@october12 ya it's what we are using for our B2B SaaS auth. if someone doesn't have a linkedin account they aren't a serious business. i'm sure it'll create gaps with some countries like china. but we're only really focused on the americas, EU, and places like Japan, Singapore, etc. all those people are on LinkedIn.
@idontknow07 The + is new to me but you missed that adding a period to gmails also creates a unique email address. I don't think this can be rejected either due to legit periods within an email.
@idontknow07 Charge more! You’re spending all this effort preventing your non customers from getting access. If support costs are an issue, send freemium users to a support forum and docs.
Automate the onboarding/off-boarding process for free/trial users.
@elliott527 We allowed anyone with Gmail/Yahoo to sign up for a year, with wishful thinking that we could get more customers. Though we did get a few, they didn't fit our ICP and later churned. But that's after taking up a lot of our onboarding time through back and forth chats with implementation help.
YMMV. Not one-size-fits all. The above works for us.
There's so much scope in this area, with some great free and paid solutions out there if you're willing to bolt together multiple systems to reduce overall risk.
Amongst a host of other things, we obtain device/browser fingerprint information to see if the device behind the user is already known to prevent sign-up/paywall abuse, check for credential sharing, probe the email to check the domain age to protect against burner emails, probe the phone to check that its actually reachable etc.
@idontknow07 Interesting. I will run into a similar challenge in the future. Though I don’t want to be as restrictive… I want to encourage personal use for small startups and don’t mind footing the bill for that. Just want to discourage bots and other scripts. So probably 2+5+6+7+8.
@idontknow07 Awesome post, I'm now settings up an SMTP test on CF workers.
Basically existence of SMTP confirms the domain has an email server, but any ideas on how to confirm if the email address is active without sending an email to it?
@idontknow07 What kind of SaaS do you have that a few free customers cost you so much money that you go through this lengths to disable them?
I'm a pretty small startup, but frequently people start off with their gmail acounts, before switching to their business email (most likely because business email implies -- or they feel it implies --- they are doing something on behalf of their company, and they might not have those approvals yet).
The disposable emails are certainly a problem, because you have no way of reaching those potential customers.
