I have created an web app where users have to first register and confirm their email address by clicking a link that contains a validation code; I recently discovered that users using outlook are getting code expired or does not exist whenever they want to validate their email address. After an hour of debugging, I have found out that an MSN bot is accessing the validation link right before delivering the email, rendering it expired. I know that that does validate the email as I have noticed that the bot does not visit the page if the account does not exist, but it does not help if the wrong person gets the email or in terms of user experience; I would like to know if anybody familiar with this problem can give an advice on how to manage it.
This is what I could read from the bot using php. I could try to not validate the email address if host contains msnbot or search.msn.com but i do not know how reliable this solution would be as I do not know if the bot will always return any of those.
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534+ (KHTML, like Gecko) BingPreview/1.0b
IP: 40.77.167.67
Hostname by address: msnbot-40-77-167-67.search.msn.com
Instead of counting the link hit, direct the user to a page that explicitly requires the user to click a button.