Hiya, I saw this post on HackerNews a while back, where the user has a b2c application that is being attacked. The application is open for sign ups and accepts an email address. The email address is then confirmed, allowing access to the application.