Fake account detection
A fake account is one that isn't a real person who intends to use your product, usually a bot creating accounts in bulk.
Step 1: Set up login and signup protection
Before anything else here, set up Signup protection and Login protection. They're the basis this builds on, and without them the policies below can be bypassed. With those in place, the rest of this guide covers the policies that actually stop fake accounts.
Step 2: Add the policies
Add these in your policies dashboard:
| Policy | Trigger | Conditions | Verdict |
|---|---|---|---|
| Block fake contacts | signup | email_is_invalid, email_is_disposable, or a VoIP / bought phone number (coming soon) | Deny |
| Verify new accounts | signup | is_email_verified is false | Challenge |
| Challenge bot sign-ups | signup | bot_risk_severity is high+ (coming soon) | Challenge |
Give the block policy higher priority than the challenge, so a clear-cut fake is denied outright instead of just challenged. Everything else falls through to the verify challenge: a real person clears the email or SMS code, a bot or throwaway can't.
From here you can stack more onboarding protections on top, like multi-accounting prevention.
Related
- Need help? Contact support.
- Want to see Rupt in action? Request a demo.
- Questions? Talk to sales.
- Check out our changelog.
- Check our status page.
- LLM? Read llms.txt.