Forem: Rahul S The latest articles on Forem by Rahul S (@circuit). https://forem.com/circuit https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3817101%2F14921882-d660-40c3-82cd-8fa05061a939.png Forem: Rahul S https://forem.com/circuit en Catch Disposable Emails Before They Wreck Your SaaS Metrics Rahul S Fri, 10 Apr 2026 13:40:27 +0000 https://forem.com/circuit/catch-disposable-emails-before-they-wreck-your-saas-metrics-3ida https://forem.com/circuit/catch-disposable-emails-before-they-wreck-your-saas-metrics-3ida <p>Every SaaS founder knows the pain: your free trial signups look great on paper, but half of them are throwaway accounts using disposable emails. They inflate your metrics, abuse free tiers, and never convert.</p> <p>Let's fix that — with code.</p> <h2> The Disposable Email Problem </h2> <p>Services like Guerrilla Mail, Temp Mail, and Mailinator let anyone generate a throwaway email in seconds. For SaaS products with free tiers, this means:</p> <ul> <li> <strong>Metric pollution</strong> — your signup numbers lie</li> <li> <strong>Free tier abuse</strong> — the same person creates 10 accounts</li> <li> <strong>Wasted onboarding emails</strong> — bouncing into the void</li> <li> <strong>Skewed cohort analysis</strong> — your retention data is garbage</li> </ul> <p>Traditional regex-based blocklists can't keep up. New disposable domains pop up daily. You need a real-time intelligence layer.</p> <h2> Beyond Blocklists: Real-Time Email Intelligence </h2> <p>The smarter approach combines multiple signals:</p> <ol> <li> <strong>Domain age</strong> — disposable domains are often days or weeks old</li> <li> <strong>MX record analysis</strong> — throwaway services have recognizable mail server patterns</li> <li> <strong>Known disposable provider databases</strong> — continuously updated</li> <li> <strong>IP reputation correlation</strong> — is the signup IP also suspicious?</li> </ol> <p>Checking all four gives you a confidence score, not just a binary yes/no.</p> <h2> Implementation: Node.js Example </h2> <p>Here's a practical signup validation middleware using <a href="https://ipasis.com" rel="noopener noreferrer">IPASIS</a>, which bundles IP + email intelligence in a single API call:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="c1">// middleware/validateSignup.js</span> <span class="kd">const</span> <span class="nx">IPASIS_API</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">https://ipasis.com/api/v1</span><span class="dl">'</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">validateSignup</span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">,</span> <span class="nx">next</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">email</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">ip</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">x-forwarded-for</span><span class="dl">'</span><span class="p">]</span> <span class="o">||</span> <span class="nx">req</span><span class="p">.</span><span class="nx">ip</span><span class="p">;</span> <span class="k">try</span> <span class="p">{</span> <span class="c1">// Single API call checks both IP reputation + email validity</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="nx">IPASIS_API</span><span class="p">}</span><span class="s2">/scan?ip=</span><span class="p">${</span><span class="nx">ip</span><span class="p">}</span><span class="s2">&amp;email=</span><span class="p">${</span><span class="nf">encodeURIComponent</span><span class="p">(</span><span class="nx">email</span><span class="p">)}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">IPASIS_KEY</span><span class="p">}</span><span class="s2">`</span> <span class="p">}</span> <span class="p">}</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">data</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="c1">// Check email signals</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">email</span><span class="p">?.</span><span class="nx">disposable</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Please use a permanent email address</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Check IP signals — VPN + Tor + known bot</span> <span class="k">if </span><span class="p">(</span><span class="nx">data</span><span class="p">.</span><span class="nx">ip</span><span class="p">?.</span><span class="nx">threat_score</span> <span class="o">&gt;</span> <span class="mi">75</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Log for review but don't hard-block</span> <span class="nx">req</span><span class="p">.</span><span class="nx">flagged</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="s2">`High-risk signup: </span><span class="p">${</span><span class="nx">email</span><span class="p">}</span><span class="s2"> from </span><span class="p">${</span><span class="nx">ip</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">vpn</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">ip</span><span class="p">.</span><span class="nx">vpn</span><span class="p">,</span> <span class="na">tor</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">ip</span><span class="p">.</span><span class="nx">tor</span><span class="p">,</span> <span class="na">bot</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">ip</span><span class="p">.</span><span class="nx">bot</span><span class="p">,</span> <span class="na">threat_score</span><span class="p">:</span> <span class="nx">data</span><span class="p">.