How Dregs Works

Most fraud prevention tools make a single pass/fail decision at the moment of signup or login. That is not enough. Bad actors might use real browsers and pass initial checks with ease, only to start misbehaving once they get into your application. Dregs takes a fundamentally different approach: continuous behavioral scoring that gets smarter with every event.

The Problem

Every SaaS with self-service signup attracts unwanted visitors. Bots scrape your content and abuse your APIs. Freeloaders sign up repeatedly with throwaway emails to exploit free trials forever. Spammers use your platform to distribute garbage. Credential stuffers hammer your login page with stolen passwords.

Traditional defenses don't hold up. CAPTCHAs annoy your legitimate users and are trivially solved by modern AI-powered bots. IP blocking is sidestepped with cheap VPNs. Email verification is defeated by disposable email services. These are all point-in-time checks that validate a single moment and then stop watching, so they're underpowered to protect against continuous abuse.

The worst abusers are patient enough to pass your initial checks. They look normal enough at signup. The damage shows up later: wasted compute, polluted analytics, support tickets from real victims of the spam, and chargebacks from stolen cards.

The Approach

Dregs installs a lightweight tracking script on your website — similar to Google Analytics or Mixpanel — that collects device intelligence and behavioral data as users interact with your application. Every page view, every form submission, every click you choose to track feeds into a continuously updated profile for each tracked identity.

Instead of a binary pass/fail, Dregs assigns each user four numerical scores on a 0-100 scale. These scores update in real time as new data arrives. A user who looks fine at signup but starts exhibiting suspicious behavior later will see their scores drop and your team gets notified.

The Four Dimensions

Dregs evaluates every identity across four separate dimensions. Each one captures a different aspect of trustworthiness.

Humanity

Is there a real human behind this browser? Humanity scoring analyzes device signals, interaction timing, and behavioral patterns to distinguish humans from bots, scrapers, and automated scripts. High scores indicate a real person on a real device. Low scores suggest automation.

Authenticity

Is this person who they claim to be? Authenticity scoring examines the data users provide — names, emails, form inputs — for signs of fabrication. Real people use real names, proper email addresses, and consistent data. Fake accounts tend to use disposable emails, keyboard-mash names, and inconsistent details.

Uniqueness

Is this the user's only account in your application? Uniqueness scoring uses device fingerprinting and data analysis to detect duplicate accounts. When the same person signs up multiple times with different emails, the shared devices and overlapping patterns give them away. This gives you the upper hand in fighting free trial freeloaders and other repeat abusers.

Behavior

Does this user behave like your ideal customer? Behavior scoring evaluates usage patterns over time, such as session velocity, time-of-day patterns, IP stability, and interaction cadence. Legitimate users follow predictable patterns. Abusers tend to exhibit rapid-fire actions, unusual hours, and erratic IP changes.

For a deeper look at how each score is calculated, see Scoring.

The Four Stages

Dregs is designed to grow with you. Most teams start with manual review and progress toward fully autonomous fraud response as they build confidence in the scoring.

Stage 1: Scoring

As soon as you add the tracking script and start sending events, Dregs begins scoring. Your dashboard immediately shows which users are legitimate and which are suspicious. In the early days, you review scores manually and train Dregs by marking known-good users (like your own team) as disregarded.

Stage 2: Alerts

Once you like the way Dregs is scoring your users, set up alert rules to notify your team automatically when a user's scores cross a threshold. This gives you immediate notice of potential miscreants and saves you the time of checking your dashboard frequently. Alerts can be delivered to the dashboard, email, or Slack — whatever fits your workflow and your team's preferences.

Stage 3: Escalations

Fine-tune your alert thresholds and notification channels for different severity levels. A potential bot with a Humanity score below 20 might warrant an urgent Slack notification, while a freeloader with a Uniqueness score of 40 might be fine delivered over email. Different problems, different escalations.

Stage 4: Full Autonomy

This is the endgame. Set up webhook channels so Dregs notifies your application directly when scores change. Your backend receives the updated scores and badges for each user and takes action automatically — shadowbanning, rate limiting, disabling features, or blocking accounts entirely. Fully autonomous abuse prevention works to keep your application safe from abuse, even while your team sleeps.

What Data Dregs Collects

Dregs collects three categories of data, all focused solely on fraud detection.

Device Data

The tracking script fingerprints each browser using a multitude of hardware, software, and network signals. No cookies are required. This fingerprint persists across sessions, allowing Dregs to recognize when the same device appears on multiple accounts.

Identity Data

When you call dregs.identify(), you pass an identifier and optional data like name and email. Dregs uses this to detect patterns: disposable emails, fabricated names, and data that doesn't add up. No sensitive data like passwords or payment information is ever collected or expected.

Event Data

Every action you choose to track in your application — page views, form submissions, purchases, plan changes, etc — becomes an event attached to the user's identity. Dregs uses the timing, frequency, and sequence of events to build behavioral profiles.