Use Case · Best Practices 2026
How to Verify Emails for SaaS Signup
SaaS signups are a magnet for disposable emails and fake accounts. Free trial abusers, bots, and competitors create throwaway accounts using temporary addresses — inflating your user count, skewing activation metrics, and draining support capacity. Real-time email validation at signup closes that door before it opens.
The SaaS Fake Signup Problem
Fake accounts don't just inflate vanity metrics — they corrupt the data you use to make product and growth decisions. When 5–10% of your "users" are bots or disposable-email registrations, your activation rate, cohort retention, and NPS scores are all systematically wrong. Verification at signup is the only reliable fix.
- !Up to 10% of SaaS signups use disposable or temporary email addresses
- !Fake accounts inflate MAU metrics and distort cohort analysis and activation reporting
- !Free trial abuse costs SaaS companies an average of 8% of ARR in lost conversions and support load
- !Bots and scrapers use invalid email patterns that bypass simple regex checks with ease
- !Support tickets from fake accounts consume engineering and CS capacity without any revenue upside
How Our API Solves This
Add a single API call to your signup handler before creating the user record. We check disposable domains in real time against a database of 50,000+ services, run an AI risk model, and return a confidence score — letting you hard-block confirmed disposables, soft-flag borderline cases, and store risk metadata for ongoing monitoring, all within your existing signup flow.
// Next.js App Router API route — validate email before user creation
import { NextResponse } from "next/server";
export async function POST(request: Request) {
const { email, password } = await request.json();
const verification = await fetch("https://api.emailverify.io/verify", {
method: "POST",
headers: { "Content-Type": "application/json" },
body: JSON.stringify({ email, api_key: process.env.EV_API_KEY }),
}).then(r => r.json());
// Hard block: invalid or confirmed disposable
if (!verification.valid || verification.details.disposable) {
return NextResponse.json(
{ error: "Please use a permanent email address." },
{ status: 422 }
);
}
// Soft flag: elevated AI risk — route to manual review
if (verification.details.ai_risk_score > 0.7) {
await flagForReview(email, verification.details.ai_risk_score);
}
// Proceed with account creation
const user = await createUser({
email,
password,
evScore: verification.score,
evVerifiedAt: new Date().toISOString(),
});
return NextResponse.json({ userId: user.id }, { status: 201 });
}See the full API documentation for all response fields and framework examples.
SaaS Email Validation Best Practices
Block disposable emails hard — use a soft block for borderline risk
Use disposable: true as a hard block. For AI risk scores between 0.5 and 0.8, apply a soft block: show a CAPTCHA or email confirmation step rather than rejecting outright. This prevents false positives on legitimate users.
Show inline validation on the signup form, not just on submit
Trigger verification on blur from the email field (debounced 500ms). Showing an inline error before form submit reduces friction — users can correct typos or switch to a permanent address in context.
Store the AI risk score alongside the user record
Log ai_risk_score and disposable in your users table. This enables downstream fraud detection, automated suspension triggers, and segmentation of high-risk cohorts for closer monitoring.
Re-verify email addresses on password reset requests
Password reset flows are exploited to reactivate disabled fake accounts. Re-run verification when a reset is requested — block or flag accounts whose address now scores as high-risk or resolves as disposable.
Include verification score in your activation model
Users who signed up with a high-confidence email (score > 0.95) are significantly more likely to activate and convert. Include ev_score as a feature in your activation scoring model to prioritise onboarding effort.