How returning customers keep buying your trial offer — and how to stop them

The trial product trap

You're running a trial offer. A $5 starter box, an intro bundle at cost, a "try us" sampler priced to convert browsers into subscribers. The economics make sense: you take a loss on the first order, the customer loves the product, they convert to full price, and you earn the margin back over months.

That math only works if each person buys the trial once.

This is worse than discount code abuse. When someone reuses a discount code, you sell a product at a lower margin. When someone repeatedly buys a trial offer, you're shipping real product at a loss every single time. The product cost is real. The packaging is real. The shipping label is real. The fulfilment labor is real. And none of it converts into a full-price subscriber because the person was never going to subscribe — they just wanted another cheap box.

If your trial costs $5 and you're shipping 30 repeat orders a month from people who've already had one, that's $150/month in product and fulfilment you're lighting on fire. And that's a conservative number. For brands doing volume, the leak can be five or ten times that.

The scenario: a $5 trial box that keeps getting ordered

Here's how this plays out in practice. You sell a subscription box — coffee, skincare, snacks, supplements, whatever the product is. You offer a first box for $5 as a trial. The regular price is $30/month.

A customer orders the trial box. Good product, great experience. But instead of converting to the $30 subscription, they cancel. A week later, a "new customer" orders another $5 trial box. Different email. Same shipping address. Same name, or close to it.

Then it happens again. And again. You look at your orders and realize you've shipped four $5 boxes to what is clearly the same household. That's $120 worth of product you sold for $20. The customer got a month's supply at trial pricing and has zero intention of subscribing.

Multiply this by every customer who figures out the trick, and you have a real revenue problem hiding inside your order data.

How a single customer does it

The methods are simple and require zero technical skill.

Guest checkout with a different email. Your store allows guest checkout because turning it off kills conversion. The customer adds the trial product, enters a different email at checkout, and completes the purchase. Your "limit one per customer" setting doesn't fire because guest checkout has no customer account to check. For a full breakdown of why, read why Shopify's limit fails at guest checkout.

Gmail variations. Gmail ignores dots and supports plus-sign aliases. [email protected], [email protected], [email protected] — all the same inbox, all different "customers" in Shopify. The buyer doesn't even need to create a second email account.

Ship to a friend or family member. The customer uses their own email but ships to a different address. Or uses a friend's email and ships to themselves. By rotating two or three email-address combinations, one person can order a trial product indefinitely.

Incognito browser. Open a private window, clear any cookies or session data your store might use, and check out fresh. Combined with a different email, this makes the buyer completely invisible to any client-side tracking. Read more about how incognito checkout defeats Shopify protections.

None of these require hacking, browser extensions, or any special knowledge. Anyone who's ever signed up for a second free trial of a streaming service knows the playbook.

Why "limit one per customer" on the product fails

Shopify's built-in purchase limit checks one thing: the email address on the logged-in customer account. That's the entire identity model.

Three structural problems make this useless for trial products:

No account, no check. Guest checkout bypasses the limit entirely. No customer account exists, so there's nothing to match against previous orders. The trial product is treated as a first purchase every time.

One email, one identity. Even for logged-in customers, Shopify equates "customer" with "email address." A second email is a second customer. The system can't tell that two accounts belong to the same person.

No cross-signal matching. Shopify doesn't look at shipping address, phone number, browser data, or IP address when enforcing purchase limits. These are the signals that actually identify a repeat buyer. Without them, the limit is trivially easy to circumvent.

The result is a restriction that only stops the most honest customers — the ones who would have respected the limit anyway. Everyone else walks through the gap.

What you actually need: identity matching across orders at checkout

Fixing this requires a fundamentally different approach to identifying buyers. Instead of checking one field (email) on one record (customer account), you need to match across multiple identity signals at the moment of checkout.

Cross-order identity resolution means looking at all previous orders for a restricted product and determining whether the current buyer is likely the same person as a previous buyer. Not just "same email" — same person.

This needs to happen at checkout, not on the product page or in the cart. Product page restrictions are trivially bypassed by going directly to the checkout URL. Cart-level blocks can be circumvented with browser tools. The only enforcement point that actually matters is the checkout itself, where money changes hands.

And it needs to work for guest checkout. If your identity matching only works for logged-in customers, you have the same gap Shopify's native setting has. Most trial abusers check out as guests specifically because they know it avoids detection.

How OfferGuard handles this

OfferGuard is built specifically for this problem. It installs as a Shopify checkout extension and enforces product-level purchase restrictions using five identity signals:

1. Email normalization — OfferGuard strips Gmail dots, resolves plus-sign aliases, and normalizes common email variations. [email protected] and [email protected] are recognized as the same person.

2. Shipping address matching — The physical delivery address is compared against previous orders for the restricted product. Same address, different email? Flagged and blocked.

3. Phone number — Phone numbers provided at checkout are matched against prior orders. Another signal that ties digital identities back to a real person.

4. Browser fingerprinting — Device characteristics, browser type, screen resolution, and other technical signals create a fingerprint that persists across sessions and survives incognito mode.

5. IP address patterns — Repeated purchases from the same IP address or network range are detected, adding another layer to the identity match.

No single signal is perfect. Addresses have typos. Phone numbers change. IPs are shared. But when you combine all five, the probability of correctly identifying a repeat buyer is high — and the effort required to beat all five simultaneously makes the bypass not worth the trouble for a $5 trial box.

When OfferGuard detects a match, it blocks the checkout. Not the discount — the entire purchase. The buyer sees a clear message that the product is restricted to one per customer. The order doesn't go through. Your trial inventory stays on the shelf for actual new customers.

This works for logged-in customers and guest checkout alike. There's no gap to exploit.

The math on doing nothing

Let's make this concrete.

Your trial product costs $5 at checkout. Your actual cost to produce and ship it — product, packaging, label, fulfilment labor — is $12. You're intentionally losing $7 per trial order because the lifetime value of a converted subscriber more than makes up for it.

But a repeat trial buyer never converts. Every repeat order is a pure $12 loss (you collect $5, spend $12).

If 30 repeat trial orders slip through per month, that's:

• 30 orders x $12 cost = $360/month in fulfilment costs
• 30 orders x $5 revenue = $150/month collected
• Net loss: $210/month, or $2,520/year

And that's for a small-scale leak. Brands with popular trial offers and any kind of social media visibility can see this at 5x or 10x the volume. At 150 repeat orders per month, you're looking at over $12,000/year in losses — on a product that was supposed to be your customer acquisition engine.

Every one of those trial boxes could have gone to an actual new customer who might have converted to a full-price subscription. The real cost isn't just the product you shipped — it's the subscriber you didn't acquire.

Protecting your subscription intro offer

Trial products and intro offers are powerful acquisition tools, but only when they reach actual new customers. If your store has a trial product, a first-purchase discount on a physical item, or any offer designed to be purchased once, you need enforcement that goes beyond email matching.

Read more about protecting subscription intro offers and enforcing one-per-household restrictions with address matching.

What to do right now

Start by auditing your trial product orders. Sort by shipping address and look for duplicates. Check for email variations — dots, plus signs, obvious aliases — pointing to the same person. If you find patterns, you have a quantifiable leak.

Then decide whether the leak is worth plugging. For most brands running trial offers at a loss, it is.

OfferGuard installs in under two minutes, requires no code changes or theme edits, and starts blocking repeat trial purchases at checkout immediately. It works with guest checkout, catches email aliases, and uses five identity signals to match buyers across orders.

See pricing and start your free trial →