I'm building a website that sells items cheap and proceeds go to charity. You can't just buy an item though, because they will be very limited in quantity, so we want to give out free raffle tickets (daily) to users who visit the site. We'll then do a random drawing and the winner can buy the item.
My concern is people making 1,000 accounts to improve their odds at winning. I need a good way to prevent this from happening. Right now I'm thinking of checking IP ranges (12.12.x.x) to see if that IP has already received daily raffle tickets, but how reliable is that - what with proxies allowing people to use different IP's.
The somewhat-standard solution would be to require each user to provide an email account when they make their account. You then send an email to that email address, containing a unique link. When that link is clicked, you activate the account associated with that email; before that, they can do nothing.
You can have multiple steps of security in this case.
This will not keep them from using proxies or creating multiple email addresses. I suggest having them also add a unique Street Address. If they try signing up again with that same address, reject them. You can also check for the phone number. For extra security.