</span><span class="nx">ip</span><span class="p">.</span><span class="nx">threat_score</span> <span class="p">});</span> <span class="p">}</span> <span class="nx">req</span><span class="p">.</span><span class="nx">ipasis</span> <span class="o">=</span> <span class="nx">data</span><span class="p">;</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="k">catch </span><span class="p">(</span><span class="nx">err</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Fail open — don't block signups if the API is unreachable</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">IPASIS check failed:</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">.</span><span class="nx">message</span><span class="p">);</span> <span class="nf">next</span><span class="p">();</span> <span class="p">}</span> <span class="p">}</span> <span class="nx">module</span><span class="p">.</span><span class="nx">exports</span> <span class="o">=</span> <span class="nx">validateSignup</span><span class="p">;</span> </code></pre> </div> <h3> Using it in Express: </h3> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="kd">const</span> <span class="nx">express</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">validateSignup</span> <span class="o">=</span> <span class="nf">require</span><span class="p">(</span><span class="dl">'</span><span class="s1">./middleware/validateSignup</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">app</span> <span class="o">=</span> <span class="nf">express</span><span class="p">();</span> <span class="nx">app</span><span class="p">.</span><span class="nf">use</span><span class="p">(</span><span class="nx">express</span><span class="p">.</span><span class="nf">json</span><span class="p">());</span> <span class="nx">app</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/signup</span><span class="dl">'</span><span class="p">,</span> <span class="nx">validateSignup</span><span class="p">,</span> <span class="k">async </span><span class="p">(</span><span class="nx">req</span><span class="p">,</span> <span class="nx">res</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">flagged</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Route to manual review queue instead of auto-activating</span> <span class="k">await</span> <span class="nf">addToReviewQueue</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">,</span> <span class="nx">req</span><span class="p">.</span><span class="nx">ipasis</span><span class="p">);</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Account pending review</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// Clean signup — proceed normally</span> <span class="k">await</span> <span class="nf">createUser</span><span class="p">(</span><span class="nx">req</span><span class="p">.</span><span class="nx">body</span><span class="p">);</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">message</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Welcome aboard!</span><span class="dl">'</span> <span class="p">});</span> <span class="p">});</span> </code></pre> </div> <h2> Python Flask Version </h2> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="kn">from</span> <span class="n">functools</span> <span class="kn">import</span> <span class="n">wraps</span> <span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">request</span><span class="p">,</span> <span class="n">jsonify</span> <span class="n">IPASIS_API</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://ipasis.com/api/v1</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">validate_signup</span><span class="p">(</span><span class="n">f</span><span class="p">):</span> <span class="nd">@wraps</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">def</span> <span class="nf">decorated</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="n">email</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">json</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">X-Forwarded-For</span><span class="sh">"</span><span class="p">,</span> <span class="n">request</span><span class="p">.</span><span class="n">remote_addr</span><span class="p">)</span> <span class="k">try</span><span class="p">:</span> <span class="n">resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">IPASIS_API</span><span class="si">}</span><span class="s">/scan</span><span class="sh">"</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">ip</span><span class="sh">"</span><span class="p">:</span> <span class="n">ip</span><span class="p">,</span> <span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">:</span> <span class="n">email</span><span class="p">},</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">IPASIS_KEY</span><span class="si">}</span><span class="sh">"</span><span class="p">},</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">3</span> <span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">resp</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="k">if</span> <span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">,</span> <span class="p">{}).</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">disposable</span><span class="sh">"</span><span class="p">):</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Please use a permanent email</span><span class="sh">"</span><span class="p">}),</span> <span class="mi">400</span> <span class="k">except</span> <span class="n">requests</span><span class="p">.