Ask HN: Is so much spam/abusive signups normal?

[mortallywounded]

I built and run a SaaS product on my own (full time). My service receives a lot of fake or abusive signups. In general, their end goal is usually to abuse the free tier/offering by creating multiple accounts.

I have added a captcha (hcaptcha) and I actively check/prevent sign ups from VPNs, VPSes, Tor and banned IP addresses. I also actively check and prevent signups from free email domains (gmail, hotmail, disposable email domains, etc).

I continue to get abusive signups. Is this typical? What else can you do?

[KomoD]

> What else can you do?

Force them to enter a valid credit card and auth $1

[mortallywounded]

I have considered:

1) Adding a credit card after sign up as part of the flow.

2) Adding a mobile number and verifying via SMS.

I don't particularly want to do either as it's more friction up front for everyone... but seems like it's where it will lead.

[fever_]

Give it a bit of thought.

At the moment your solution is broken, it's not stopping anyone and providing friction to your genuine users.

These people obviously want to use your service, so revise your pricing/tiers. Don't be so greedy. Find out their pain points, ask them, speak to them directly find out why they're not paying.

Maybe they want to pay you but your payment integration is broken or not supported in their country.

[mortallywounded]

My service isn't very expensive (one of the lower ones in the industry).

The origins of these people are often problematic countries (places I couldn't accept a payment from even if I wanted to).

Some of these individuals (~30%?) seem to be coming from legit domains and verify their email but don't appear to be the target audience. They often try to pay without using the service. I believe these people have compromised mail servers and are trying to test stolen credit cards.

I'm not greedy.

[carlosjobim]

It's not greedy to not want to give away your work for free. Greedy is wanting everything for free like a hacker.