People putting money in that jar voluntarily transfer ownership of the money to the ice cream shop. I am not sure that the people posting under your comment do care to support you, or just want to get the airdrop.

The solution: provide a public rsa key and tell people to send their address in the comments encrypted with that key. If they want to support you and do that, then only you will be able to send them the money.

If they dont, probably they dont care who ends up with the referral reward and value it more that they can proceed as quickly as possible.

So the problem you mention does have a rather simple solution. You may even link to a webpage doing the encryption for the user, so they dont have to understand the rsa-technology and it is just a few clicks for them.