</span><span class="n">RequestException</span><span class="p">:</span> <span class="k">pass</span> <span class="c1"># Fail open </span> <span class="k">return</span> <span class="nf">f</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">return</span> <span class="n">decorated</span> </code></pre> </div> <h2> What Signals Matter Most? </h2> <p>After analyzing thousands of signups, here's what actually predicts abuse:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Signal</th> <th>Weight</th> <th>Why</th> </tr> </thead> <tbody> <tr> <td>Disposable email</td> <td>🔴 High</td> <td>Direct indicator of throwaway intent</td> </tr> <tr> <td>Email domain age &lt; 7 days</td> <td>🟡 Medium</td> <td>Freshly registered domains are risky</td> </tr> <tr> <td>VPN + disposable combo</td> <td>🔴 Critical</td> <td>Privacy layering = almost always abuse</td> </tr> <tr> <td>Tor exit node</td> <td>🟡 Medium</td> <td>Legitimate privacy users exist, but flag for review</td> </tr> <tr> <td>IP threat score &gt; 75</td> <td>🟡 Medium</td> <td>Correlates with bot farms and proxy networks</td> </tr> </tbody> </table></div> <p>The magic is in combining signals. A VPN user with a Gmail address? Probably fine. A VPN user with a disposable email and a threat score of 90? That's abuse.</p> <h2> Try It Yourself </h2> <p>You can test any email or IP right now at <a href="https://ipasis.com/scan" rel="noopener noreferrer">ipasis.com/scan</a> — no account needed for the web scanner. For API access, the <a href="https://ipasis.com/docs" rel="noopener noreferrer">free tier</a> gives you 1,000 requests/day, which is plenty for most early-stage SaaS products.</p> <h2> Key Takeaways </h2> <ol> <li><p><strong>Don't just block — score.</strong> Binary blocklists create false positives. Score-based systems let you route suspicious signups to review queues instead of hard-blocking.</p></li> <li><p><strong>Combine IP + email signals.</strong> Either alone gives you half the picture. Together, they catch coordinated abuse.</p></li> <li><p><strong>Fail open.</strong> If your validation API is down, let signups through. A few bad actors are better than zero new users.</p></li> <li><p><strong>Log everything.</strong> Even if you don't block, log the signals. You'll want this data when you analyze churn.</p></li> </ol> <p>Stop letting disposable emails pollute your metrics. A single API call at signup can save you hours of cleanup later.</p> <p><em>Building something and fighting signup abuse? I'd love to hear what's working for you — drop a comment below.</em></p> webdev security saas tutorial Detecting Bots in 2026: IP Intelligence + Email Validation in One API Call Rahul S Thu, 02 Apr 2026 05:40:24 +0000 https://forem.com/circuit/detecting-bots-in-2026-ip-intelligence-email-validation-in-one-api-call-cjn https://forem.com/circuit/detecting-bots-in-2026-ip-intelligence-email-validation-in-one-api-call-cjn <h2> The Bot Problem Nobody Talks About </h2> <p>If you're running a web app in 2026, roughly 40% of your traffic isn't human. Scrapers, credential stuffers, fake signups — they eat your bandwidth, pollute your analytics, and sometimes steal your data.</p> <p>Most developers slap on a CAPTCHA and call it a day. But CAPTCHAs are a UX nightmare, and sophisticated bots solve them anyway. There's a better approach: <strong>checking the reputation of incoming requests before they even reach your app.</strong></p> <h2> The Two Signals That Matter Most </h2> <p>After building fraud detection systems for years, I've found that two data points catch 90%+ of malicious traffic:</p> <h3> 1. IP Intelligence </h3> <p>Every request comes from an IP address, and that IP tells a story:</p> <ul> <li> <strong>Is it a known proxy/VPN/Tor exit node?</strong> Legitimate users sometimes use VPNs, but bots almost always do.</li> <li> <strong>Is it from a datacenter or residential ISP?</strong> Most real users browse from home or mobile — datacenter IPs are a red flag.</li> <li> <strong>Has this IP been reported for abuse?</strong> Threat intelligence feeds track IPs involved in spam, attacks, and fraud.</li> <li> <strong>What's the geolocation?</strong> A "US user" connecting from a hosting provider in Eastern Europe is suspicious. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="c1"># Quick IP reputation check </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://ipasis.com/api/scan/ip/185.220.101.1</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer YOUR_API_KEY</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="n">data</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Risk Score: </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">risk_score</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s">/100</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Is VPN: </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">is_vpn</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Is Datacenter: </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">is_datacenter</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Abuse Reports: </span><span class="si">{</span><span class="n">data</span><span class="p">[</span><span class="sh">'</span><span class="s">abuse_count</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h3> 2. Email Validation </h3> <p>For signups and form submissions, the email address is your second line of defense:</p> <ul> <li> <strong>Does the domain actually exist?