Skip to main content

How It Works?

Confirm the authenticity of the end user email address. Shufti Pro provides a sophisticated solution designed to fortify user authentication with enhanced security and precision. The seamless process begins with users providing their email addresses, followed by the generation of a secure OTP. Users then input the received OTP into the designated fields, ensuring a secure and reliable verification process.

Shufti Pro ensures the accuracy and legitimacy of the end user's email address through a comprehensive two-stage process.


Verification via OTP:

The process begins with the user receiving a verification link or code in their email. The user must click the link or enter the code to confirm that they have access to the email account, thereby verifying the email address's validity.

The email verification process works as follows:

  1. End user provides the email address.
  2. An OTP is sent to the end user-provided email address.
  3. The end user is required to type in the received OTP in the given input fields.
  4. Different checks are performed on the end user’s email address and a decision is made to accept or decline the verification request.

Verification is declined if a user enters the wrong code consecutively for five times.

Fraud Prevention Validation:

After the email address is verified, it undergoes a thorough validation phase. This involves checking the email against pre-set fraud prevention criteria to identify any signs of fraudulent or suspicious activity. This step ensures the email address is not only valid but also secure and not associated with any malicious activities.

Fraud Prevention validation includes the following checks:

  • Disposable Domain: Checks if the email is from a temporary or one-time-use domain.
  • Unregistered Domain: Verifies the legitimacy of the domain's registration.
  • New Custom Domain: Assesses custom domains registered less than a month ago for credibility.
  • Free Provider, Limited Profile: Examines emails from free providers with minimal online presence.
  • Free Provider, Single Profile: Check if email is from free providers with only provider-specific online activity.
  • High-Risk Domain: Identifies domains known for high-risk or suspicious activities.
  • Recent Custom Domain (2-3 months): Evaluates newly created custom domains (2-3 months old) for trustworthiness.
  • High-Risk Registrar: Checks the reputation of the email domain's registrar for potential risks.