How does BigShield detect fake signups?

BigShield uses multiple signals including format validation, burner/disposable domain detection (72,000+ known providers), MX record checks, domain reputation analysis, and SMTP verification to produce a 0-100 risk score for every email address.

How fast is the email validation API?

Tier-1 signals (format, domain, burner detection, MX records) return in under 100ms, fast enough for inline signup validation without impacting user experience.

How much can I save by blocking fake signups?

Up to 40% of signups on AI and SaaS platforms use fake or disposable emails. A single abusive account can consume $5-50 in AI tokens. Email validation costs pennies per check, potentially saving thousands in wasted compute.

What programming languages are supported?

BigShield provides 5 official SDKs for TypeScript/Node.js, Python, PHP, Ruby, and Go. All SDKs include typed responses, automatic retries with exponential backoff, and typed error classes. The REST API can also be called from any language using standard HTTP requests with Bearer token authentication.

Can I create custom validation rules?

Yes. BigShield includes a custom rules engine with 6 rule types (domain block/allow, email pattern, IP range, country, and risk threshold), 4 actions (block, allow, review, require verification), and priority ordering. Rules can be managed via the dashboard or the API.

Email validation that stops fake signups.

Over 40% of internet traffic is bots. Every fake signup on your platform burns real money in AI tokens, compute, and wasted marketing spend. Most companies have no idea how much they are losing.

Start Blocking Fakes See What It Costs You

Free tier, no card required|One API call to validate|Under 100ms response

Live Demo

See it catch fraud in real time

Type any email below and watch 30+ signals analyze it instantly. Try a burner domain, then try your real address.

Quick try:

All checks run in real time. Average response: under 100ms.

40%+

of internet traffic is bots

and they are signing up for your product

$5-10+

burned per fake signup

in AI tokens, compute, and provisioned credits

<100ms

to catch them

validate at signup, block before they cost you

30+

detection checks per email

burner domains, bot patterns, dead mailboxes

Do the math. It is worse than you think.

Every company building with AI is spending real money every time a user hits their product. When 40% of those users are fake, the waste adds up fast.

AI Token Waste

AI products burn $5 to $10 or more in compute the moment a user signs up and starts hitting endpoints. Onboarding flows, initial processing, provisioned credits. That spend happens whether the user is real or a bot with a throwaway email.

Monthly signups1,000

Fake rate (industry avg)40%

Cost per fake signup$10

Money burned per month$4,000

That is $48,000 a year going to users who will never convert, never pay, and never come back.

Email Marketing Waste

Every fake email on your list costs money. ESPs like Mailchimp, Klaviyo, and SendGrid charge by subscriber count. Fake addresses tank your deliverability, inflate your bill, and drag down open rates that determine your sender reputation.

List size50,000

Fake / dead addresses20%

Cost per 10k contacts/mo$75

Wasted ESP spend per month$750

Plus the hidden cost: emails sent to dead addresses hurt your sender reputation, which means fewer real subscribers see your messages.

How much are fake users costing you?

Monthly signups1,000

Cost per fake signup$10

400

fake users/mo

$4,000

wasted/month

$48,000

wasted/year

BigShield catches fake signups before they cost you a cent. One API call, under 100ms.

Start Free, No Card Required

Built to stop the signup tricks that drain your wallet

Burner emails, disposable domains, freshly-registered fakes. We catch them all before they cost you a cent.

Signup Fraud Detection

Catch fake accounts at the door. Stop users from spinning up burner emails to farm your free tier.

Protect Your AI Spend

Every fake signup burns real tokens. Validate first, provision later — save 20-40% on wasted compute.

Under 100ms

Fast enough for inline signup validation. Users won't notice. Your budget will.

945+ Burner Domains

Mailinator, Guerrilla Mail, Tempmail — all caught instantly. Database updated continuously.

Risk Score 0-100

Not just pass/fail. Granular scoring lets you gate free tiers, require verification, or block outright.

Domain Intelligence

MX records, domain age, provider classification. Spot freshly-registered domains used for abuse.

Smart Caching

Same domain checked twice? Cached. You only pay for unique lookups, not repeat abusers.

Batch Cleaning

Already have a user list? Validate up to 100 emails per request. Find the fakes you're already paying for.