</strong> Disposable email services (guerrillamail, tempmail) are bot favorites.</li> <li> <strong>Is the mailbox real?</strong> SMTP verification catches typos and fake addresses.</li> <li> <strong>Is it a known disposable/temporary email?</strong> There are 10,000+ disposable domains.</li> <li> <strong>Is the domain newly registered?</strong> Fresh domains often exist solely for fraud. </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># Email validation </span><span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sh">"</span><span class="s">https://ipasis.com/api/scan/email/suspicious@tempmail.xyz</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Bearer YOUR_API_KEY</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="n">email_data</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Valid: </span><span class="si">{</span><span class="n">email_data</span><span class="p">[</span><span class="sh">'</span><span class="s">is_valid</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Disposable: </span><span class="si">{</span><span class="n">email_data</span><span class="p">[</span><span class="sh">'</span><span class="s">is_disposable</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="sh">"</span><span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Domain Age: </span><span class="si">{</span><span class="n">email_data</span><span class="p">[</span><span class="sh">'</span><span class="s">domain_age_days</span><span class="sh">'</span><span class="p">]</span><span class="si">}</span><span class="s"> days</span><span class="sh">"</span><span class="p">)</span> </code></pre> </div> <h2> Combining Both: A Practical Middleware </h2> <p>Here's a real-world pattern I use — a middleware that scores every signup request:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="n">flask</span> <span class="kn">import</span> <span class="n">Flask</span><span class="p">,</span> <span class="n">request</span><span class="p">,</span> <span class="n">jsonify</span> <span class="kn">import</span> <span class="n">requests</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">Flask</span><span class="p">(</span><span class="n">__name__</span><span class="p">)</span> <span class="n">IPASIS_KEY</span> <span class="o">=</span> <span class="sh">"</span><span class="s">your-api-key</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">check_reputation</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="n">email</span><span class="p">):</span> <span class="sh">"""</span><span class="s">Score a signup attempt using IP + email intelligence.</span><span class="sh">"""</span> <span class="n">risk</span> <span class="o">=</span> <span class="mi">0</span> <span class="n">flags</span> <span class="o">=</span> <span class="p">[]</span> <span class="c1"># Check IP </span> <span class="n">ip_resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">https://ipasis.com/api/scan/ip/</span><span class="si">{</span><span class="n">ip</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">IPASIS_KEY</span><span class="si">}</span><span class="sh">"</span><span class="p">}</span> <span class="p">).</span><span class="nf">json</span><span class="p">()</span> <span class="k">if</span> <span class="n">ip_resp</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">is_vpn</span><span class="sh">"</span><span class="p">):</span> <span class="n">risk</span> <span class="o">+=</span> <span class="mi">20</span> <span class="n">flags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">"</span><span class="s">vpn_detected</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">ip_resp</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">is_datacenter</span><span class="sh">"</span><span class="p">):</span> <span class="n">risk</span> <span class="o">+=</span> <span class="mi">30</span> <span class="n">flags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">"</span><span class="s">datacenter_ip</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="n">ip_resp</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">abuse_count</span><span class="sh">"</span><span class="p">,</span> <span class="mi">0</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">5</span><span class="p">:</span> <span class="n">risk</span> <span class="o">+=</span> <span class="mi">25</span> <span class="n">flags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">"</span><span class="s">known_abuser</span><span class="sh">"</span><span class="p">)</span> <span class="c1"># Check email </span> <span class="n">email_resp</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">https://ipasis.com/api/scan/email/</span><span class="si">{</span><span class="n">email</span><span class="si">}</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Authorization</span><span class="sh">"</span><span class="p">:</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Bearer </span><span class="si">{</span><span class="n">IPASIS_KEY</span><span class="si">}</span><span class="sh">"</span><span class="p">}</span> <span class="p">).