Elon Musk vs. X Bots: Our Test Shows How Fake Accounts Still Slip Through

This article was updated in April 2025.

Will there ever be an end to all of the bots on X? Before Elon Musk officially acquired the platform formerly known as Twitter, the tech tycoon and his lawyers addressed the prevalence of bot accounts.

Nearly three years later, even Musk acknowledges that things aren’t any better. We look at the current status of X bots and what could put a stop to the creation of fake accounts.

X’s new sign-up test slows down bots, but doesn’t stop them

In the first quarter of 2025, I wanted to see if I could still sign up for X using a low-quality temporary email account. So I repeated my previous test and was able to set up a new X account – including choosing an X handle – in less than a minute.

Then, I repeated the test on April 14, 2025. I attempted to sign up for X using a generated email address – and asked a few other people to do the same. 

This time it wasn’t quite as easy: X added a test. We observed an additional sign-up step of having to certify humanity. As far as bot-deterring tests, it’s a little more involved than others, but still quick to solve.

This extra step is undoubtedly to block some of the bots from gaining access, and could go a long way in helping to alleviate the problem.

However, signing up with a throwaway email address was still possible. None of the junk email addresses we signed up with were blocked by X.

Elon Musk on the X bots problem: The team is “working on it”

X users will notice the prevalence of junk accounts that perform automatic actions like retweeting, posting, or following certain accounts. The problem persists, and one of the culprits is that X has no safeguards in place to prevent people or bots from signing up using fake email addresses.

Even Musk acknowledged recently the X team was “working on it.”

Working on it

— Elon Musk (@elonmusk) April 14, 2025

Bots still abound on X

According to Musk, X has 600 million users worldwide, and more than half of them use the service daily. But even Musk says that bots are a worthy adversary. 

? has 600 million monthly active users, about half of which use the platform every day

— Elon Musk (@elonmusk) May 23, 2024

While users frequently complain about the prevalence of bots, the service has enjoyed a significant decline in fake accounts – but by no means is it the end. While X may have reduced fake accounts through periodic purges, its prevention mechanisms still leave gaps wide open. 

When Elon Musk acquired Twitter in October 2022, he promised to try and get a handle on the platform’s bot pervasiveness. He even stated he’d “defeat the spam bots or die trying.” 

Since then, X has implemented measures to curb inauthentic accounts, but like a bad infection, the bots persist. They reduce the quality of user experience and tarnish the site’s credibility.

Musk and the X team’s efforts to combat bots

The primary strategy X currently uses to reduce bots centers on enhancing the verification processes and enforcing account restrictions. In recent years, X has implemented a series of measures to curb automated activity. 

The “Not a Bot” program

In 2023, X introduced the “Not a Bot” program, first tested in New Zealand and the Philippines. This program required new users to pay a $1 annual fee to post, reply, or engage. The thinking was that this would deter automated spam accounts by adding a cost barrier. 

The subscription model

Additionally, X changed its verification system. It replaced the legacy blue checkmarks commonly associated with celebrities and large businesses with a new subscription model that started at $8/month for Twitter Blue, later X Premium. 

Musk felt this would reduce bots on X, as bad actors would be less likely to pay for verification, although a free version of the service would still exist. 

Routine bot purges

X also publicly conducted routine bot purges. One such purge took place in April 2024, resulting in numerous phoney accounts getting excised. But Musk admitted that some legitimate users got swept up in these clean-ups. 

Other efforts X took were limiting direct messaging for unverified accounts and adjusting algorithms to reduce spam visibility. Musk explained this as “freedom of speech, not freedom of reach.”

When the bots wear blue checks, who can you trust?

Despite these ongoing updates in bot extermination, this is still an issue on X. It’s chipping away at the integrity of the site and proving a nuisance for users. 

Research from 2023 and 2024 revealed the war on bots has not been won, and may have worsened. A Queensland University of Technology study revealed spam accounts promoting scams and graphic content were prevalent after Musk’s acquisition of the service. 

Bots regularly send replies with AI-generated content, sometimes nonsensical, and often imitate legitimate users to push cryptocurrency or political and social agendas. When you consider that the point of X is for humans to communicate, the bots diminish the platform’s conversational quality. 

The paid verification system doesn’t mean there aren’t “verified” bots. Some accounts with blue checkmarks post formulaic responses, and generic comments like “I’m sorry, I cannot provide a response,” which seem like the work of AI. 

Bots hurt X in more ways than one. Most notably, they blur the line between real and fake engagement. That makes both users and advertisers wonder whether they’re interacting with actual people. It’s a major problem for a platform whose revenue depends so heavily on advertising. 

Beyond that, the presence of bots leaves X vulnerable to manipulation, including coordinated influencer campaigns and agenda-driven activist swarms that can distort public conversation. 

