Dashboard Manual Pricing Use Cases
Manual

The Scoring System

Dregs evaluates every user across four independent dimensions, producing a multidimensional risk profile that catches what single-signal fraud systems miss. Each dimension produces an integer score from 0 to 100. Together they tell you not just whether a user is risky, but how they are risky.

Why Multidimensional Scoring

A single fraud signal is easy to spoof. A bot can mimic human mouse movements. A fraudster can use a real email address. A duplicate account can use a different device. Any individual signal, on its own, yields to a determined attacker.

Four independent dimensions are far harder to game simultaneously. A sophisticated bot may score well on Behavior but fail on Humanity. A multi-accounter may look authentic but score poorly on Uniqueness. A real person using disposable data may pass the Humanity check but fail Authenticity.

Abuse and fraud reveal themselves differently depending on what you measure. Measuring four distinct things shows the full picture.

Humanity

Scale: 0-100. High = real human. Low = bot, scraper, or automation.

The Humanity score estimates the probability that a real person sits behind the keyboard. It examines device-level signals and behavioral timing patterns that automated tools struggle to replicate convincingly.

Signals that feed into Humanity include:

  • User agent characteristics — does the browser string look like a real browser or a headless automation tool?
  • Event timing patterns — are actions spaced like a human (variable, with pauses) or a script (uniform, instant)?
  • Device capabilities — does the hardware profile match a real consumer device?

Humanity is accurate from day one. A single page load provides enough device and timing data to distinguish most bots from humans. Confidence grows as more events arrive.

Authenticity

Scale: 0-100. High = genuine data. Low = fake, disposable, or inconsistent data.

The Authenticity score evaluates the quality and consistency of user-submitted information. It looks for patterns associated with throwaway accounts, fake signups, and identity fabrication.

Signals that feed into Authenticity include:

  • Name structure — does it follow plausible naming patterns, or is it random characters?
  • Email analysis — is the domain disposable? Does the local part match the user's name?
  • User agent consistency — does the claimed browser match the device's actual capabilities?
  • Data cross-references — do the various pieces of identity data tell a coherent story?

Authenticity improves with training. Out of the box, Dregs catches obvious red flags: disposable email providers and gibberish names. Over time, as analyzers learn what legitimate data looks like for your application, the score becomes more nuanced.

Uniqueness

Scale: 0-100. High = unique visitor. Low = duplicate or repeat account.

The Uniqueness score estimates the probability that this is the user's only account. Multi-accounting is a common form of abuse — free trial fraud, review manipulation, referral gaming, ban evasion — and Uniqueness is the dimension built to catch it.

Signals that feed into Uniqueness include:

  • Device fingerprint sharing — are other identities using the same device?
  • IP overlap — do multiple accounts originate from the same network?
  • Data similarity — do names, emails, or other attributes resemble those of existing users?
  • Session overlap — do browsing sessions connect different accounts?

Uniqueness is accurate from day one. If a new signup shares a device fingerprint with an existing account, Dregs flags it immediately — no training period needed. Confidence grows as more relationship data accumulates.

Behavior

Scale: 0-100. High = normal behavior. Low = suspicious patterns.

The Behavior score evaluates whether the user's actions match expected patterns. It examines how users interact with your application over time, looking for anomalies that reveal scripted activity, credential stuffing, scraping, or other abuse.

Signals that feed into Behavior include:

  • Session velocity — how many sessions does this user create in a given timeframe?
  • Time-of-day patterns — does the user follow normal usage rhythms, or operate at unusual hours?
  • IP churn — does the user's IP address change more frequently than expected?
  • Navigation patterns — does the user visit pages in a natural sequence?

Behavior requires some data to work well. A new user with one event has no meaningful Behavior score yet. After a handful of sessions, the score stabilizes and becomes highly informative.

How Scores Are Calculated

Behind each score sits a set of AI-assisted analyzers, each examining a specific signal. When Dregs scores an identity, every relevant analyzer runs and produces one or more observations.

Each observation contains:

  • Value — how favorable the signal is; higher is favorable, lower is unfavorable.
  • Confidence — how certain the analyzer is in its assessment. More data means higher confidence.
  • Explanation — a human-readable description of what the analyzer found.
  • Metadata — supporting data points: raw counts, percentages, and thresholds.

The category score is a weighted average of all observations in that category, with confidence levels as the weights. An observation with confidence 0.9 influences the score far more than one with confidence 0.3. The result is an integer from 0 to 100, as you see in the dashboard and in API responses.

You can inspect individual observations for any identity in the dashboard. This transparency is deliberate. You should always be able to see why Dregs scored someone the way it did.

What Score Ranges Mean

The right thresholds depend on your application, but these guidelines help interpret scores:

  • 90-100 — Highly trustworthy. Strong positive signals across the board. Safe to extend full privileges.
  • 70-89 — Normal. Typical of legitimate users. No action needed.
  • 50-69 — Warrants attention. Some signals are weak or ambiguous. Deserves a closer look depending on context.
  • 25-49 — Suspicious. Multiple negative signals. Consider restricting access or flagging for manual review.
  • Below 25 — Likely fraud or abuse. Strong negative signals across multiple analyzers. Act decisively.

Each dimension tells a different story. An identity with Humanity 95 and Uniqueness 20 is a real person with multiple accounts — quite different from Humanity 15 and Uniqueness 90, which is a bot on a unique device.

Continuous Scoring

Scores are not static snapshots. Every time new events arrive for an identity, Dregs re-runs the analyzers and updates the scores. Three consequences follow:

  • A suspicious user can improve. Someone who starts with a low Authenticity score (disposable email) but exhibits consistently human behavior over weeks will see other scores reflect that legitimacy.
  • A good user can deteriorate. A long-trusted account that suddenly churns IP addresses or creates sessions at inhuman speed will see its Behavior score drop.
  • Confidence grows over time. Early scores may rest on limited data. As events accumulate, analyzer confidence grows and scores become more reliable.

This continuous recalculation is automatic. You need not trigger it — Dregs re-scores identities within seconds of receiving new events.

Once you understand what scores mean, act on them. Alerts let you define thresholds that notify your team automatically. Badges turn score ranges into human-readable labels like "Trusted" or "Suspicious" for use in your own application logic.

← Devices
Event Tracking for Behavioral Fraud Scoring | Dregs →