Skip to main content
Signup Shield

Turn every signup into a trust verdict

Email checks and CAPTCHA verify the inbox, not the human behind it. Signup Shield fuses email anatomy, domain forensics, business substance, federated identity, behavioral telemetry, and a cross-tenant fraud graph into one explainable verdict, in real time, at registration. See how browser-layer detection catches what email verification misses.

POST /v1/signup/verdict
~120ms
ava@acme.co
0.94
Approve
federation: google_workspace domain_age: 4y email_anatomy: clean
j.okafor@new-studio.io
0.61
Step up
domain_age: 9d idp_discoverable: okta business_substance: thin
k29x@mail-tm.live
0.08
Block
disposable_domain device_graph_match: ring_4471 behavior: automated
The problem

Three signups you can't afford to wave through

Throwaway and disposable domains

Burner inboxes and relay domains spin up in seconds, pass a basic email check, and disappear the moment they've abused your free tier or promo.

Hijacked and compromised accounts

Credentials surface in breach dumps and get reused at scale. The address looks real because it is real, it just isn't the person signing up.

Consumer and free email, on your terms

A real employee on Gmail can be exactly who you want. Free email is a signal you tune per segment, not an automatic block. Signup Shield reads federation and other proofs before it decides.

WITH CSIDE
  • Score every signup on email anatomy, disposable and relay domains, DNS and domain forensics, and business-substance lookups, not just whether the inbox exists.
  • Treat verified federation (Google Workspace, SSO and IdP discovery) as a positive trust signal, so real users sail through and risky password signups get a step-up.
  • Link coordinated fake accounts across the whole network with a cross-tenant fraud graph, behavioral telemetry, and ground-truth labels from honeypots and DMARC reporting.
  • Return one explainable verdict with reason codes and an immutable audit log, in real time, then wire it into your flow to allow, step up, or block.
Verification sources

Every signup, checked against ten classes of evidence

Signup Shield fuses signals from across the open web, the DNS and mail infrastructure, public business registries, and your own network into one real-time verdict.

POST /v1/signup/verdict
10 checked · ~120ms

Email anatomy

01

Entropy, role addresses, faker and Markov patterns, TLD risk, and IDN homoglyphs, read straight from the address itself.

Entropy scoringRole-addressMarkov modelTLD riskIDN homoglyphs

Disposable and relay detection

02

Four open-source blocklists plus MX fingerprinting catch burner domains, while privacy relays are treated neutrally.

4 OSS blocklistsMX fingerprintingPrivacy-relay aware

DNS and domain forensics

03

RDAP and WHOIS age, newly-registered domains, DNSSEC, parking, and MX provider class tell you how real the domain is.

RDAP / WHOIS ageNewly-registeredDNSSECParkingMX class

Mailserver reputation

04

SPF and DMARC policy, DMARC RUA aggregation, Spamhaus DROP and SBL, and null-MX checks score the sending infrastructure.

SPF / DMARCDMARC RUASpamhaus DROP / SBLNull MX

Compromised-account intelligence

05

Breached-account checks flag addresses that have surfaced in known credential dumps.

Have I Been PwnedBreach corpus

Company and business registries

06

Official records across 15+ countries confirm a real business behind the domain, with coworking-address blocklists to catch the fakes.

Companies HouseEDGARINSEEGLEIF LEIKvKVIES VAT

Web substance

07

Public discussion of the email and domain across the web: archived content continuity, structured data, knowledge graphs, and crawl rank.

Wayback continuityJSON-LDWikidata / KGLinkedInTrancoCommon Crawl

Federated identity proofs

08

A verified Google Workspace claim is the strongest signal we read; Microsoft tenants, Apple, GitHub orgs, and passkeys add more.

Google WorkspaceMicrosoft tenantApple SIWAGitHub orgWebAuthn

Behavioral and device telemetry

09

IP, ASN and Tor, device-fingerprint reuse, headless and anti-detect browsers, TLS and HTTP consistency, honeypots, form timing, and velocity.

IP / ASN / TorDevice reuseHeadless detectHoneypotVelocity

Cross-tenant fraud graph

10

A device caught committing fraud at one customer flags matching signups across the whole network, coverage no single tenant can build alone.

Network-wide graphShared ground truth
Trust verdict
ApproveStep upBlock

Corroborated across federation, domain age, and email anatomy.