How X (and other sites) could reduce bot accounts

I asked Zerobounce’s Chief Operating Officer Brian Minick to comment on X’s recent attempts to scrub the bots from the platform. He mentioned that adding an extra step in the sign-up process is a part of the solution to strengthen account validation and increase platform integrity.

Using CAPTCHA and email validation

“Using a CAPTCHA or related tests will indeed help with some of the bots.” The email validation expert went on: “It is certainly possible that bots get past the test, albeit it’s not always easy.” 

So, how could X really get ahead of the bot problem?

Minick weighed in: “The best way to ensure that your site isn’t compromised with bad or fake accounts comes down to email. After the CAPTCHA test, the next step would be to implement double opt-in and validate the email address associated with the account.”

CAPTCHA alone can’t eliminate bots

I also reached out to ZeroBounce’s SMTP Deliverability Specialist, Radu Pasarica, who thinks CAPTCHA alone won’t cut it anymore. As bots become more sophisticated, many can now bypass traditional verification tools. That’s why, according to Pasarica, platforms like X should layer additional safeguards beyond simple CAPTCHA tests.

His suggestions? Move away from the one-size-fits-all “blue check” and introduce different verification tiers based on how an account proves it belongs to a real person. 

For example:

• A legal blue check that requires ID verification (though privacy concerns make this controversial)
  
• A biometric blue check that uses camera-based prompts for face or movement recognition
  
• A paid blue check, which, Pasarica argues, should carry the least weight, since payment alone doesn’t prove identity
  
• And an email activity check, where X could verify whether the email tied to an account is still active and able to send and receive messages.

“That initial effort would make it easier to distinguish inactive or bot-driven accounts from legitimate users,” he said. “While not all email addresses from disposable providers are guaranteed to be bots, it’s a smart move to steer clear of those domains that are repeatedly linked to suspicious activity.”

He also recommends device and network fingerprinting – a method that can detect patterns of abuse across shared IPs or devices and can help flag bot farms before they do harm.

“You can’t rely on one filter anymore,” Pasarica said. “It takes multiple layers working together to actually keep bots out.”

One of the layers that often gets overlooked? Email hygiene. Let’s take a closer look at one of the biggest vulnerabilities: disposable email addresses.

What exactly are disposable email addresses?

Among the most commonly exploited tools in a bot creator’s arsenal are disposable email addresses – quick, throwaway accounts that help bots slip past traditional sign-up verification.

But what exactly are they, and why would someone use one to create a social media account? Disposable email addresses are typically single-use email addresses generated automatically so that you don’t have to reveal your real work, school or personal email address. 

Most disposable emails are also temporary emails, meaning they deactivate or “self-destruct” in a day or even in minutes. Some stay active only as long as the browser window remains open—close it, and access is gone. In fact, the terms disposable and temporary email are often used interchangeably because the majority of them self-destruct so quickly. 

Why would someone — or an automated script — use one? Because creating thousands of legitimate email accounts is tedious and time-consuming. And since X only allows one account per email or phone number, disposable emails offer a fast track for bot registration at scale. 

After showing ZeroBounce COO Brian Minick how easy it is to set up an X account using a disposable email address in 2022, Minick commented that “a script can do thousands of those in less time.”

Why disposable emails remain a problem

It’s not just X that deals with bad data. Every social media site, forums and email lists are vulnerable to infestation. Without safeguards, bots can tarnish an email list by automatically signing up large numbers of poor-quality and risky email addresses.

Not maintaining data standards is a recipe for disaster. For example, an email list that hasn’t been regularly validated could end up with spam traps which will lead to your emails landing in spam or getting blocked altogether.

So, what to do? One step in the right direction is to protect all email signup forms with an email validation API. If someone wants to sign up to access an exclusive part of your website, do business with you or subscribe to your emails, an email validation API ensures that no caustic email addresses slip in. It also prevents people or bots from using throwaway email addresses.

Bots are almost always associated with temporary email addresses and low quality email addresses, as are any number of scams. The answer is to elevate data integrity by putting safeguards in place – the more, the better.

X should take additional anti-bot measures

As technology advances, copycats and bad actors evolve right along with it. This is why there’s a need for robust anti-bot measures in order to fortify X’s ecosystem. Combining technology such as email verification and humanity authentication testing (like CAPTCHAs) will go a long way to enhance the security and integrity of the platform. 

If these extra layers of protection can be coupled with users reporting accounts who engage in spam behavior, X will make genuine communication more possible. X must evolve in its defense to fulfil Musk’s promise and mission to have a cleaner platform.

X’s bot problem has been brewing for years: here’s how our initial test went in 2022

In the summer of 2022, I wanted to see if I could sign up for the platform then named Twitter using an automatically generated disposable email address. It was remarkably easy to do so: getting a “burner” email address and creating an X account took only 56 seconds from start to finish. 

