I built TrustPath.io after seeing the same problem pattern across multiple projects: freemium abuse and lack of proper account protection.
The usual approach is to start by blocking disposable emails, which appears to be an easy win, but in reality you need more signals than just disposable domains. It's still possible to create accounts using real Gmail accounts created in bulk.
Disposable email detection catches some of them. The others that looked "legitimate" on the surface slipped through the cracks.
-------------------------
TrustPath.io combines the signals that actually matter:
• IP intelligence (datacenter IPs, proxies, impossible travel)
We also offer a dashboard where you can actually see what's going on in your system, giving observability—meaning every request you make creates an overall image of your system.
-------------------------
What it does:
One API call at signup/login returns a risk score (0-100) plus breakdown of what triggered it, with a state approve, review, or decline.
Current use cases:
• SaaS platforms stopping trial abuse
• Referral programs preventing bonus farming
• Marketplaces blocking multi-accounting
• Anyone tired of the same user creating n number of accounts
-------------------------
What I'd love feedback on:
1. What account abuse are you seeing? (curious if others face the same patterns)
2. Would you rather build this in-house or use an API?
3. Any concerns about device fingerprinting from a privacy/UX perspective?
-------------------------
Happy to go deep on the technical implementation if anyone's interested.
Hi HN,
I built TrustPath.io after seeing the same problem pattern across multiple projects: freemium abuse and lack of proper account protection.
The usual approach is to start by blocking disposable emails, which appears to be an easy win, but in reality you need more signals than just disposable domains. It's still possible to create accounts using real Gmail accounts created in bulk.
Disposable email detection catches some of them. The others that looked "legitimate" on the surface slipped through the cracks.
-------------------------
TrustPath.io combines the signals that actually matter:
• IP intelligence (datacenter IPs, proxies, impossible travel)
• Behavioral patterns (signup velocity, usage anomalies)
• Email intelligence (not just disposable—also bulk-created, suspicious domains)
• Device fingerprinting (same device = multi-accounting)
We also offer a dashboard where you can actually see what's going on in your system, giving observability—meaning every request you make creates an overall image of your system.
-------------------------
What it does:
One API call at signup/login returns a risk score (0-100) plus breakdown of what triggered it, with a state approve, review, or decline.
Current use cases:
• SaaS platforms stopping trial abuse
• Referral programs preventing bonus farming
• Marketplaces blocking multi-accounting
• Anyone tired of the same user creating n number of accounts
-------------------------
What I'd love feedback on:
1. What account abuse are you seeing? (curious if others face the same patterns)
2. Would you rather build this in-house or use an API?
3. Any concerns about device fingerprinting from a privacy/UX perspective?
-------------------------
Happy to go deep on the technical implementation if anyone's interested.