All articles

How to Prevent Fake Account Signups

Fake signups fuel spam, fraud and trial abuse. Learn how to stop them with IP intelligence — VPN, proxy and reputation signals — without hurting real users.

April 22, 20262 min read

Fake signups are where a lot of downstream abuse begins — spam, fraud, trial farming, review manipulation. The signup form is also the cheapest place to stop it, because you can evaluate risk before the account exists. Here's how to do that with IP intelligence.

Why fake accounts happen at the IP layer

Creating accounts in bulk means looking like many different people. Attackers achieve that by routing through proxies and VPNs, so each signup appears to come from a fresh user. That reliance on anonymising infrastructure is also their weakness: it's detectable.

Check a signup IP for risk signals

The signals to check at signup

  1. Proxy / VPN / Tor usage — bulk signups lean on anonymisers. Use the proxy detection API and VPN detection API.
  2. Residential-proxy signals — the strongest evasion indicator; see the FBI's credential-stuffing warning.
  3. IP reputation — prior abuse from the address or range. See what is IP reputation.
  4. Hosting origin — a "new customer" on a datacenter ASN is suspicious.

Roll these into a single IP fraud score so your signup logic stays simple.

A signup defense that doesn't punish real users

The goal is friction proportional to risk, not a wall:

Risk scoreSignup handling
LowAllow normally
MediumRequire email/phone verification
HighVerify + manual review, or soft-block with appeal

Layer in non-IP signals too — disposable-email detection, device fingerprinting and behaviour — for defense in depth. But IP scoring is the highest-leverage first filter.

Implementation

  1. On signup submit, look up the client IP server-side.
  2. Read the fraud score / proxy + VPN verdicts.
  3. Apply the table above; log the signals for later review.

This mirrors the pattern in how to detect VPN in your signup flow.

Bottom line

Most fake signups ride on proxies, VPNs and low-reputation IPs, so a single IP risk check at the signup form filters a large share of them. Score the signup and add verification proportional to risk — you stop the bulk abuse without blocking legitimate new users.

FAQ

Frequently asked questions

Usually by bots routing through proxies and VPNs so each account looks like a different user, often paired with disposable emails. Detecting the anonymising infrastructure at signup stops most of it.

Related articles

How to Detect Bots by IP AddressReadWhat Is a Residential Proxy? (And How to Detect One)ReadWhat Is IP Reputation and Why It MattersRead
Die Suite entdecken

Unsere anderen Tools ausprobieren

VPN-ErkennungErkennen Sie IPs, die über verschlüsselte VPN-Tunnel geleitet werden, um ihren echten Standort zu verschleiern.Proxy-ErkennungErkennen Sie HTTP-, SOCKS-, Residential- und Rechenzentrums-Proxys sowie Tor-Exit-Nodes.IP-GeolokalisierungOrdnen Sie jede IP einem Land, einer Region und einer Stadt zu – mit ISP- und Zeitzonendaten.ASN-DatenErmitteln Sie die Autonomous-System-Nummer und die Organisation, der ein IP-Bereich gehört.WHOIS-InfosRufen Sie Registrierungs- und Eigentümerdaten für Domains und IP-Bereiche ab.