Changelog

Velocity Tracking and Enhanced Response Structure

Added

Trust Verification API:

• Velocity tracking for multiple account detection from same IP
• has_multiple_emails_in_ip response field indicating multiple accounts from same IP
• emails_in_ip array in analyzed_data showing complete validation history per IP
• Time-based velocity counters in analyzed_data:
  • emails_in_ip_last_5_minutes - Validations in last 5 minutes
  • emails_in_ip_last_10_minutes - Validations in last 10 minutes
  • emails_in_ip_last_15_minutes - Validations in last 15 minutes
  • emails_in_ip_last_30_minutes - Validations in last 30 minutes
  • emails_in_ip_last_2_hour - Validations in last 2 hours
  • emails_in_ip_last_3_hour - Validations in last 3 hours
  • total_email_in_ip - Total validations from IP across entire project
• New validation step: ip_duplication for velocity tracking
• New checked type: multiple_emails_in_ip for velocity checks
• New risk breakdown signal: high_velocity for rapid account creation patterns

Project Rules:

• Track Velocity rule category
• Multiple Accounts from the Same IP Address rule for detecting account creation abuse

Documentation:

• New Checked Types section documenting all validation type indicators
• Complete velocity tracking example with response structure
• Updated best practices for velocity monitoring

Changed

Trust Verification API:

• action field now always returned
• Removed specific "blocked" error codes:
  • free_provider_domain_blocked
  • role_based_address_blocked
  • disposable_domain_blocked
  • known_abuse_domain_blocked
  • spam_trap_domain_blocked
  • not_educational_domain
  • not_government_domain
• Provider and classification rules now contribute to risk scoring and action determination instead of direct blocking

Project Rules:

• Renamed rule category: Provider & Account Classification
• Rule behavior changed from blocking to checking:
  • Free Provider Domain (formerly "Block Free Provider Domains")
  • Role-based Domain (formerly "Block Role-based Addresses")
  • Disposable Domain (formerly "Block Disposable Domains")
  • Known Abuse Domain (formerly "Block Known Abuse Domains")
  • Spam Trap Domain (formerly "Block Spam Trap Domains")
  • Educational Domain (formerly "Educational Domains Only")
  • Government Domain (formerly "Government Domains Only")
• Rules now perform checks that contribute to risk scores and actions
• Only not_in_specific_domains error remains for specific domain restrictions

Improved

• More flexible validation logic based on risk assessment rather than hard blocking
• Better fraud detection through velocity tracking across time windows
• Enhanced account creation abuse detection
• Automated bot attack identification
• Bulk registration fraud prevention
• Action-based responses provide clearer guidance on handling validations
• Classification flags provide explicit detection results
• Time-windowed velocity analysis for burst pattern detection

Use Cases

• Detect account creation abuse from same IP address
• Identify automated bot registration attacks
• Prevent fraudulent bulk account creation
• Monitor velocity patterns across multiple time windows
• Flag high-velocity signups for manual review
• Track email validation history per IP address
• Implement tiered verification based on velocity signals

Enhanced Fraud Detection and Testing Capabilities

Added

Trust Verification API:

• IP-based validation parameters (ipv4_address and ipv6_address)
• VPN/proxy detection for enhanced fraud prevention
• Bot detection (OpenAI ChatGPT, GPT bots, Search bots, Mistral, etc.)
• Cloud provider identification (AWS, GCP, Azure, Cloudflare, DigitalOcean, Linode, Vultr, Hetzner, Oracle, IBM, Fastly, Bunny, Zscaler)
• IP provider analysis in analyzed_data response field
• VPN detection warning code: vpn_detected
• Common provider warning code: common_provider_detected
• New validation step: vpn_ip for VPN detection
• New validation step: ip_provider for provider identification

Platform Features:

• API Playground for testing verification API with real-time results
• Interactive testing interface with all validation parameters
• Live response preview with formatted JSON
• Test different email patterns and IP combinations
• View detailed validation steps and analyzed data
• Copy-paste ready cURL commands
• Support for all request parameters (soft_check, show_results, show_steps)

Improved

• Risk scoring now incorporates IP-based signals
• Enhanced fraud detection with VPN and bot identification
• action field recommendations now consider IP risk factors
• Better risk assessment for cloud provider and VPN traffic
• Documentation updated with IP validation examples

Use Cases

• Detect VPN/proxy usage during signup for fraud prevention
• Identify bot traffic from AI services
• Flag cloud provider IPs for additional verification
• Enhanced risk scoring with IP intelligence
• Better fraud detection for high-risk scenarios

Initial Public Launch

Autheona is now publicly available for all users.

Added

Platform Features:

• Account creation and management
• Production and sandbox project support
• Unlimited project creation
• Access token management with expiration options
• Project rules configuration with 100+ validation options
• Real-time analytics dashboard
• Magic sign-in link authentication
• Subscription management via Polar integration
• Feedback system

Trust Verification API:

• POST /v1/public/verify endpoint
• Real-time email validation
• 100+ validation rules and checks
• Typo detection and correction suggestions
• Fraud pattern detection
• Disposable domain blocking
• MX record validation
• Domain health classification
• Risk scoring (0-100)
• Deliverability scoring
• Subdomain risk detection
• Domain age analysis
• Support for internationalized emails
• Punycode domain support

Rule Categories:

• Local part structure validation
• Subdomain structure validation
• Domain structure validation
• Internationalization support
• Length validation (RFC compliance)
• DNS and network reachability
• Typo detection and correction
• Fraud detection
• Provider and account classification
• Subdomain risk detection
• Abuse prevention
• Deliverability protection
• Risk scoring with breakdown

Features

• Rule presets: Verified Sign Up, Unverified Sign Up, Magic Link, Newsletter
• Soft check mode for analytics optimization
• Custom role-based address lists
• Custom educational domain lists
• Custom government domain lists
• Specific domains whitelist
• Suggestion engine for typo corrections
• Soft warning modes for typos and fraud
• Rate limiting: 10 requests/second per token
• Average API response time under 200ms
• 7-day free trial on all plans
• Monthly subscription plans via Polar
• Account and project soft deletion (30-day recovery)

Documentation

• Complete API reference
• Platform documentation
• Use case guides
• Best practices guide
• Getting started guide
• FAQ

Supported Use Cases

• SaaS signup flows (verified and unverified)
• Newsletter subscriptions
• Magic link authentication
• Enterprise B2B platforms
• Educational platforms
• AI agents and chatbots
• Internal tools and admin panels
• Government portals
• Freemium products
• Multi-tenant SaaS