SDKs for 5 Languages

TypeScript, Python, PHP, Ruby, and Go. Install, import, call. Full type safety where available.

See all 30+ detection checks →

35+ detection checks. 99% confidence. One API call.

21 email validation signals + 14 detection layers work together to catch fraud that single-signal tools miss. Most fakes are caught in under 100ms.

21 Email Validation SignalsLayer 1< 100ms

Deep email analysis that goes far beyond format checking. Every email is validated across 21 sub-signals covering syntax, infrastructure, reputation, identity, and behavior.

Syntax Validation

RFC 5322 compliance, malformed address detection, and common domain typo correction

Disposable/Burner Detection

Matches against 72,000+ known disposable email providers, updated continuously

Domain Age Check

Flags freshly-registered domains commonly used for abuse campaigns

DNS Validation

Verifies domain has valid DNS records and is configured to send/receive mail

MX Records Check

Validates mail exchange records exist and point to legitimate mail servers

SMTP Connectivity

Tests connection to the mail server to verify it accepts inbound mail

Mailbox Verification

Verifies the specific mailbox exists via SMTP handshake with the mail server

Domain Reputation

Checks MX, SPF, DMARC configuration and classifies provider type and trust level

Format Pattern Matching

Identifies firstname.lastname, role-based, random string, and other local part patterns

Entropy/Randomness Scoring

Shannon entropy analysis to detect machine-generated gibberish addresses

Common Domain Detection

Identifies major providers (Gmail, Outlook, Yahoo) and applies provider-specific rules

Generic Address Detection

Flags role-based addresses like info@, admin@, noreply@ used to bypass filters

Catch-All Detection

Identifies domains that accept mail for any address, a common disposable pattern

SMTP Score

Composite SMTP health score (-1 to 3) based on connectivity, response, and mailbox checks

Honeypot/Spam Trap Detection

Catches known spam traps, honeypot prefixes, and typo-squat domains like gmial.com

Gravatar/Identity Verification

Checks for Gravatar profile existence as a real-person identity signal

N-gram Gibberish Detection

Character bigram language model trained on 170K real emails detects machine-generated local parts

Email Tumbling Detection

Detects dot tricks, plus-tag variants, and fuzzy duplicates used to create fake accounts

Typo Correction

Suggests corrections for misspelled domains (gmial.com, outlok.com) with Levenshtein matching

DKIM Verification

Probes common DKIM selectors to verify domain has proper email authentication configured

DNSBL Blacklist Check

Queries Spamhaus and SpamCop blocklists to identify domains on known spam infrastructure

14 Additional Detection LayersLayers 2-15Real-time + Async

Beyond email analysis, BigShield layers IP intelligence, device fingerprinting, behavioral analysis, network graphs, and cross-customer threat intelligence for the highest confidence scoring.

IP Reputation

Identifies proxies, VPNs, Tor exit nodes, and datacenter IPs behind signups

IP History & Attack Rings

Tracks accounts per IP over 1h/24h windows, detects coordinated attack rings

Email Pattern Detection

Detects auto-generated names: sequential digits, keyboard walks, bot patterns

Domain Velocity & Clustering

Tracks signup volume per domain, flags unusual spikes and coordinated campaigns

Device Fingerprinting

Correlates browser, OS, and device signals to identify multi-account abuse

Pre-Signup Behavioral Signals

Analyzes form interaction patterns, timing, and mouse/keyboard behavior before submit

Network Graph Analysis

Maps relationships between accounts, IPs, and devices to uncover fraud rings

Campaign Attribution

Identifies coordinated signup campaigns by correlating timing and behavioral patterns

Temporal Correlation

Detects time-based anomalies and predicts abuse windows from historical patterns

Cross-Customer Threat Intel

Shared intelligence feed across all BigShield customers for real-time threat detection

Vendor Intelligence

Tracks VPN, proxy, and hosting provider abuse patterns across known infrastructure

Domain Registration Intelligence

WHOIS analysis for domain age, registrant patterns, and bulk registration detection

Post-Signup Behavioral Analysis

Monitors account activity after creation to catch sleeper accounts and delayed abuse

Timezone Mismatch Detection

Flags when browser timezone, IP geolocation, and claimed location contradict each other

Built on Real Data

Every signal is validated against a real-world corpus of spam and legitimate emails

185,000+

emails analyzed

in our validation corpus

95%+

spam catch rate

across 15,000+ spam samples

72,000+

burner domains

in our detection database

detection signals

layered defense in depth

Case Study

WriteCraft cut signup fraud by 94% and saved $47k/month

An AI writing assistant was losing $50k/month to free tier abuse. After integrating BigShield, fraudulent signups dropped from 38% to under 2%.