Below you can read more about our initial test.

Is Elon Musk right when he says spam bots are a problem on Twitter? If you consider how easy it is to create a fake Twitter account, you’d be inclined to say “yes.” Below we look at the loose security filters one can bypass to start a Twitter account with a disposable email address.

Fifty-six seconds. 

That’s the amount of time it takes to set up a new account on Twitter using a disposable email address. I wanted to see if it was even possible with an illegitimate email. It wasn’t just possible; it was easy.

But first, what prompted my experiment?

It was all of the news headlines about Elon Musk’s Twitter acquisition and the talk about spam bots. 

Spam bots, an obstacle to Elon Musk’s Twitter acquisition

ZeroBounce was featured in a recent article in the LBN Examiner entitled “How Elon Musk Could Win the War on Spam Bots.” The article addresses Elon Musk’s concerns about the prevalence of bots on the social networking site and what could be done to keep them at bay.

The letter Musk’s lawyers filed with the Securities and Exchange Commission asserts Mr. Musk’s desire to evaluate “the spam and fake accounts on the company’s platform.” 

But how reasonable are his concerns? 

Now, I’m not in the business of creating bots, but I wanted to see if Twitter would allow me to register with a disposable email address. 

What is a disposable email address?

Disposable email addresses are designed to last a short time, sometimes minutes. They’re also called “burner,” “throw-away” or “temporary” email addresses because they self-destruct so quickly.

Did you know that ZeroBounce detects disposable email addresses? Find out if you have any on your list – signing up takes less than a minute and gives you 100 free email verifications, every month.

To use one, you don’t even have to register. Temporary email providers don’t ask for any personal information. Anonymity is the cornerstone of disposable emails. Doesn’t it seem like a burner email address would be the first thing Twitter would block?

How I used a disposable email to start a Twitter account

I started out by creating a disposable address using Temp Mail. 

After going to Temp Mail, it generated the following email address: pomofan316@lankew.com, which I was able to copy and paste into the Twitter sign-up form. Many websites or email newsletter subscriptions will stop you right then and there, particularly if they have an email validation API connected. 

Real-time email validators will ask you to enter something else if you put in a low-quality email address, like an invalid, role-based or disposable email. They also let you know if you made a typo when keying in your email.

Twitter accepted the Temp Mail email address with no problem at all. I ended up trying a few different temporary email address providers and Twitter accepted all of them. 

The question I have: do the owners of Twitter know that this creates a security issue or are they aware and for some reason don’t do anything about it? 

Elon Musk himself has recently expressed skepticism about this. “I’m worried that Twitter has a disincentive to reduce spam, as it reduces perceived daily users,” the entrepreneur said. 

On the other hand, there may be a valid reason that Twitter doesn’t block disposable emails.

How Twitter verifies new account sign-ups

It does appear Twitter has one security practice in place. 

Once you enter an email address, name and birthdate, Twitter sends you a code. There was no issue with receiving this code at my temporary email address – I got it in seconds. After copying and pasting this code, Twitter let me create a password. 

This type of verification should prevent some spam bots from creating accounts. However, bots have become more and more sophisticated. 

So, I was able to set up the new Twitter account @MuskyElon6 in a hurry, but keep in mind I’m just one person. After showing him the video of this shaky Twitter account, I asked ZeroBounce COO Brian Minick about how individuals and groups could do this on a massive scale.

“A script can do thousands of those in less time,” Brian said. He was referring to the scripting language used to automate tasks.

In fact, a simple web search shows plenty of “how-to” guides on creating spam bots for Twitter. These spam bots do all of the things real human beings can do: tweet, follow accounts, like and retweet. 

There is a way Twitter could reduce spam 

If you use Twitter every day, you’re sure to see dubious accounts. They may have just a handful of followers and some don’t even bother choosing a profile picture. Sometimes what they tweet is nonsense or seems out of context.

If Elon Musk is correct with his allegations, Twitter would be forced to be more serious about ridding the site of these fake accounts.

It makes sense that, if Twitter ensured the quality of the email addresses used on sign-ups, there would be a significant reduction in spam bots or people creating multiple fake accounts. ZeroBounce CEO Liviu Tanase acknowledged this, saying that “right now there are vulnerabilities in the process.” 

Will Elon Musk acquire Twitter after all?

That remains to be seen, but if he does, it’s likely that there will be some changes to the signup protocol. 

A site is only as good as the data that goes into it. And it does seem like Twitter could be doing more to clean up the platform and prevent spam infestation. Otherwise, the site will lose its very purpose of connecting people with other people – not with spam bots. 

Start a ZeroBounce account and validate 100 emails for free – every month