Alias Detection & Abuse Prevention

Why Alias Detection Matters

Some email providers allow users to create multiple variations of the same email address (for example using + aliases or dot . variations).

While this is a legitimate feature, it can also be used to:

Our alias detection helps you identify these patterns early, so you can decide how your application or SaaS should handle them.

When an email is validated, our system analyzes whether the address:

This information is returned in the response, allowing you to control the behavior — we don’t block users automatically.

The API returns these fields in the result object:

Field	Value	Meaning
`alias_status`	`ALIAS_CONFIRMED`	The email is definitely an alias (e.g. `[email protected]`).
`alias_status`	`ALIAS_POSSIBLE`	The email follows alias patterns (e.g. `+` tag), but we cannot confirm if the receiving server supports it.
`alias_status`	`MAYBE_NOT_ALIAS`	No alias pattern detected.
`canonical_email`	`string`	The resolved base email address (e.g. `[email protected]`).

Based on your product’s needs, you can choose to:

Prevent duplicate free-trial signups: Check if the canonical_email already exists in your database.
Limit trials or credits: Allow registration but restrict promo codes for alias-based accounts.
Flag accounts for manual review: If a user creates 10 accounts with +test1, +test2, flag them.
Apply risk-based rules: Require phone verification for alias accounts.
Allow everything: Just track the data silently for analytics.

We provide the signal — you decide the policy.

Alias detection is designed to be:

This ensures legitimate users are not impacted, while still giving you powerful protection against common abuse vectors.