# Email vs IP Validation: When to Use Each

> Learn when to validate emails, IPs, or both for the best fraud coverage.

**Category:** core-concepts | **Last updated:** March 13, 2026

---

Fidro can validate emails, IPs, or both in a single request. This guide helps you decide what to send based on your use case.

## Email only

**When:** You have the user's email but not their IP (e.g., invite flows, CSV imports, manual entry).

```json
{ "email": "user@example.com" }
```

**What you get:** Disposable email detection, free email flagging, domain age, syntax validation, and custom blocklist checks on the email.

**Best for:** Lead validation, email list cleaning, invite-only signups.

## IP only

**When:** You want to assess network risk without collecting an email (e.g., bot protection, rate limit decisions).

Use the dedicated IP lookup endpoint:

```
GET /api/ip/203.0.113.1
```

**What you get:** VPN, proxy, Tor, hosting detection, geolocation, bad IP reputation.

**Best for:** Bot detection, geo-gating, rate limit multipliers, pre-signup risk assessment.

## Both (recommended)

**When:** You have both email and IP — this is the default for signup forms and checkout flows.

```json
{
  "email": "user@example.com",
  "ip": "203.0.113.1"
}
```

**What you get:** The full suite of checks. The risk score combines email and IP signals for the most accurate assessment.

**Best for:** Signup forms, checkout pages, account creation, any user-facing form.

## Adding country context

If you know the user's expected country (from their billing address, locale, or form selection), pass it for geo-mismatch detection:

```json
{
  "email": "user@example.com",
  "ip": "203.0.113.1",
  "country_code": "US"
}
```

This adds the `geo_mismatch` check — flagging users whose IP location doesn't match their claimed country.