Hi,<p>I run an email forwarding service and It comes to my attention that my app is being use in an account take over attempts. Basically they registered expired domain, setup email forwards to receive email.<p>Due to my app have some features such as bulk import domains, auto config cloudflare DNS, and receiving email through API, it make it super easier and fast for them to receive emails. This ends up attract many of them to my services.<p>I cannot keep deleting accounts. They just keep coming up. They also looks like have all kind of automated selenium or so I think to do spin up and run behind VPN. I cannot block by IP or country since they all use VPN. They also use steal credit card to pay for my service which lead to me losing money and cause us a net negative.<p>I don't know what is an effective way to defend from those attacker? Any idea?
You could give your users a score and the higher it gets, the more features become available. VPN on/off, registered since x days, ... a bit like normal Email reputation. Also speaking about automation, a legit user probably won't mind if all features aren't available right away or additional 2FA steps are needed. That kind of approach is also in part used in perimeter-less/zero trust security.<p>Also I'm thinking if Selenium is used, checking timing of the requests might be helpful. (In theory it should be possible to triangulate the users with multiple API servers by the way.)
I own a service that might help you and with your use-case the free tier will probably last you a lifetime :)
Check www.adscore.com - I use it for my other projects for detection and prevention of payments with stolen credit cards with very decent results. It will also help you to block automated registrations. Any questions, drop an email to support at adscore.com and I will assist you.