I have worked in a site in which we were providing no registration for the external users. We were redirecting the mysite.com/user/register and even mysite.com/?q=user/register to the home page. But after this also we are still getting spam registration mails and I was wondering how spam registration are get created even though there was no registration form. Can any body explain this to me ? And also we have account creation settings are like 'visitors can create account but admin approval is required'. So do I need to change it into 'admin can only create account' ? Is that will fix the problem? Please help me. It's really urgent. Any help will be much appreciated.