</span><span class="nf">json</span><span class="p">()</span> <span class="k">if</span> <span class="n">email_resp</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">is_disposable</span><span class="sh">"</span><span class="p">):</span> <span class="n">risk</span> <span class="o">+=</span> <span class="mi">40</span> <span class="n">flags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">"</span><span class="s">disposable_email</span><span class="sh">"</span><span class="p">)</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">email_resp</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">is_valid</span><span class="sh">"</span><span class="p">):</span> <span class="n">risk</span> <span class="o">+=</span> <span class="mi">50</span> <span class="n">flags</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="sh">"</span><span class="s">invalid_email</span><span class="sh">"</span><span class="p">)</span> <span class="k">return</span> <span class="p">{</span><span class="sh">"</span><span class="s">risk_score</span><span class="sh">"</span><span class="p">:</span> <span class="nf">min</span><span class="p">(</span><span class="n">risk</span><span class="p">,</span> <span class="mi">100</span><span class="p">),</span> <span class="sh">"</span><span class="s">flags</span><span class="sh">"</span><span class="p">:</span> <span class="n">flags</span><span class="p">}</span> <span class="nd">@app.route</span><span class="p">(</span><span class="sh">"</span><span class="s">/signup</span><span class="sh">"</span><span class="p">,</span> <span class="n">methods</span><span class="o">=</span><span class="p">[</span><span class="sh">"</span><span class="s">POST</span><span class="sh">"</span><span class="p">])</span> <span class="k">def</span> <span class="nf">signup</span><span class="p">():</span> <span class="n">ip</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">remote_addr</span> <span class="n">email</span> <span class="o">=</span> <span class="n">request</span><span class="p">.</span><span class="n">json</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">check_reputation</span><span class="p">(</span><span class="n">ip</span><span class="p">,</span> <span class="n">email</span><span class="p">)</span> <span class="k">if</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">risk_score</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;</span> <span class="mi">60</span><span class="p">:</span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">error</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Signup blocked</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">reason</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">suspicious_activity</span><span class="sh">"</span><span class="p">}),</span> <span class="mi">403</span> <span class="k">elif</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">risk_score</span><span class="sh">"</span><span class="p">]</span> <span class="o">&gt;</span> <span class="mi">30</span><span class="p">:</span> <span class="c1"># Flag for manual review but allow </span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">pending_review</span><span class="sh">"</span><span class="p">}),</span> <span class="mi">200</span> <span class="k">else</span><span class="p">:</span> <span class="c1"># Clean signup, proceed normally </span> <span class="k">return</span> <span class="nf">jsonify</span><span class="p">({</span><span class="sh">"</span><span class="s">status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">approved</span><span class="sh">"</span><span class="p">}),</span> <span class="mi">200</span> </code></pre> </div> <h2> Why This Beats CAPTCHAs </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Approach</th> <th>User Friction</th> <th>Bot Detection Rate</th> <th>Latency</th> </tr> </thead> <tbody> <tr> <td>reCAPTCHA v2</td> <td>High (click images)</td> <td>~85%</td> <td>2-5s</td> </tr> <tr> <td>reCAPTCHA v3</td> <td>Low (invisible)</td> <td>~70%</td> <td>1-3s</td> </tr> <tr> <td>IP + Email Intelligence</td> <td>Zero</td> <td>~92%</td> <td>&lt;200ms</td> </tr> </tbody> </table></div> <p>The key advantage: <strong>zero user friction</strong>. Your legitimate users never see a challenge. The API call happens server-side in milliseconds, and bad actors get blocked silently.</p> <h2> Getting Started </h2> <p>If you want to try this approach, <a href="https://ipasis.com" rel="noopener noreferrer">IPASIS</a> offers a free tier with 1,000 requests/day — enough to protect a small-to-medium app. You can also test any IP or email interactively on the <a href="https://ipasis.com/scan" rel="noopener noreferrer">free scanner</a>.</p> <p>The <a href="https://ipasis.com/docs" rel="noopener noreferrer">API docs</a> cover authentication, rate limits, and response formats. The API is REST-based with JSON responses — no SDK required.</p> <h2> Key Takeaways </h2> <ol> <li> <strong>Don't rely solely on CAPTCHAs</strong> — they hurt UX and sophisticated bots bypass them.</li> <li> <strong>IP intelligence catches infrastructure-level fraud</strong> (VPNs, datacenter IPs, known abusers).</li> <li> <strong>Email validation catches identity-level fraud</strong> (disposable emails, fake domains).</li> <li> <strong>Combine both for a risk score</strong> that lets you block, flag, or approve in real-time.</li> <li> <strong>Server-side checks = zero user friction</strong> — your real users never know it's happening.</li> </ol> <p>Bot detection doesn't have to mean annoying your users. Sometimes the smartest security is invisible.</p> <p><em>What bot detection approach are you using? Drop a comment — I'm curious what's working for others in 2026.</em></p> security webdev api tutorial