We understand that fake signups constitute a significant concern for SaaS industry owners. It’s important to note that email validation tools are designed to validate emails and not necessarily to combat fake signups. Therefore, if you want to prevent abusers from signing up to your platform, you must use email validation and other best practices.
- Consider using an IP quality score API to prevent continuous signups from high-risk and non-residential IPs. This can help to block any suspicious activity and ensure the security of your platform.
- Restricting the number of account signups from the same IP address is essential.
- Blocking Autonomous System Numbers (ASNs) from previously abused Internet Protocol (IP) addresses is recommended to enhance security.
- Store user agents for each user, monitor last X records and block repetitive signups from the same user agent.
- Use sessions and cookies to prevent the same browser tab from creating multiple accounts.
- Block the country of origin for the previous attacks (if applicable).
- Create honeypot fields.
- Use a captcha.
- Use an email validation API and block invalid and disposable emails and domains.
- Sometimes, you can block free email providers like Gmail and Yahoo and only accept business domains.
- Send confirmation emails for each signup.
- Add phone verification or credit card verification after signups to ensure real user access.
- Monitor your signup flow regularly to combat excessive and unwanted signups.
Indeed, the above practices are insufficient, and you need to implement your methods based on your industry.