How does BigShield detect fake signups?

BigShield uses multiple signals including format validation, burner/disposable domain detection (945+ known providers), MX record checks, domain reputation analysis, and SMTP verification to produce a 0-100 risk score for every email address.

How fast is the email validation API?

Tier-1 signals (format, domain, burner detection, MX records) return in under 100ms — fast enough for inline signup validation without impacting user experience.

How much can I save by blocking fake signups?

Up to 40% of signups on AI and SaaS platforms use fake or disposable emails. A single abusive account can consume $5-50 in AI tokens. Email validation costs pennies per check, potentially saving thousands in wasted compute.

What programming languages are supported?

BigShield provides 5 official SDKs for TypeScript/Node.js, Python, PHP, Ruby, and Go. All SDKs include typed responses, automatic retries with exponential backoff, and typed error classes. The REST API can also be called from any language using standard HTTP requests with Bearer token authentication.

Can I create custom validation rules?

Yes. BigShield includes a custom rules engine with 6 rule types (domain block/allow, email pattern, IP range, country, and risk threshold), 4 actions (block, allow, review, require verification), and priority ordering. Rules can be managed via the dashboard or the API.

Solution9 min readMarch 18, 2026

BigShield vs Onsefy: 30+ Signals, Custom Rules, and What Actually Stops Fake Signups

A detailed comparison of BigShield and Onsefy for signup fraud prevention. We break down signal depth, custom rules, pricing, developer experience, and why 30+ validation layers matter more than a basic rules engine.

Why This Comparison Matters

BigShield and Onsefy both claim to stop fake signups. Both offer an API, risk scoring, and some form of rules. On the surface, the pitch sounds similar. The difference shows up when you look at what actually happens when an email address hits each system.

Onsefy markets a "Custom Rules Engine" and "Signup Risk Scoring." BigShield runs 30+ automated detection signals before custom rules even enter the picture. That is not a small distinction. It is the difference between a product where rules are the detection mechanism and a product where rules are a bonus layer on top of deep automated analysis.

We built BigShield, so yes, we have a bias. But we are going to be specific about what each product does, cite real numbers, and point out where Onsefy might actually be the right fit. You can check the facts yourself.

Signal Depth: What Happens When an Email Hits the API

When an email address hits BigShield's API, it passes through 30+ distinct validation and detection signals organized into two tiers. Tier 1 signals run synchronously in under 100ms. Tier 2 signals run asynchronously and deliver results via webhooks, so your signup flow is never slowed down.

Here is what BigShield actually checks:

Email format and syntax validation including RFC compliance, length checks, and Unicode normalization
MX record verification to confirm the domain can receive mail
SMTP mailbox verification to check if the specific address exists (Tier 2)
Disposable domain detection against a database of 945+ known burner email providers
Domain reputation analysis including domain age, registration patterns, and TLD risk scoring
Email pattern analysis using Shannon entropy, leetspeak detection, and keyboard walk recognition to flag algorithmically generated addresses like xk7qm3vb9@gmail.com
Freemail and role-based detection to identify generic addresses like info@ or support@
Catch-all domain detection to flag domains that accept any address
IP reputation scoring including datacenter detection, VPN/proxy identification across 140+ providers, and Tor exit node matching
Geographic and timezone anomaly detection to flag mismatches between claimed location and actual origin
Campaign and cluster detection that identifies coordinated signup waves by analyzing timing, shared infrastructure, and email domain patterns
Network graph analysis that maps relationships between accounts sharing IPs, email patterns, or behavioral fingerprints
Cross-customer threat intelligence where fraud patterns detected across BigShield's entire customer base feed back into scoring

Each signal produces an individual score impact and confidence rating. These get combined into a composite score (0 to 100) using a weighted scoring model. You can see the full architecture behind this in our post on how the platform is built.

Now, what does Onsefy check? Their website lists "Signup Risk Scoring," "Quick Threat Recognition," "Actionable Response Data," and a "Global Intelligence Feed." Those are category names, not signals. There is no published list of specific detection methods, no signal count, no accuracy metrics, and no disclosed response time benchmarks. The marketing copy says "fraud detection" without explaining what is being detected or how.

That lack of specificity matters. When we analyzed 100,000 fake signups, we found that 62% used disposable email domains, 24% used pattern manipulation at legitimate providers, and 14% used custom domains for credential farming. You need different detection techniques for each of these categories. A system that does not tell you what it checks is a system you cannot evaluate.

