Stop Bot Signups, Disposable Emails & Fake Account Creation
Bot-registered accounts, burner emails, and proxy-masked registrations poison your funnel metrics before your first real user shows up. Sentinel scores every registration — form and OAuth callback alike — invisibly, in under 40ms.
What you're up against
Bot-registered accounts at scale
Scripted signups run headless browsers through your registration form, pass email verification, and land in your database looking like users. Every one skews activation metrics and burns onboarding email sends.
Disposable emails that pass validation
Burner mailbox domains appear and disappear daily — faster than any static blocklist you maintain by hand. The addresses are syntactically valid, receive the verification mail, and click the link.
Proxy-masked registrations
Each fake signup arrives from a fresh residential IP, so per-IP rate limits and geo rules never fire. The registrations look geographically diverse when they are one operator behind a proxy pool.
Poisoned funnel metrics
Fake accounts inflate signup counts, deflate activation rate, and mislead every growth experiment you run. By the time the anomaly is obvious, weeks of A/B test data are already contaminated.
What Sentinel does for you
- Reject disposable-email signups using live feeds, not a stale blocklist
- Detect headless browsers and automation behind scripted registrations
- See VPN, proxy, and datacenter origin on every new registration
- Link repeat signups to one physical device with a cross-browser "times seen" counter
- Verdict in under 40ms — before the verification email is even queued
reduction in fake account registrations at an EU fintech targeted within days of launching a signup bonus
[ Read Full Case Study ]Where the check goes
Two call sites cover registration fraud: signup (before you write the user row or queue the verification email) and the OAuth callback (a Google identity says nothing about the device that just presented it). The client snippet rides along in your registration page; the server asks Sentinel for a verdict before the account exists.
// Score the signup before you create the account or send verification email
const res = await fetch('https://sntlhq.com/v1/evaluate', {
method: 'POST',
headers: {
'Authorization': 'Bearer ' + process.env.SENTINEL_KEY,
'Content-Type': 'application/json'
},
body: JSON.stringify({ token: req.body.sentinel_token })
});
const risk = await res.json();
if (risk.decision === 'block') return res.status(403).json({ error: 'Request rejected' });
if (risk.decision === 'review') flagForReview(risk.reasons);The signals that matter here
Disposable emails, checked live. Burner-domain lists go stale in days, so Sentinel checks signup emails against continuously refreshed intelligence feeds instead of a bundled snapshot. A domain registered this morning to soak your verification emails gets flagged the same day — and because the feeds only ever add signal, a feed outage never blocks a legitimate mail provider.
Automation artifacts a form can't see. Scripted registrations run headless Chrome with stealth patches, or full antidetect browsers with spoofed fingerprints. The device layer reads the environment underneath the spoofing and returns automation_detected, antidetect_browser, or virtual_machine in the reasons array — so your server rejects the POST before a user row exists.
One laptop, fifty accounts. Disposable emails and proxy rotation make every fake signup look unique — except the hardware. Sentinel's cross-browser device ID and its "times seen" counter tie registration #2 through #50 back to the same machine even across fresh browser profiles, which is what actually ends multi-accounting. Linking is per-customer and hash-only: you see your own repeat offenders, nothing else.
OAuth signups are still signups. A Google or GitHub identity proves someone controls a mailbox, not that the device behind it is clean — bulk-created OAuth accounts sail through checks that only watch the password form. Running the same verdict in the OAuth callback puts network.vpn, network.datacenter, and the device signals on every registration path, not just one.
Common questions
Keep fake accounts out of your database
Free tier: 1,000 requests/hour. No card, no expiry. Detects residential proxies, antidetect browsers, and AI bots.