Comment by Jackson__

>6. Once validated, the code is good for 1 year (or 6 months or 3 months, adjust based on how stringent you want to make it) - then it expires and a new one must be purchased.

> 7. A separate token is required for each website/each account.

I propose instead:

A single code valid for 10 packets sent to a single IP address, or 30 seconds, whichever expires first.