How it works

From signals to a verdict in under 500ms

01

Collect the signals

At registration, Signup Shield gathers email anatomy, domain and DNS forensics, business-substance and registry data, federation proofs, and behavioral telemetry in a single call.

02

Check the network graph

Each signup is matched against a cross-tenant fraud graph and ground-truth labels from honeypots and DMARC reporting, surfacing rings that single-tenant rules never see.

03

Return an explainable verdict

Signals fuse into one score with reason codes in real time, so every decision is auditable and you know exactly why it fired, not just that it did.

04

Decide in your flow

Allow clean signups, step up risky ones with federation or extra checks, and block high-confidence fraud, by API or webhook, before the account exists.

Compare

Why Signup Shield outperforms single-signal signup checks

vs. Email/OTP verification
vs. CAPTCHA
vs. Device-only fraud tools
Reads email anatomy, domain forensics, and business substance, not just inbox existence Scores the whole signup context, not a single checkpoint Adds email, domain, business, and federation signals on top of the device
Catches throwaway and relay domains that still pass an OTP Flags automation and AI agents that solve the challenge Links coordinated accounts with a cross-tenant graph across customers
Returns a verdict with reason codes before the account exists Runs passively, with no added user friction Treats verified federation as a positive signal to preserve conversion
FAQ

Questions, answered

01 What is Signup Shield?

Signup Shield turns every signup attempt into a real-time trust verdict. It fuses email anatomy, disposable and relay detection, DNS and domain forensics, business-substance lookups, federated identity proofs, behavioral telemetry, and a cross-tenant fraud graph into one explainable score with reason codes, then sends that verdict into your signup flow so you can allow, step up, or block.

02 How is this different from email or OTP verification?

Email and OTP verify the endpoint, not the registrant. A valid inbox receipt and a valid OTP are fully compatible with an automated, fully fake signup, because disposable-email APIs provision throwaway inboxes and read back codes programmatically. Signup Shield evaluates the whole context around the registration, including signals an attacker cannot swap out as easily as an email address.

03 Which sources does Signup Shield check?

Every signup is checked against ten classes of evidence: email anatomy, disposable and relay detection, DNS and domain forensics, mailserver reputation, compromised-account intelligence, company and business registries, web substance, federated identity proofs, behavioral and device telemetry, and a cross-tenant fraud graph. The signals fuse into one score with reason codes, so you can see exactly which evidence drove the verdict.

04 Do you automatically block free or consumer email?

No. Free email is a tunable signal, not an automatic block. A real employee on a Gmail address, or a real freelancer, should still pass, so Signup Shield weighs free email alongside federation proofs, domain forensics, and the rest of the context. You decide how much weight free email carries per segment, so a strict B2B flow and a consumer flow can score the same address differently.

05 Will it block real users with privacy-relay emails or brand-new domains?

No. A single thin signal is not treated as guilt. Signup Shield weighs many signals together, so a privacy-relay address, a freelancer, a brand-new startup, or a small business on a long-tail domain reads very differently from a coordinated fake. You set the threshold and the response, so legitimate signups stay frictionless.

06 How does federation improve both trust and conversion?

A signup arriving with a verified federation proof, such as a Google Workspace domain claim, is high-confidence and can be approved with no friction. For password signups on domains that have a discoverable identity provider, Signup Shield can prompt a step-up to federation, which raises trust and improves conversion at the same time. No competitor productizes federation as a scoring signal rather than just an auth method.

07 How fast is the verdict and how do I act on it?

The verdict returns in real time during the signup request, with reason codes that explain it. Consume it by API or webhook and decide in your own flow: allow clean signups, apply step-up friction only when the score crosses your threshold, and block high-confidence fraud before the account is created.

08 How is Signup Shield deployed?

Through a developer-friendly API and the cside JavaScript SDK that already runs on your pages. It sits alongside your existing signup, fraud, and rules stack and feeds it a verdict, so it is a layer you add, not a rip-and-replace of your auth provider.

09 What is the difference between fake account creation and account takeover?

Fake account creation builds a new fraudulent account from scratch at signup; account takeover compromises an existing legitimate account through stolen credentials or session theft. Signup Shield focuses on the registration moment, while account takeover protection covers existing sessions. cside covers both surfaces.

Didn't find what you were looking for?

Book a demo
Stop fake accounts at signup

Turn every signup into a trust verdict

One API call. Fuse email, domain, business, federation, behavioral, and cross-tenant signals into one explainable verdict, before the account exists.

Book a demo