Referral links should be uniquely issued.

[Ocean West]

I don't think it's a good idea to use the the members ID as the referrer and should be dynamically generated. it's too easy for actors to spoof this:  

domain.com/?&_rid=#####

seeing a rise in people registering via a link without it being initiated from the member. 

[DawPi]

Spoofed for what? 🙂

[Ocean West]

random people most likely spammers can see that the url is tied to a member account for what ever reason it is an annoyance to the person who never referred anyone also get notifications to the contrary. 

 

[Marc Stridgen]

You would then be giving out the unique key anyway. There isnt really anything to keep secure as such on this one

[Ocean West]

Yes this is the point the key should be unique if you intend to send someone a referral / invite the the forum that is fine.

What the problem is would be spammers are using the fact the URL is static and you can manufacture the URL they are now using it as a vector and way of spamming other members for no reason it causes confusion and more explanation than it's worth as most people don't know they have referrals. 

I had to disable the entire referral system because of this. 

[Runar]

8 hours ago, Marc Stridgen said:

You would then be giving out the unique key anyway.

Yes, but it wouldn’t be incremental and easily guessable.

[Ocean West]

Base64 unique for each member which the member could reissue a new url if they wished.