On the forum I work on (custom software; forked from JForum) we used to get 10s of thousands of spam a day. That stopped almost immediately with the requirement of a verified email address.
We had tried CAPTCHA and honeypots but the spammers broke through it (we were being actively targeted). Once we used email verification, it forced the business owners of the email (Gmail, Yahoo) to implement better verification on their side and stop so many fake accounts from being created.
Spam is now a rounding error in my system (about 60 for every 56,000 daily posts).
I should also add that I subscribe to the broken window theory, so we also implemented Akismet to check all incoming posts for spamminess. We hide all posts that Akismet marks as spam, and it cleans up the place enough to (hopefully) ruin any spammer's SEO tactics. Once it becomes a futile effort to post spam that's just going to get hidden, they seem to stop aggressively targeting us.
Interesting thanks! We don't want users to have to verify email addresses as we see this again as a barrier of entry that will put people off. However I do see the necessity of it in your case as this doesn't always scale very well.
We were worried about implementing this feature too, citing the same issue. What we did was explain to the users why we were making the change, bless some of the existing users that are known to be in good-standing, and then provide a tiered view of the forum for those accounts with an unverified email address. The people in that group could post only text. However, once their email address was verified, they are automatically put into another group and they can post like normal users again.
So while it's a barrier to entry, we attempted to minimize it as much as possible.
We had tried CAPTCHA and honeypots but the spammers broke through it (we were being actively targeted). Once we used email verification, it forced the business owners of the email (Gmail, Yahoo) to implement better verification on their side and stop so many fake accounts from being created.
Spam is now a rounding error in my system (about 60 for every 56,000 daily posts).
I should also add that I subscribe to the broken window theory, so we also implemented Akismet to check all incoming posts for spamminess. We hide all posts that Akismet marks as spam, and it cleans up the place enough to (hopefully) ruin any spammer's SEO tactics. Once it becomes a futile effort to post spam that's just going to get hidden, they seem to stop aggressively targeting us.