Read the full case study →

Security & Privacy

TLS Encrypted

All data in transit

No Email Storage

Validated and discarded

99.9% Uptime

Globally distributed

GDPR Friendly

Privacy by design

Add it to your signup flow in five minutes.

Install the SDK, call shield.validate() before you create the account, and block fakes before they cost you anything. That is the entire integration.

Read the Docs Get Your API Key

Install the package

npm, pip, composer, gem, or go get. Pick your language.

Validate before you provision

One API call between the form submit and account creation. Under 100ms.

Block or allow

Reject burners and fakes. Only onboard users who are worth your tokens.

install.sh

npm install bigshield

validate.ts

import { BigShield } from 'bigshield';

const ev = new BigShield('ev_live_...');

// In your signup handler
const result = await ev.validate(req.body.email);

if (result.recommendation === 'reject') {
  // Burner or fake — don't waste tokens
  return res.status(400).json({
    error: 'Please use a valid email address'
  });
}

// Real user — safe to provision AI credits
const user = await createAccount(req.body.email);
await allocateTokens(user.id, plan.tokens);

response.json

{
  "id": "val_a1b2c3d4",
  "email": "user@example.com",
  "status": "completed",
  "risk_score": 82,
  "risk_level": "low",
  "recommendation": "accept",
  "signals": [
    {
      "name": "email-format",
      "tier": "tier1",
      "score_impact": 10,
      "confidence": 1.0,
      "description": "Email format is valid"
    },
    {
      "name": "domain-reputation",
      "tier": "tier1",
      "score_impact": 15,
      "confidence": 0.95,
      "description": "Well-known email provider"
    },
    {
      "name": "mx-records",
      "tier": "tier1",
      "score_impact": 10,
      "confidence": 0.9,
      "description": "Valid MX records found"
    }
  ]
}

Costs less than one fake user

A single abusive signup can burn $5-50 in AI tokens. Pay pennies per validation to save dollars per fraud.

Free

$0/forever

Test it on your signup flow. No card needed.

1,500 validations/mo
10 requests/min
Batch size: 5
Tier-1 signals
Community support

Start Free

Starter

$29/month

For apps starting to see signup abuse.

5,000 validations/mo
60 requests/min
Batch size: 25
Tier-1 & Tier-2 signals
Email support

Get Started

Pro

$99/month

For production apps bleeding AI tokens to fraud.

50,000 validations/mo
200 requests/min
Batch size: 100
All signal tiers
Webhooks & priority support

Go Pro

Enterprise

Custom

For platforms where abuse = existential cost.

1M+ validations/mo
1,000 requests/min
Batch size: 100
All signal tiers + custom
Dedicated support & SLA

Contact Sales

View full pricing details →

From the Blog

Fraud detection insights, technical deep-dives, and product updates.

View all posts

Solution10 min read

How to Stop Spam Signups on Shopify, WordPress, and Webflow (Without CAPTCHAs)

Platform built-in protections fall short against modern bots. Learn how to protect Shopify, WordPress, and Webflow forms with server-side email validation, plus a preview of upcoming native plugins.

Jul 14, 2026

Solution9 min read

How to Stop 95% of Bot Signups Without CAPTCHAs or Honeypots

Single-layer defenses plateau at 60-70% effectiveness. Here are the five detection layers that get you to 95%+ bot prevention with less than 1% false positives.

Jul 7, 2026

Problem8 min read

CAPTCHAs Are Dead: Why Bots Solve Them Faster Than Your Users

CAPTCHA solving services cost $0.003 per solve and AI models crack them with 90%+ accuracy. Meanwhile, CAPTCHAs cause up to 40% conversion drops. Here's why server-side validation is the better alternative.

Jun 30, 2026