Key takeaway: Detecting fake followers and bot accounts on Twitter (X) relies on account metadata signals: very new creation dates, a high following-to-follower ratio, few or no tweets, default avatars, empty bios, and dead profile links. Sample 20 to 50 followers; if over 20% show several signals, contamination is significant.
Updated June 2026: verified against the current official X API pay-per-use pricing and the archival status of legacy bot-detection tools, including Botometer.
Twitter bot detection comes down to one practical question: which followers are real people, and which are bought, automated, or abandoned? Follower counts are easy to inflate and hard to trust. Purchased followers, dormant accounts, and automated spam all sit inside a public follower list, dragging down engagement rates and skewing any analysis built on top of the audience. The reliable way to measure the problem is to read the metadata each account exposes, score it against known bot patterns, and flag the accounts that trip several signals at once.
Sorsa API, an alternative Twitter/X API provider, returns those exact fields in one call. A single request to its followers endpoint pulls up to 200 full profiles, each carrying the creation date, follower and following counts, tweet and like totals, avatar URL, bio, and bio links you need to score an account. On the Pro plan that works out to roughly $0.50 to read 50,000 follower profiles, against about $500 on the official X API at $0.010 per profile read. There is no OAuth handshake and no developer-account review: a key in the header, a flat 20 requests per second, and the audit can run.
Contents
- What counts as a fake follower or bot account?
- Twitter bot detection signals in account metadata
- Why the trusted bot-detection tools stopped working
- How to audit any public account's followers
- Checking a known list of accounts at scale
- Going deeper: username history and engagement
- What account-metadata detection cannot do
- What a follower audit costs: Sorsa vs the official X API
- Where teams run follower audits
- Getting started
- Frequently asked questions
What counts as a fake follower or bot account?
A fake follower is any account that pads a follower count without being a reachable, active human: automated bots, purchased follow-farm accounts, spam profiles, and long-dormant accounts. A bot specifically means an account driven by software. These categories overlap heavily, which is why most audit tools group them together under one label, fake or low-quality.
The definition matters because it decides the number. Twitter maintained for years in its regulatory filings that fewer than 5% of its monetizable daily active users were false or spam accounts, a figure tied to the narrow set of accounts advertisers can reach. Independent analyses, working from different samples and broader definitions, have landed higher. According to CNN, the analysis firm Cyabra estimated that spam and bot accounts made up roughly 11% to 14% of Twitter's user base, and SparkToro's 2022 review of about 44,000 active accounts flagged 19.42% as fitting a conservative fake-or-spam definition.
The platform keeps pruning, which is why follower counts move on their own. Social Media Today reported that X removed about 1.7 million reply-spam bots in a single October 2025 purge, part of a broader, ongoing crackdown on automated accounts.
For a follower audit, none of those platform-wide figures decide anything. The number that matters is the fake rate on the one account in front of you, and that is exactly what metadata scoring measures.
Twitter bot detection signals in account metadata
Twitter bot detection from metadata works by scoring each account against signals that correlate with automation and follow-farming: account age, the following-to-follower ratio, tweet and like volume, avatar and bio completeness, profile-link health, and username structure. No single signal is conclusive. A likely-fake account is one that trips several at once.
| Signal | What it suggests | Account field |
|---|---|---|
| Created days or weeks ago | Mass-registered account | created_at |
| Follows thousands, has few followers | Follow-for-follow or spam bot | followings_count, followers_count |
| Zero or near-zero tweets | Built to follow, not to post | tweets_count |
| No likes recorded | No genuine activity | favourites_count |
| No media ever posted | Low-effort automated account | media_count |
| Default or missing avatar | No human curation | profile_image_url |
| Empty or templated bio | Not a real person's profile | description |
| No link, or a dead link, in bio | Throwaway account | bio_urls |
| No pinned tweet | Minimal account setup | pinned_tweet_ids |
| Random username, name plus digits | Auto-generated handle | username |
Read these together, not in isolation. A two-week-old account with a default avatar and zero tweets is a strong candidate; a three-year-old account with a full bio and a normal ratio almost never is. Weight account age and the ratio most heavily, since those are the hardest signals for a follow farm to fake across thousands of accounts cheaply.
Every field in that table ships in the standard profile object that Sorsa returns from its profile, batch, and follower endpoints. That matters operationally: one follower-list pull gives you the whole signal set per account, with no second lookup per profile. The field names above are the literal response keys documented for the Followers endpoint, so the scoring logic maps straight onto the JSON.
Why the trusted bot-detection tools stopped working
The best-known Twitter bot detectors broke when X ended free API access in 2023. Botometer, the academic tool from Indiana University, was disabled, and its archival successor only scores accounts on data collected before June 2023. SparkToro retired its free Fake Followers Audit the same year. None of them can assess an account created recently.
