Conditional to check if email is fake in Shopify Flow?

Shopify Plus
1

I am trying to set up a Flow to detect orders with a fake email address. As in, an email address that doesn’t actually exist so the order confirmation fails. Shopify Admin shows this information in the timeline;

image
image773×545 46.1 KB

I need to automatically flag these orders as potentially fraudulent as well as identify the customer as invalid so they can be removed from our Klaviyo lists.

After much searching, I can’t seem to figure out which variable I am supposed to select for the main conditional. It’s also not clear when exactly the email is identified as nonexistent. Is it during the risk assessment? Is this something I can detect at Order Creation?

Like many Shopify stores, we are dealing with a constant barrage of fraudulent orders from spam bots. The above screenshot is from a clearly fraudulent order that had a Low fraud risk assessment. As a result it slipped past my existing Flows that catch and cancel suspected fraud orders.

Any help in closing this particular hole would be immensely appreciated.

1 Like
2

This is a really sticky one. The cat and mouse game of fraud detection and fraud tool evasion has been going on since the dawn of ecommerce, but there are a few low-lift tools you can put in place.

From our understanding, Shopify Flow doesn’t have an action hook tied to bounced emails, so there might be little we can do directly in Shopify without an external app/tool.

Without deeper context into your specific shop, products, AOVS and annual GMV it’s tough to prescribe one silver bullet solution, but here are a few options:

Fraud Prevention App Integrations

Apps like Riskified, Kount and Signifyd all offer significantly increased fraud detection modeling at the time of order capture saving you the chore of manually cancelling orders that slip through the cracks of the default Shopify fraud model

These apps are generally not viewed as cheap, but they can make a big impact for your team if chargeback volumes are high and you have a slightly higher AOV and GMV figure

Let Klaviyo be a source of email validity truth

Klaviyo already auto-suppresses hard bounces when emails are fired from their system. We can use that as a tool to help Shopify/Flow know when an issue has occurred with email validity.

That would look something like this:

  • In Klaviyo, create a segment: “Bounced or suppressed”.

  • Whenever a new email is added to your Klaviyo lists upon order confirmation immediately trigger an email as part of your transactional email flows. If the email is fraudulent a hard bounce will occur shortly after this email is sent.

  • In a Klaviyo Flow that fires when someone enters the “Bounced or suppressed“ segment (or on the “Bounced Email” metric), call a small webhook (a Zapier Zap, Make.com, etc) that:

    1. Tags the Shopify customer with invalid-email

    2. Optionally tags their open orders with invalid-email

  • Back in Shopify Flow, create another Flow:

    • Trigger: Customer tags updated (contains invalid-email)

    • Actions:

      • Tag all open orders needs_review_email

      • Notify your team / auto-cancel if you’re confident in your rules

This is definitely a roundabout method, but it can certainly work with the right configuration and testing.

Shopify’s Checkout Extensibility Apps (Plus-only I believe)

If you’re on Shopify Plus, you should be able to prevent most of this at the door using a flow like this:

  • Use Checkout UI extensions + a lightweight server (App Bridge/admin app) to run real-time email verification (Kickbox, ZeroBounce, Verifalia, etc.).

  • On failure (e.g., no valid MX, hard “does-not-exist”), show a checkout field error and block progression before payment.

  • Additionally, add Bot Protection/honeypots (theme/app blocks) and consider rate-limiting.

I understand this is super long-winded and doesn’t offer a turnkey solution to resolve this in a one-click fashion, but I hope it helps your team and any other merchants that run across this in the long-run!

Our team is also always available to discuss custom solutions for any issues like this if you are unable to find the right resolution. Don’t hesitate to reach out if you’d like to discuss more.

Cheers!

1 Like
4

Hello @AiTrillion,

We can’t disable guest checkouts. We tried that before and saw an unacceptable sudden drop in legitimate orders. Most of our customers aren’t willing to create an account just to place an order.

Thank you for the suggestions.

5

Hello @fractionstudio,

We have added as much bot protection as we can, considering all the spam is coming from orders placed through cart permalinks. If Shopify would let stores disable or restrict cart permalinks the current spam situation would be far more manageable.

Thanks for the information. I was worried there was no way to detect if an email had bounced within Shopify Flow. It figures, considering Shopify is seemingly incapable of implementing comprehensive tools or api functionality for any feature they add.

I really appreciate the suggestion to use Klaviyo itself for detection. It’s a good work around, but I’m not really interested in setting up yet another custom shopify app to catch the call from Klaviyo Flow and make the changes within our store.

I think I’m going to add a hidden field to our product pages so I can detect when something has used a cart permalink. Then I can put those orders through a manual review before payment gets collected.

Thanks for all the other suggestions! I actually appreciate how in depth you went. I have a fair amount of technical knowledge with Shopify so these are all good ideas. We aren’t on Shopify Plus, but there’s always the slim possibility we will either switch in the future or the features you mentioned will become available to Advanced users.

3 Likes
6

Shopify Flow doesn’t seem to expose a native trigger for “this email hard-bounced”, so solving this only inside Flow gets messy quickly.

A more practical approach is to catch the issue earlier and then use tags/metafields for downstream automation:

  • verify customer/order emails before they keep polluting marketing lists
  • flag invalid / disposable / risky emails
  • tag the customer so Klaviyo segments and Shopify automations can exclude or review them
  • optionally mark suspicious orders for manual review when the email/delivery signals look off

That won’t stop cart permalink abuse at the source, but it can reduce the damage it causes in your CRM and email flows.

Full disclosure: I built GTMailHygiene for this kind of workflow in Shopify. It helps verify emails, optionally tag customers / write metafields, and surface email/delivery-related risk signals on orders: