Skip to main content
Real World 8 min read

Signup Fraud: How Disposable Emails and Proxies Work Together

AntiProxies Team
Featured image for Signup Fraud: How Disposable Emails and Proxies Work Together

Nearly every form of online fraud starts with a fake account. Multi-accounting, promo abuse, credential stuffing, review manipulation, spam -- they all require a supply of accounts that look legitimate but aren't. The two technologies that make this possible at scale are disposable email services and proxy networks. Separately, each solves one piece of the identity-faking puzzle. Together, they form a complete assembly line for synthetic identities.

The anatomy of a fake signup

Creating a convincing fake account requires two things: a unique email address that can receive a verification message, and an IP address that doesn't look like it's already been used to create other accounts. Disposable emails handle the first requirement, and proxies handle the second.

Here's how the process typically works. A fraudster -- or more commonly, a bot -- generates a fresh email address through a disposable email provider like Guerrilla Mail, Temp Mail, or one of the hundreds of similar services. These providers create temporary inboxes that exist long enough to receive a verification link, then disappear. Some services offer API access, making it trivial to generate thousands of addresses programmatically.

Simultaneously, the bot routes each signup request through a different IP address using a residential proxy network or a rotating backconnect proxy. This means every account creation appears to come from a different geographic location and a different ISP -- often a legitimate residential connection. To the target platform, each signup looks like a distinct person on a distinct network using a distinct email address.

Why disposable emails are the fuel

Email verification is supposed to be a trust signal. The logic is straightforward: if someone can receive email at an address, that address probably belongs to a real person with some level of accountability. Disposable email services break this assumption entirely.

The disposable email ecosystem has grown significantly. There are now over 50,000 known disposable email domains, and new ones appear daily. Some services operate hundreds of domains specifically to evade blocklists. Others offer custom domain functionality, making their addresses indistinguishable from regular email at a glance.

For deeper background on how these services operate, see our post on how disposable email services work. The key takeaway is that without active disposable email detection, your email verification step provides zero friction against bulk account creation.

Why proxies make detection exponentially harder

If disposable emails provide the identity, proxies provide the invisibility. Without a proxy, creating 100 accounts from the same IP address is easy to detect and block. With a residential proxy network, those 100 accounts come from 100 different residential IPs across 100 different cities. Each one passes basic IP checks because it is a real residential connection.

The proxy infrastructure available to fraudsters has matured dramatically. Modern residential proxy providers offer:

  • Millions of IP addresses: Large networks provide access to 10-50 million residential IPs worldwide, making IP-based rate limiting nearly useless.
  • Geographic targeting: Fraudsters can select exit IPs in specific countries, states, or even cities to match the location implied by their fake identity.
  • Session persistence: Sticky sessions keep the same IP for the duration of a signup flow, avoiding mid-session IP switches that might trigger alerts.
  • HTTP(S) and SOCKS5 support: Full protocol support means the proxy works with any automation tool or browser.

For a detailed look at why residential proxies are the hardest threat to catch, see our analysis of residential proxy detection challenges.

The economics of signup fraud

Understanding the cost structure explains why signup fraud is so widespread. A residential proxy subscription costs $50-200/month for several gigabytes of traffic -- enough for tens of thousands of signups. Disposable emails are effectively free at volume. Automation tools (Puppeteer, Playwright, custom scripts) are open source.

The revenue side depends on what the fake accounts are used for. A first-order discount of $10 harvested across 1,000 accounts is $10,000. Referral bonuses compound even faster. Even accounts with no direct monetary value have worth -- aged accounts with clean histories can be sold on underground markets for use in future fraud campaigns.

The return on investment for signup fraud is routinely 10-100x, which means it will continue as long as platforms make it easy. The only effective response is making the cost of successful signups exceed the value extracted.

Detection strategies that work

Stopping signup fraud requires addressing both halves of the equation -- the fake identity and the hidden network.

Email intelligence at registration

The first line of defense is email verification that goes beyond "can this address receive mail." Effective email intelligence checks whether the domain is a known disposable provider, whether the address follows patterns associated with auto-generated identities (random character strings, sequential numbering), and whether the email domain has legitimate MX records with a real mail infrastructure behind it.

This single check eliminates the cheapest and most common path to fake accounts. When a fraudster can't use throwaway addresses, they're forced to either buy aged email accounts (expensive) or use email aliasing (detectable with the right tools). Either option dramatically increases cost per account.

IP reputation at the network level

The second layer is IP reputation checking on every signup request. Even residential proxies leave detectable signals when you have the right data. An IP that's been observed as a proxy exit node in the last 24 hours, a VPN endpoint, or a datacenter address tells you the user is actively masking their origin.

You don't have to block every flagged IP outright. A tiered approach works: clean residential IPs get a smooth signup flow; VPN IPs get additional verification (phone number, payment method); known proxy IPs get rejected or heavily throttled. This applies friction proportional to risk without impacting legitimate users.

Behavioral and device signals

Bots creating accounts at scale exhibit patterns that distinguish them from real users, even when their IP and email look clean. Signup timing (consistent intervals between accounts), form fill speed (bots are too fast or artificially delayed), and browser fingerprint consistency (same canvas hash across "different" users) all provide additional detection signals.

Building the signup defense stack

The most effective approach layers these signals into a scoring system. Each signup request accumulates risk points:

  • Disposable email domain? +40 points.
  • IP classified as VPN or proxy? +30 points.
  • Datacenter IP? +25 points.
  • Browser fingerprint matches recent signups? +20 points.
  • Signup completed in under 3 seconds? +15 points.

Requests above a threshold get blocked or sent to manual review. Requests in a middle range get additional friction. Clean requests pass through seamlessly. The weights and thresholds are tuned based on your actual fraud patterns and false positive tolerance.

Start with the two highest-value signals

If you're seeing fake account creation and want to act immediately, focus on the two inputs that cover the widest range of attacks: disposable email detection and IP reputation data. Together, they address both halves of the synthetic identity problem. AntiProxies provides comprehensive IP intelligence -- covering VPNs, proxies, Tor, datacenters, and residential proxy networks -- as a local database with no API dependency. Combined with email validation, you eliminate the vast majority of automated signups without adding friction for real users. Check our pricing page to get started, or read more about how promo fraud exploits fake accounts to understand what happens when signup fraud goes unchecked. For implementation details, explore our disposable email detection and VPN/proxy detection pages.

Related articles

Real World · 7 min read

Coupon Abuse and Promo Fraud: The Growing Threat to E-Commerce

Promotional campaigns are meant to drive growth - but fraudsters exploit them at scale using bots, multi-accounting, and disposable emails. Here's what coupon abuse looks like and how to fight it.
Real World · 6 min read

Every SaaS Eventually Builds Email Validation. Here's Why.

Profane signups, disposable emails, alias abuse - every SaaS founder hits these problems eventually. A look at why DIY email validation doesn't scale.
Real World · 7 min read

How Disposable Email Services Work (And How to Block Them)

Tempmail, Guerrilla Mail, 10MinuteMail - how throwaway email services operate, why they exist, and practical strategies for keeping them out of your signup flow.

Want to see what's in the database?

Download once, query as many times as you need. €99/year for all 22 databases, unlimited servers, and a full year of monthly updates. No usage limits, no per-query fees, no data leaving your servers.

View Pricing Contact Us
30-day money-back guarantee
All databases included
Monthly updates