Fake signups poison your metrics, burn free-tier resources and seed downstream fraud. Catching them at registration — before the account exists — is far cheaper than cleaning up later.
What "fake" looks like
- Bots mass-creating accounts for spam, abuse or trial farming
- Disposable emails behind proxies/VPNs
- One actor creating many accounts (multi-accounting)
Signals at signup
- Network: datacenter/proxy/VPN/Tor exits and high-risk ASNs — see proxy/VPN detection.
- Fingerprint: automation stacks (JA4/QUIC) and the same fingerprint creating many accounts.
- Velocity: bursts of signups sharing a fingerprint/ASN, even across IPs.
- Behavior: instant form fills, no human interaction entropy, honeypot hits.
A layered gate
Score each signup and branch:
- Clean: allow.
- Risky: require email/phone verification or a silent challenge (see no-CAPTCHA detection).
- Clearly automated: block.
detectip.ai returns an explainable verdict and recommended action at the signup call, so good users sail through and bot farms don't.
Protect your free tier
If you offer a free plan, fake signups directly cost money. The same detection that protects logins (account fraud prevention) protects free-tier abuse.
FAQ
Won't verification add friction? Only for risky signups; clean users aren't challenged.
Can I catch multi-accounting across IPs? Yes — key on fingerprint, not just IP. Start free with a key.