When developing a site, make sure you do a "captcha", wherever.
For Night Buyers, I've added captcha, only at login, and only after about 1.5 months since we've started it. Why? It wasn't on my top priorities. Captcha is good to forbid bots to register. But that happens only when you have lots and lots of users. Which is certainly not when you start the site!
Validating the user's email. To do that, you send an email to the user, with an activation code. The user opens his email, clicks the activation code, and there you go.
First, this is a lot of code from your part. Then, it puts a burden on the user - he's using your site because he needs something. All this mambo jambo, and he can lose 10 minutes to one hour or so. Not to say that he might just dump your site and go elsewhere.
On Night Buyers, we don't have email validation. We trust the user to provide us with a valid email when he registers - we send him confirmation of his order via email. If he doesn't need confirmation, fine, let him provide a dummy email address.
But, when you develop your site you need to answer 2 questions:
- Do I need email confirmation? Why do I need the user's email? To send him what?
- Do I need email confirmation now?