Core Concepts

Email vs IP Validation: When to Use Each

Learn when to validate emails, IPs, or both for the best fraud coverage.

3 min read Last updated March 13, 2026

Fidro can validate emails, IPs, or both in a single request. This guide helps you decide what to send based on your use case.

Email only

When: You have the user's email but not their IP (e.g., invite flows, CSV imports, manual entry).

{ "email": "user@example.com" }

What you get: Disposable email detection, free email flagging, domain age, syntax validation, and custom blocklist checks on the email.

Best for: Lead validation, email list cleaning, invite-only signups.

IP only

When: You want to assess network risk without collecting an email (e.g., bot protection, rate limit decisions).

Use the dedicated IP lookup endpoint:

GET /api/ip/203.0.113.1

What you get: VPN, proxy, Tor, hosting detection, geolocation, bad IP reputation.

Best for: Bot detection, geo-gating, rate limit multipliers, pre-signup risk assessment.

Both (recommended)

When: You have both email and IP — this is the default for signup forms and checkout flows.

{
  "email": "user@example.com",
  "ip": "203.0.113.1"
}

What you get: The full suite of checks. The risk score combines email and IP signals for the most accurate assessment.

Best for: Signup forms, checkout pages, account creation, any user-facing form.

Adding country context

If you know the user's expected country (from their billing address, locale, or form selection), pass it for geo-mismatch detection:

{
  "email": "user@example.com",
  "ip": "203.0.113.1",
  "country_code": "US"
}

This adds the geo_mismatch check — flagging users whose IP location doesn't match their claimed country.

Related guides

How Risk Scoring Works

Understand how Fidro calculates a 0–100 risk score from multiple fraud signals.

Understanding Check Results

A detailed breakdown of every check Fidro runs and what each result means for your business.