Custom Rules: A Safety Net, Not a Crutch

This is the section that matters most.

Onsefy positions its "Custom Rules Engine" as a headline feature. On the free plan, you get one custom blacklist rule. Growth gives you five. Enterprise gives you ten. These rules appear to be the primary way you customize fraud detection in Onsefy.

BigShield takes a fundamentally different approach. Custom rules exist on every plan with no cap, but they are almost never the first line of defense. The 30+ automated signals handle the vast majority of fraud before a custom rule would ever fire.

Here are concrete examples:

Example 1: Blocking a burner domain. A customer might create a "domain_block" rule for tempmail.com. Makes sense as a reflex. But BigShield's disposable domain detection already includes tempmail.com in its database of 945+ known burner providers. The rule is redundant. It will never trigger because the automated signal already caught it and penalized the score. You can still create the rule if you want belt-and-suspenders protection, but you do not need to.

Example 2: Blocking a suspicious TLD. You notice a wave of spam from .xyz domains and think about creating a "tld_block" rule. BigShield's domain reputation signal already factors TLD risk into its scoring. Domains on high-abuse TLDs get a lower reputation score automatically, weighted by other signals. A .xyz domain with a fresh registration and no MX history will score very differently from a .xyz domain that has been active for three years with clean history. The automated signal is smarter than a blanket block.

Example 3: Pattern-based abuse. You are seeing signups like aaaa1111@gmail.com and bbbb2222@gmail.com. With Onsefy's blacklist rules, you would need to anticipate these patterns and write rules for them, burning through your limited rule slots. BigShield's pattern detection engine catches these automatically using entropy analysis and character distribution scoring. No rule needed.

So when are custom rules genuinely useful? Two scenarios stand out:

Allowlisting partner domains. If a legitimate partner domain keeps getting flagged (maybe their domain is new, or their email infrastructure looks unusual), a "domain_allow" rule ensures their users always get through. This is business logic, not fraud detection.
Responding to targeted, ongoing abuse. If a specific attacker is using a custom domain to create accounts and the domain is too new for threat intel to catch it, a "domain_block" rule gives you an immediate response while the automated signals catch up.

BigShield offers six rule types, not just blacklists: domain block, domain allow, TLD block, score override, pattern match, and signal override. Every plan, including free, gets unlimited rules of all types. Compare that to Onsefy's one to ten blacklist rules gated across tiers. The difference is not just quantity. It is that BigShield treats rules as a power-user tool for edge cases, while Onsefy appears to treat rules as core functionality.

Pricing: Feature Depth per Dollar

Here is how the two products compare on pricing:

Feature	BigShield Free	Onsefy Free
Monthly validations	1,500	1,000
Detection signals	All 30+	Not disclosed
Custom rules	Unlimited (6 types)	1 blacklist rule
Rate limit	10/min	10/min
Data retention	Full dashboard access	3 months

Feature	BigShield Starter ($29/mo)	Onsefy Growth ($21.90/mo)
Monthly validations	5,000	10,000
Detection signals	All 30+	Not disclosed
Custom rules	Unlimited (6 types)	5 blacklist rules
Rate limit	60/min	30/min
Data retention	Full dashboard access	6 months

Feature	BigShield Pro ($99/mo)	Onsefy Enterprise ($48.90/mo)
Monthly validations	50,000	100,000
Detection signals	All 30+	Not disclosed
Custom rules	Unlimited (6 types)	10 blacklist rules
Rate limit	200/min	30/min
Data retention	Full dashboard access	1 year

A few things jump out. Onsefy is cheaper at the paid tiers if you are comparing sticker price. Their Growth plan at $21.90/month gives you 10,000 verifications versus BigShield's 5,000 at $29/month. Their Enterprise at $48.90/month gives you 100,000 versus BigShield's 50,000 at $99/month.

But sticker price is not the whole picture. BigShield includes all 30+ detection signals on every plan with no feature gates. Every validation, even on the free tier, runs the full signal stack. Onsefy does not disclose what signals run on which tier, and their marketing distinguishes between basic and "advanced fraud detection" across plans. If you are paying less per validation but getting shallower analysis, the per-validation cost is misleading.

The custom rules gap is also significant. On Onsefy's free tier, you get exactly one blacklist rule. If your spam problem involves more than one domain (it does), you are forced to upgrade immediately. BigShield gives you unlimited rules on every plan, including six different rule types.

On the free tier specifically, BigShield gives you 50% more validations (1,500 versus 1,000) with the full signal stack. If you are evaluating both products, you can do more thorough testing with BigShield before committing to a paid plan.

