Case StudiesDocsBlogContact
Log InGet started
Stop Fake Signups

Stop Bot Signups, Disposable Emails & Fake Account Creation

Bot-registered accounts, burner emails, and proxy-masked registrations poison your funnel metrics before your first real user shows up. Sentinel scores every registration — form and OAuth callback alike — invisibly, in under 40ms.

< 40msResponse time globally
Free1,000 requests/hour — no card, no expiry
0CAPTCHAs required
400+Device signals per session

What you're up against

Bot-registered accounts at scale

Scripted signups run headless browsers through your registration form, pass email verification, and land in your database looking like users. Every one skews activation metrics and burns onboarding email sends.

Disposable emails that pass validation

Burner mailbox domains appear and disappear daily — faster than any static blocklist you maintain by hand. The addresses are syntactically valid, receive the verification mail, and click the link.

Proxy-masked registrations

Each fake signup arrives from a fresh residential IP, so per-IP rate limits and geo rules never fire. The registrations look geographically diverse when they are one operator behind a proxy pool.

Poisoned funnel metrics

Fake accounts inflate signup counts, deflate activation rate, and mislead every growth experiment you run. By the time the anomaly is obvious, weeks of A/B test data are already contaminated.

What Sentinel does for you

  • Reject disposable-email signups using live feeds, not a stale blocklist
  • Detect headless browsers and automation behind scripted registrations
  • See VPN, proxy, and datacenter origin on every new registration
  • Link repeat signups to one physical device with a cross-browser "times seen" counter
  • Verdict in under 40ms — before the verification email is even queued
97%

reduction in fake account registrations at an EU fintech targeted within days of launching a signup bonus

[ Read Full Case Study ]

Where the check goes

Two call sites cover registration fraud: signup (before you write the user row or queue the verification email) and the OAuth callback (a Google identity says nothing about the device that just presented it). The client snippet rides along in your registration page; the server asks Sentinel for a verdict before the account exists.

// Score the signup before you create the account or send verification email
const res = await fetch('https://sntlhq.com/v1/evaluate', {
  method: 'POST',
  headers: {
    'Authorization': 'Bearer ' + process.env.SENTINEL_KEY,
    'Content-Type': 'application/json'
  },
  body: JSON.stringify({ token: req.body.sentinel_token })
});
const risk = await res.json();
if (risk.decision === 'block') return res.status(403).json({ error: 'Request rejected' });
if (risk.decision === 'review') flagForReview(risk.reasons);

The signals that matter here

Disposable emails, checked live. Burner-domain lists go stale in days, so Sentinel checks signup emails against continuously refreshed intelligence feeds instead of a bundled snapshot. A domain registered this morning to soak your verification emails gets flagged the same day — and because the feeds only ever add signal, a feed outage never blocks a legitimate mail provider.

Automation artifacts a form can't see. Scripted registrations run headless Chrome with stealth patches, or full antidetect browsers with spoofed fingerprints. The device layer reads the environment underneath the spoofing and returns automation_detected, antidetect_browser, or virtual_machine in the reasons array — so your server rejects the POST before a user row exists.

One laptop, fifty accounts. Disposable emails and proxy rotation make every fake signup look unique — except the hardware. Sentinel's cross-browser device ID and its "times seen" counter tie registration #2 through #50 back to the same machine even across fresh browser profiles, which is what actually ends multi-accounting. Linking is per-customer and hash-only: you see your own repeat offenders, nothing else.

OAuth signups are still signups. A Google or GitHub identity proves someone controls a mailbox, not that the device behind it is clean — bulk-created OAuth accounts sail through checks that only watch the password form. Running the same verdict in the OAuth callback puts network.vpn, network.datacenter, and the device signals on every registration path, not just one.

Common questions

How does Sentinel catch disposable email addresses?
The signup email's domain is checked against live intelligence feeds that refresh continuously, so newly registered burner domains are caught within hours instead of whenever a static list ships. The feeds are fail-open by design: an outage means slightly older data, never legitimate mail providers getting blocked.
Will privacy-conscious users on VPNs get rejected?
Not unless you decide they should be. Sentinel returns the individual signals — network.vpn, network.proxy, risk_score — alongside the decision, so you can route a VPN-only signup to 'review' or extra verification instead of blocking it. A VPN by itself is weak evidence of fraud, and your policy stays in your code.
Does this work for 'Sign in with Google' registrations?
Yes. The client snippet runs on your page regardless of auth method, so you make the same server-side call from the OAuth callback before creating the account. An OAuth identity proves control of a mailbox, not that the device behind it is clean — the device and network checks are identical on both paths.
What happens if the Sentinel API is unreachable?
Your call, but we recommend failing open: if the request errors or exceeds your timeout, create the account and flag it for review rather than blocking real users. The endpoint is built to answer in under 40ms, so a short timeout is practical.
How much does it cost to try?
The free tier is 1,000 requests per hour with no credit card, which covers signup-flow volume for most early-stage products. Sentinel is in open beta — if you outgrow the free tier or need help tuning thresholds, contact us and a human will answer.

Keep fake accounts out of your database

Free tier: 1,000 requests/hour. No card, no expiry. Detects residential proxies, antidetect browsers, and AI bots.

Fraud BriefOnce a month · no spam · unsubscribe anytime
Get the new VPN, proxy & bot patterns we see each month
Short, technical breakdowns of what fraudsters changed last month — written for engineers, not marketers.
Stop fraud before it hides — try Sentinel free. Free tier: 1,000 requests/hour. No card, no expiry.