Account rate limiting via mobile phone

|
All the free mail providers have a problem with being used as a spam platform. If it's easy to sign up for accounts, then spammers sign up and use them for spam until they get cut off. The problem here is that the users don't have any real business relationship with the provider so it's very hard to determine whether they're legitimate or to stop someone from getting a large number of accounts.

The standard procedure here is to use some reverse turing test (e.g., CAPTCHAs) to (at least theoretically) stop the spammers from writing software to sign up for accounts. But if you're willing to have people just sit there and "solve" the test, then you can sign up for a large number of accounts. In addition, there has been a fair amount of work on attacking this kind of test.

I just noticed that Google has come up with quite a clever technique for rate limiting by tying your account to a real world identity. When you sign up for gmail you need to enter a code that they SMS to you. This way they know that you have access to that mobile phone and can limit the number of accounts given to any one phone user. The downside of this, of course, is that now Google knows your mobile phone number (or at least the number of someone you know), which isn't ideal if you want to be really anonymous, which is one reason that people use free e-mail providers.