Dregs

Fake Signups

Some miscreant fills out your signup form with "asdf jkl;" and a guerrillamail address. Another one uses a random name generator and a throwaway inbox. Your database fills up with garbage accounts that will never convert, never engage, and never come back. Some are bots, others are real humans just smashing the keyboard. Either way, they're wrecking your data and filling your database with garbage.

The Junk Signup Problem

Every product with a signup form attracts the riffraff. Some of it's automated, like bots creating accounts to spam, scrape, or stockpile credentials for later abuse. But a surprising amount comes from real people: tire-kickers who mash the keyboard to get past your form, uncommitted users who don't trust you with real data, and people who just want to peek behind the login wall without any commitment.

Either way, the result is the same. Your user table fills up with accounts that have no real identity behind them. Names like "test test" and "aaa bbb". Email addresses from disposable providers that will bounce within the hour. Profanities. Data that passes form validation but is completely meaningless.

The usual defenses don't solve this.

Email verification Disposable email services provide verified inboxes that work just long enough to confirm and disappear
CAPTCHAs Humans filling in garbage pass every CAPTCHA without breaking a sweat, and bot farms solve them for pennies
Form validation Syntactically valid garbage still passes — "John Doe" at a throwaway domain is a perfectly well-formed signup
Double opt-in Some confirm the email and never come back, leaving a "verified" junk account in your database forever
Manual cleanup Reactive, doesn't scale, and by the time you notice the junk it has already polluted your metrics

Fake signups are hard to prevent at the door because they come in many forms. They're usually a sign of bad behavior to come. To deal with the problem, you need a system that evaluates the quality and authenticity of each signup, not just its format.

Fake Signups Have Real Costs

Junk accounts aren't just clutter — they actively degrade your operations, your outreach, and your ability to understand what's actually happening in your product.

Polluted database

Fake accounts mix in with real users, making it harder to query, segment, and maintain clean data. Every downstream system that touches your user table inherits the noise — from analytics to billing to support tooling.

Wasted outreach

Marketing emails sent to fake addresses bounce, hurting your sender reputation and deliverability scores. Your onboarding sequences, drip campaigns, and re-engagement efforts burn cycles on accounts that were never even real.

Misleading metrics

Your signup numbers look healthy, but conversion is terrible. Product decisions based on these metrics lead you in the wrong direction. You'll think you have a conversion problem when you actually have a quality problem.

How Dregs Detects Fake Signups

Dregs scores every signup across multiple dimensions simultaneously. A junk account might slip past one signal, but failing across several at once is a clear indicator that something isn't right.

Low Authenticity score flagging a disposable email domain and nonsensical name

Authenticity Score

The Authenticity score catches disposable email domains, names that don't follow natural patterns ("asdf", repetitive or random character strings), and identity data that doesn't hold together. When someone signs up with a disposable email address and a keyboard-mashed name, Authenticity drops to the floor immediately.

Humanity score observations distinguishing human junk from bot-generated signups

Humanity Score

Not all fake signups are the same. Bot-generated accounts have distinctive device fingerprints — headless browsers, impossible hardware profiles, missing browser APIs. The Humanity score separates automated garbage from human garbage, which matters because you might want to respond to them differently.

Behavior score showing rapid form completion with no page exploration

Behavior Score

Junk signups tend to follow a pattern: arrive and fill out the form quickly. No browsing, no reading, no exploration. The Behavior score detects unnaturally fast activity, sessions with no navigation beyond the signup page, and atypical patterns of interaction.

Low Uniqueness score showing the same device behind multiple junk signups

Uniqueness Score

Serial junk signups, whether bots or humans, often use the same device to create one account after another. The Uniqueness score catches this by recognizing shared device fingerprints across accounts. Duplicates accounts with the same device get flagged.

Example: Catching a Junk Signup

Here's what it looks like in practice:

0s
A visitor lands on your signup page. Dregs collects the device fingerprint on first page load.
8s
The visitor submits a signup form with the name "asdf qwerty" and a Mailinator address. The form is syntactically valid, so it passes your validation. The account is created.
9s
Dregs scores the new identity. The Authenticity score drops to 12 — disposable email domain, nonsensical name, no data consistency. The Humanity score is 85 (it's a real human, just a lazy one). The Behavior score is 30 — fast form completion, no prior exploration.
Seconds later
A "Junk Signup" badge is assigned based on your badge rules. An alert fires to your configured channels. A webhook notifies your application, which silently discards the account — no onboarding email, no trial provisioning, no resources wasted.

No manual review needed... the junk signup is caught and handled within seconds of submission.

Quarantining Fake Signups

Detection is only half the story. How you handle junk signups depends on your product and your tolerance for false positives. Dregs gives you the scoring data to automate whichever approach fits.

Rejection

You could accept the signup on the surface but not actually provision the account. No onboarding email, no trial resources, no database clutter. The bogus user sees a confirmation page but nothing else works and they move on.

Verification

Require an additional verification step — phone number, real email confirmation, or payment method — for signups with low Authenticity scores. Legitimate users pass easily. Junk signers abandon when the friction increases.

Escalation

Route low-scoring signups to a manual review queue instead of rejecting them outright. Your team can check flagged accounts and approve the legitimate ones. Good for when false positives are costly, to err on the side of caution.

Cleanup

Let all signups through, but run periodic sweeps to purge accounts that scored below your thresholds and never engaged. This lighter touch approach keeps your database clean and fake usage under control without blocking signups.

With Dregs webhooks, any of these responses can be fully automated. Your application receives scores and badges in real time and acts on them without human intervention — whether it's the middle of the night, a weekend, or a product launch day.

Stop fake signups from polluting your data.

Dregs evaluates every signup for authenticity, humanity, and behavioral signals from the moment the form is submitted. Install the tracking script and junk accounts get flagged before they ever hit your onboarding flow.

Schedule a Demo