Recently I’ve seen a lot of bots joining my groups and posting spam links.
(Sidenote: These bots now seem to be deleted)
When I checked the user, I saw they were verified, and that got me thinking - how can a bot account verify their account so easily?
So I went onto one of my accounts and changed the email to a temporary email. Guess what? ROBLOX allowed me to have it as an address and sent me the verification email.
Here are a few reasons why they should be disallowed, and only emails on say, a whitelist including gmail, hotmail, outlook and yahoo domains etc, should be allowed:
- Someone using a throwaway email clearly only wants to verify it for a specific purpose - i.e spam.
- Temporary emails have no captcha’s and can be created quickly, like the bots that use them.
- There is no point in verifying a temporary email, because it can’t be used later to reset a password.
- Reputable email hosts require more information that just clicking a google search link and giving you an address, it will significantly slow down creation of these emails and thus the associated ROBLOX bots.
- There are loads of websites that require an address from a reputable provider.