The sign up form for a service I maintain has received about 130 spammy submissions per day over the past 30 days.

Submitting the form sends a confirmation email; having this abused was something I needed to stop.

I'd like to figure out why it may have occurred and what I could do/could have done to prevent it.

The form has fields for email, choice of password and a choice of account plan. Minimal and pretty common.

My best guess as to why: malicious user(s)/bots are submitting stolen email/password credentials having mistaken the sign up form for a sign in form and are hoping to see if any credentials work.

Steps taken to mitigate: - honeypot form field for preventing bots (seemingly ineffective) - integrate with api.stopforumspam.com/api, reject IPs deemed untrustworthy (so far seems effective)

Any other thoughts on why this might happen and what can be done to prevent such abuse?