Fraud prevention insights, product updates, and engineering deep-dives.
Disposable emails cost SaaS companies thousands in fake signups, trial abuse, and chargebacks. Here's how to detect and block them — from simple domain lists to advanced behavioral signals.
Read article →Tor exit nodes, datacenter IPs, velocity spikes — the five signals that catch 90% of automated fraud before it hits your payment processor.
Read article →Every SaaS has the same problem: fake signups drain resources, inflate metrics, and create support nightmares. We built the API we wished existed.
Read article →Disposable email addresses — also known as burner emails, throwaway emails, or temp mail — are the #1 vector for trial abuse, fake signups, and promotional fraud in SaaS applications.
Companies like Mailinator, Guerrilla Mail, and TempMail provide instant, anonymous email addresses that require zero verification. This makes them perfect for anyone trying to abuse your free trial, create fake accounts, or exploit signup bonuses.
If you're running a SaaS product with a free trial or freemium tier, burner emails are silently costing you money:
The simplest approach: maintain a list of known disposable email domains and reject signups from them.
# Basic domain check
DISPOSABLE_DOMAINS = {"tempmail.com", "guerrillamail.com", "mailinator.com", ...}
def is_burner(email: str) -> bool:
domain = email.split("@")[1].lower()
return domain in DISPOSABLE_DOMAINSPros: Fast, zero false positives on known domains.
Cons: New disposable services launch daily. Your list is always behind. There are 130,000+ known disposable domains — and counting.
Many disposable email services share infrastructure. By checking MX records, you can catch domains that aren't in your blocklist but route through known throwaway mail servers.
Fraudsters often use patterns when creating emails:
j.o.h.n@gmail.com and john@gmail.com are the same inboxjohn+trial1@gmail.com, john+trial2@gmail.comxk7q9m3z@domain.com is likely auto-generateduser1@, user2@, user3@ from same IPThe most sophisticated approach combines email checks with behavioral data:
No single signal catches everything. The best fraud prevention combines all four methods into a risk score:
curl -X POST https://api.burnerblocker.com/v1/scan \
-H "x-api-key: bb_YOUR_KEY" \
-H "Content-Type: application/json" \
-d '{
"email": "xk7q9m@tempmail.com",
"ip_address": "185.220.101.34"
}'
# Response:
{
"risk_score": 92,
"verdict": "BLOCK",
"checks": {
"disposable_email": "FLAGGED",
"email_entropy": "FLAGGED",
"tor_node": "FLAGGED",
"velocity_check": "OK"
}
}BurnerBlocker checks 135,000+ disposable domains, strips Gmail aliases, analyzes entropy, detects Tor/VPN/datacenter IPs, tracks velocity, and scores everything in a single API call — in under 100ms.
Stop losing money to fake signups.
Start blocking burner emails →Email checks alone aren't enough. A fraudster can use a legitimate Gmail address with a stolen credit card. That's where IP intelligence comes in — the metadata around where a request originates often reveals more than who claims to be making it.
Tor is a legitimate privacy tool, but in the context of a payment flow, it's a massive red flag. Less than 0.01% of legitimate e-commerce transactions originate from Tor. Over 60% of fraudulent card-not-present transactions do.
BurnerBlocker maintains a real-time list of 1,200+ Tor exit node IPs, refreshed hourly.
Similar to Tor, VPN usage during checkout is suspicious. While many legitimate users have VPNs, the combination of VPN + new account + high-value transaction is a strong fraud signal.
Key indicators: known VPN provider IP ranges, datacenter ASNs that don't match residential ISPs, and proxy protocol headers.
Real customers browse from home (Comcast, Vodafone, Airtel) or mobile networks. If a signup comes from AWS, Google Cloud, or Azure, it's almost certainly automated — a bot, scraper, or carding script.
The most underrated signal. If 15 different email addresses hit your signup page from the same IP in 10 minutes, that's not a busy office — that's a fraud script running.
BurnerBlocker tracks request velocity per IP and per /24 subnet, flagging unusual spikes automatically.
When a user claims to be in the US but their IP geolocates to a high-fraud country, or when the IP country doesn't match the BIN country of the card — these mismatches are strong fraud indicators.
Individually, none of these signals are definitive. Combined into a weighted risk score, they catch over 90% of automated fraud with near-zero false positives.
Add all 5 signals to your payment flow with one API call.
Get your API key →Every SaaS founder hits the same wall: you launch, you grow, and then you notice the numbers don't add up. Half your "users" are burner emails. Your free trial is being exploited. Your chargeback rate is climbing.
We saw it firsthand. Fake signups were consuming server resources, polluting analytics, and creating support tickets from non-existent users. The existing solutions were either:
BurnerBlocker is what we wished existed: one POST request, comprehensive fraud signals, instant response, fair pricing.
POST /v1/scan → 82ms response
{
"risk_score": 74,
"verdict": "REVIEW",
"checks": { ... 12 signals ... }
}We combined everything into a single risk engine:
BurnerBlocker is built for developers and small SaaS teams who need fraud prevention without the enterprise price tag. If you have a signup form, a free trial, or a payment flow — you need this.
One API call. All the fraud signals you need.
Start your free trial →