Developer Experience

Integration speed matters. The faster you can get fraud prevention into your signup flow, the sooner you stop bleeding fake accounts.

SDKs and Integration

BigShield ships five first-party SDKs:

TypeScript / Node.js (npm install bigshield): Full type definitions, automatic retries, event hooks
Python (pip install bigshield): Sync and async clients, typed dataclasses
PHP (composer require bigshield/bigshield): PHP 8.0+, readonly types
Ruby (gem install bigshield): Idiomatic Ruby, zero external dependencies
Go (go get github.com/bigshield/bigshield-go): Context-aware, functional options, zero dependencies

Every SDK returns fully typed responses. You get autocomplete and compile-time safety for every field in the validation result. Test mode lets you validate integration logic with predictable responses without burning quota.

Onsefy offers API integration and a Zapier connection. We could not find published SDKs for any language on their website, GitHub, npm, or PyPI. That means you are writing raw HTTP calls, handling retries yourself, and parsing untyped JSON responses. It works, but it is more friction and more room for bugs.

Webhook Enrichment

BigShield's Tier 2 signals (SMTP verification, deeper domain analysis, network graph updates) run asynchronously and deliver results via webhooks. This means your signup flow gets instant Tier 1 results in under 100ms, and richer Tier 2 data arrives shortly after. You can use Tier 2 results to flag accounts for review, trigger re-scoring, or update user risk profiles.

Onsefy does not appear to offer webhook-based enrichment. Their API returns a synchronous response and that is it.

Documentation and Content

Onsefy's blog contains six articles ranging from 550 to 1,400 words. None include code examples. None cite specific data or metrics. The content is generic advice about email validation that you could find on any marketing blog.

BigShield publishes detailed technical content with code examples, real data from analyzing 100,000 fake signups, architectural breakdowns, and open-source libraries. The documentation is built around practical integration guides with examples in all five SDK languages. That level of technical depth is not just marketing. It reflects how the product is built.

Transparency: Can You See Why a Score Is What It Is?

This one is straightforward. When BigShield validates an email, the response includes every signal that fired, its individual score impact, and its confidence rating. You can see exactly why an address scored 23 or 87. The dashboard shows full signal breakdowns for every validation in your logs.

That transparency has practical value. When a legitimate user gets flagged, you can look at the signal breakdown and understand what triggered it. Maybe their email domain is new, or they are signing up from a datacenter IP because they use a corporate VPN. You can make an informed decision about whether to allow the signup, and you can create a targeted custom rule if needed.

Onsefy returns a risk score. Based on their public documentation, the response does not appear to include a detailed breakdown of which signals contributed to that score or how. You get a number, but not the reasoning behind it. When something goes wrong, you are debugging a black box.

Where Onsefy Might Be the Right Choice

We are not going to pretend Onsefy has zero use cases. If the following describes your situation, Onsefy could work fine:

Your volume is under 1,000 verifications per month and you just need basic filtering
You want a simple API that returns a risk score without a lot of signal granularity
Your fraud problem is narrow enough that one to five blacklist rules cover your needs
You are already using Zapier for your signup workflow and want a no-code integration
Budget is your primary constraint and you need higher volume at a lower sticker price

Onsefy's pricing is genuinely lower at the paid tiers if you are optimizing for cost per verification. If detection depth is less important than volume for your use case, the math might work.

Making the Decision

The choice comes down to what "fraud prevention" means for your product.

If it means "block a handful of known bad domains," a simple rules engine with a few blacklist entries will cover you. Onsefy does that, and so does a ten-line middleware you could write yourself.

If it means "catch the fake signups that do not use obvious burner domains, that generate realistic-looking email addresses, that rotate through residential proxies, that arrive in coordinated waves from shared infrastructure," then you need multi-layered automated detection. That is what BigShield's 30+ signals are built for. Custom rules are the cherry on top, not the sundae itself.

For another comparison perspective, see our detailed breakdown of BigShield versus IPQS, which covers a more established competitor with broader fraud prevention capabilities.

If you want to evaluate for yourself, sign up for BigShield's free tier. You get 1,500 validations per month with the full signal stack, unlimited custom rules, and complete transparency into every score. Run your own test emails through it, look at the signal breakdowns, and compare the depth of analysis to whatever you are using today. Check the features page for the full signal list and the pricing page for plan details.

The best way to evaluate a fraud detection tool is to throw your actual fraud at it and see what comes back.