Hello,
I have noticed 2 unknown e-mail ids sign up on my app that is published with a public URL. How does one validate email ids and avoid bots signing up please?
Thanks,
Raj
You can require them to confirm the email address:
https://anvil.works/docs/how-to/custom-user-auth
When someone signs up, a link is then emailed to the address. Someone has to open the email, and click the link, and successfully sign in. Otherwise, that address cannot log in.
Thank you, yes I have that feature selected. So a “bot” should not be able to go back to e-mail used and confirm, right? Cos one of the e-mails did not complete the sign up process however, the other did. But the ids are a selection of letters and numbers and the domain comes up as not recognised, so I’m a bit confused.
That’s the idea. If people are building smarter bots, then we’re going to need smarter verification tools.
Just curious, how are you checking the domain name?
Just going by the bit after the ‘@’… that’s the domain name, right? And then just typing the domain name in the address bar - nothing sophisticated 
It’s just that I have the exact list of users who have access to the link…
Ah. Yes, that’s the domain name. So you’re checking to see whether there is a web site at that domain.
Email and web site are different services. You can order one service without the other. So, in the general case, a domain might have email addresses and no web site. (Or vice versa.) This isn’t an airtight test.
Because the confirmation process actually sends an email, to the named address, the entire address (not just the domain) must be valid. If not, the email will not arrive, and nobody will be able to click on its link. This is a more reliable test, and it is built into the confirmation process.
Oh yes, of course, got it. So perhaps I need to just check with my users if anyone has tried with alternative IDs… I’m still in doubt though.
Does using a reCAPTCHA help? And does Anvil do that?
I believe it does. It certainly makes things harder for run-of-the-mill bots.
No. But perhaps someone else here has programmed it. Try the Search button (magnifying glass) at the top of this web page.
Edit: for a more general introduction to the topic, see
OK yes, will do, thanks so for much for your help!