Introduction to Arcjet Signup form protection
Arcjet signup form protection combines bot protection, email validation, and rate limiting to protect your signup and lead capture forms from spam, fake accounts, and signup fraud.
Use it to cut down on signup spam, form spam, and abusive signups before they become real accounts in your system.
What is Arcjet?
Arcjet helps developers protect their apps in just a few lines of code. Bot detection. Rate limiting. Email validation. Attack protection. Data redaction. A developer-first approach to security.When to use Arcjet signup form protection
Section titled “When to use Arcjet signup form protection”Use signup form protection when you want to reduce:
-
Signup spam and fake accounts Prevent automated tools and spam bots from mass-creating free accounts or test accounts.
-
Lead form spam and low-quality leads Protect marketing forms, waitlist forms, and lead gen forms from junk submissions that pollute your CRM and analytics, and waste sales time.
-
Account fraud and abuse Make it more expensive for attackers to create large numbers of accounts for abuse (for example, coupon abuse, referral abuse, scraping, or credential stuffing).
-
Disposable and throwaway signups Block or flag signups that use disposable email addresses so you can focus on real users and legitimate leads.
How Arcjet signup form protection works
Section titled “How Arcjet signup form protection works”Signup form protection is a pre-built product that combines Arcjet primitives which you can also use individually. It comes with Arcjet’s recommended defaults for common signup and form spam scenarios.
This saves you time and lets you get protection against signup spam and account fraud with just a few lines of code.
The product combines three key components:
1. Rate limiting - control signup velocity
Section titled “1. Rate limiting - control signup velocity”Rate limiting prevents bots and abusive clients from submitting your signup or lead forms too many times in a short period.
Examples:
- Limit form submissions per IP, per user agent, or per API key.
- Slow down attempts to brute-force signup flows or abuse referral codes.
- Prevent a single client from flooding your signup endpoint.
Legitimate users typically submit a signup form only once or a few times within a short time window, so bursts of submissions are a strong indicator of signup spam or automated abuse.
2. Bot protection - block automated signup bots
Section titled “2. Bot protection - block automated signup bots”Bot protection helps stop automated signup bots and form spam tools that try to create accounts at scale.
For typical signup and lead forms, you expect human users, not bots. Any automated submissions are likely to be:
- Bulk account creation for abuse.
- Automated signup spam for SEO links or junk content.
- Fake lead submissions to poison your CRM or forms.
Where you do have legitimate automated clients (for example, monitoring or synthetic tests), you can explicitly allow them while still blocking unknown bots and suspicious automation.
3. Email validation - verify email quality
Section titled “3. Email validation - verify email quality”Email validation validates and verifies email addresses used in signups and lead forms so you can:
- Confirm that the address is syntactically valid.
- Check that the domain can receive email (MX records).
- Identify disposable / temporary email providers.
- Improve the quality of accounts and leads you accept.
This helps you filter out disposable or undeliverable emails commonly used in signup fraud and lead form spam, and ensures important messages such as verification and onboarding emails actually reach users.
By combining these three protections, Arcjet signup form protection reduces signup spam, form spam, and fake accounts, while letting legitimate users sign up with minimal friction.
Availability
Section titled “Availability”| Plan | Availability |
|---|---|
| Free | 🚫 |
| Starter | ✅ Usage based pricing |
| Business | ✅ Usage based pricing |
| Enterprise | ✅ Usage based pricing |