@dumpsterqueer my naive approach right now is changing the signup template to put the email in a differently named form field, while adding a hidden field with the name="email". If that one is filled in (by a bot) the request is denied. We'll see if that's enough