How Dregs Works

Most fraud prevention tools make a single pass/fail decision at signup or login. That is not enough. Bad actors use real browsers and pass initial checks with ease, then start misbehaving once inside your application. Dregs takes a different approach: continuous behavioral scoring that sharpens with every event.

The Problem

Every SaaS with self-service signup attracts unwanted visitors. Bots scrape your content and abuse your APIs. Freeloaders sign up repeatedly with throwaway emails to exploit free trials forever. Spammers use your platform to distribute garbage. Credential stuffers pound your login page with stolen passwords.

Traditional defenses don't hold up. CAPTCHAs annoy legitimate users, and modern AI-powered bots solve them trivially. Cheap VPNs sidestep IP blocking. Disposable email services defeat email verification. These point-in-time checks validate a single moment and then stop watching, so they cannot protect against continuous abuse.

The worst abusers are patient enough to pass your initial checks. They look normal at signup. The damage shows up later: wasted compute, polluted analytics, support tickets from real victims of the spam, and chargebacks from stolen cards.

The Approach

Dregs installs a lightweight tracking script on your website — similar to Google Analytics or Mixpanel — that collects device intelligence and behavioral data as users interact with your application. Every page view, form submission, and tracked click feeds into a continuously updated profile for each tracked identity.

Instead of a binary pass/fail, Dregs assigns each user four numerical scores on a 0-100 scale. These scores update in real time as new data arrives. When a user who looked fine at signup starts behaving suspiciously, their scores drop and your team is notified.

The Four Dimensions

Dregs evaluates every identity across four dimensions. Each captures a different aspect of trustworthiness.

Humanity

Is a real human behind this browser? Humanity scoring analyzes device signals, interaction timing, and behavioral patterns to distinguish humans from bots, scrapers, and automated scripts. High scores indicate a real person on a real device; low scores suggest automation.

Authenticity

Is this person who they claim to be? Authenticity scoring examines the data users provide — names, emails, form inputs — for signs of fabrication. Real people use real names, proper email addresses, and consistent data. Fake accounts use disposable emails, keyboard-mash names, and inconsistent details.

Uniqueness

Is this the user's only account in your application? Uniqueness scoring uses device fingerprinting and data analysis to detect duplicate accounts. When the same person signs up multiple times with different emails, shared devices and overlapping patterns give them away. This gives you the upper hand against free-trial freeloaders and other repeat abusers.

Behavior

Does this user behave like your ideal customer? Behavior scoring evaluates usage patterns over time, such as session velocity, time-of-day patterns, IP stability, and interaction cadence. Legitimate users follow predictable patterns. Abusers show rapid-fire actions, unusual hours, and erratic IP changes.

For a deeper look at how each score is calculated, see Scoring.

The Four Stages

Dregs grows with you. Most teams start with manual review and progress toward fully autonomous fraud response as they build confidence in the scoring.

Stage 1: Scoring

As soon as you add the tracking script and start sending events, Dregs begins scoring. Your dashboard shows which users are legitimate and which are suspicious. Early on, you review scores manually and train Dregs by marking known-good users (like your own team) as disregarded.

Stage 2: Alerts

Once you trust the way Dregs scores your users, set up alert rules to notify your team automatically when a user's scores cross a threshold. Alerts give you immediate notice of potential miscreants and spare you from checking the dashboard constantly. They can be delivered to the dashboard, email, or Slack — whatever fits your workflow.

Stage 3: Escalations

Tune your alert thresholds and notification channels for different severity levels. A potential bot with a Humanity score below 20 might warrant an urgent Slack notification, while a freeloader with a Uniqueness score of 40 can go over email. Different problems, different escalations.

Stage 4: Full Autonomy

The endgame. Set up webhook channels so Dregs notifies your application directly when scores change. Your backend receives the updated scores and badges for each user and takes action automatically — shadowbanning, rate limiting, disabling features, or blocking accounts entirely. Fully autonomous abuse prevention protects your application even while your team sleeps.

What Data Dregs Collects

Dregs collects three categories of data, all focused on fraud detection.

Device Data

The tracking script fingerprints each browser using many hardware, software, and network signals. No cookies required. The fingerprint persists across sessions, so Dregs recognizes when the same device appears on multiple accounts.

Identity Data

When you call dregs.identify(), you pass an identifier and optional data like name and email. Dregs uses this to detect patterns: disposable emails, fabricated names, and data that doesn't add up. Dregs never collects or expects sensitive data like passwords or payment information.

Event Data

Every action you track in your application — page views, form submissions, purchases, plan changes, and so on — becomes an event attached to the user's identity. Dregs uses the timing, frequency, and sequence of events to build behavioral profiles.