good CAPTCHA for a bot to pass.

Answer 2

The "new email address" for every registration requirement isn't hard to beat (think mailinator.com) but I can't imagine a bot confirming your email, you just have to deal with sending out redundant emails and assess if that is an issue.

Answer 3

Yes, bots can create new email accounts and send and receive email from those accounts.

You don't need to use a CAPTCHA if your site is unlikely to be targetted by bots but if you are worried about an attack then a CAPTCHA is a good idea and fairly cheap to implement. You should bear in mind that it negatively affects the usability of your site and could make it difficult for some users to log in.