Use case

Catch fake signups at the front door.

Most abuse walks in through the signup form wearing a syntactically perfect email address. Check what it's made of before the welcome email — and the free credits — go out.

A disposable inbox that passes your form's regex costs you three times: the fraudulent account's usage, the bounce damage to your sender reputation when you email it, and the analytics noise of users who were never real. Velocity limits catch the flood; screening catches the trickle.
01

Screen the email at submit

POST /v1/verify/email in the signup handler: disposable-domain flag, role-account flag, live MX check. Sub-second, 1 credit, and the response says exactly which checks ran.

02

Sanity-check the phone

Where you collect one, POST /v1/verify/phone catches numbers that can't exist — wrong length, unallocated ranges, toll-free where a mobile should be.

03

Decide on your terms

The flags are inputs, not verdicts — block disposables outright, queue role accounts for review, or just tag them for analytics. Your policy, our disclosure.

const r = await fetch("https://api.boundstone.io/v1/verify/email", {
  method: "POST",
  headers: { authorization: "Bearer bs_live_YOUR_KEY",
             "content-type": "application/json" },
  body: JSON.stringify({ email: signup.email }),
});
const { disposable, role, mx_found, checks } = await r.json();
What this doesn't do yet, said plainly: IP checks (geo, proxy/VPN) ship with licensed data and return an honest 501 until then — nothing pretends in the meantime. We don't do device fingerprinting or transaction scoring and don't plan to pretend otherwise; enterprise fraud platforms exist for that.

The arithmetic: the free tier's 250 credits screen 250 signups a month at $0 forever; Starter's 20,000 at $79 covers ~650 signups a day. One prevented bounce-storm pays for the month.

Try it without a key first — the homepage demo runs the same zero-cost checks live.

Early access — free tier is 250 credits/month, forever

Pre-launch — benchmark results and early API access. One email. We validate emails for a living — we're not going to spam yours.