Botometer is the clearest case. Its makers at Indiana University's Observatory on Social Media disabled the original tool after X suspended free data access, then revived a limited version, Botometer X, in February 2024. By their own account, Botometer X runs in archival mode on pre-June-2023 data and holds no records for accounts created after May 31, 2023, and its scores may not reflect recent activity. The underlying BotometerLite model scores accounts on account metadata, the same category of signal described above, and the team notes it predates modern generative AI and cannot detect AI-supercharged bots.
SparkToro tells the same story from the commercial side. Its free Fake Followers Audit, the tool that once estimated that nearly half of one very high-profile account's followers were fake, was switched off in 2023 because the new paid API no longer offered the data the feature depended on.
The common thread is the data pipe, not the method. Every tool that read live accounts through the official API inherited the API's new cost and access limits the moment they landed. Metadata scoring still works perfectly well; what closed was cheap, open access to the accounts to score. That is the same shift that reshaped pricing across the ecosystem, covered in our breakdown of why X's API pricing changed.
How to audit any public account's followers
To audit a public account's followers, pull the follower list one page at a time, score each profile against the metadata signals, and either check every follower or sample several hundred at random. A flag count per account, plus a contamination rate across the audience, is enough to act on.
- Pull the followers. Call the followers endpoint with a username or user ID. Each page returns up to 200 profiles and a
next_cursor. Page until the cursor comes back empty, or stop once you have a representative sample. - Score each profile. Apply the signal table to every account and count how many signals it trips.
- Set a threshold. Treat accounts tripping, say, three or more signals as likely fake, then tune the threshold against a handful of accounts you can check by eye.
- Roll it up. Divide flagged accounts by accounts checked to get a contamination rate for the audience.
The whole loop is short. Here is a runnable version against Sorsa's v3 API, which uses an ApiKey header:
import requests
BASE = "https://api.sorsa.io/v3"
HEADERS = {"ApiKey": "YOUR_API_KEY"}
def fetch_followers(username, pages=5):
profiles, cursor = [], None
for _ in range(pages):
params = {"username": username}
if cursor:
params["next_cursor"] = cursor
resp = requests.get(f"{BASE}/followers", headers=HEADERS, params=params)
resp.raise_for_status()
data = resp.json()
profiles.extend(data["users"])
cursor = data.get("next_cursor")
if not cursor:
break
return profiles
def bot_signals(user):
flags = []
followers = user.get("followers_count", 0)
following = user.get("followings_count", 0)
if following > 1000 and followers < following / 20:
flags.append("skewed_ratio")
if user.get("tweets_count", 0) == 0:
flags.append("no_tweets")
if user.get("favourites_count", 0) == 0:
flags.append("no_likes")
if not user.get("description"):
flags.append("empty_bio")
if not user.get("bio_urls"):
flags.append("no_bio_link")
if "default_profile" in user.get("profile_image_url", ""): # heuristic
flags.append("default_avatar")
return flags
followers = fetch_followers("targetaccount")
flagged = [u for u in followers if len(bot_signals(u)) >= 3]
rate = len(flagged) / len(followers) if followers else 0
print(f"Checked {len(followers)} followers, {len(flagged)} likely fake ({rate:.0%})")
Thresholds are yours to tune; the ratio rule and the default-avatar string match are deliberately conservative starting points, not fixed truths. The cost stays low because the followers endpoint returns up to 200 profiles per request and counts as one request against your quota. Auditing a 50,000-follower account is about 250 requests, roughly $0.50 on the Pro plan, while the same 50,000 profile reads run near $500 on the official X API.
Two caveats on coverage. Private (protected) accounts cannot be enumerated, so this covers public accounts only. And if you only need the list itself rather than the scoring, our guides on pulling a follower list and extracting followers at scale go deeper on pagination and export.
Checking a known list of accounts at scale
When you already hold a list of handles or user IDs, such as giveaway entrants, waitlist sign-ups, or a competitor's flagged accounts, check them in batches instead of one by one. A batch profile lookup returns up to 100 full profiles per request, and the same signal scoring runs on each.
The mechanics are identical to the audit loop, only the input changes: instead of paging a follower list, you pass your handles to batch profile lookup in groups of 100. Ten thousand handles is 100 requests, around $0.20 on the Pro plan. For campaign work this pairs naturally with action checks (did an entrant actually follow or retweet), which is the core of screening giveaway entrants, but the metadata pass alone already removes the obvious bots before any reward goes out.
Going deeper: username history and engagement
Two useful signals sit outside the basic profile object. A recent or repeated username change can mark a recycled or repurposed account, and an engagement rate far below an account's follower count is a classic sign of bought followers. Both cost an extra call per account, so reserve them for shortlisted accounts rather than running them across an entire list.
The first comes from the About endpoint, which returns an account's country plus its total username changes (username_change_count) and the date of the most recent one (last_username_change_at). A profile renamed last week, with several earlier changes behind it, is worth a second look even when its other signals look clean.
The second is audience-level. A profile with a large following whose recent posts draw almost no likes or replies has the same problem one rung up: the audience is there on paper but not in practice. Pull recent tweets and compare engagement to follower count, or use the free engagement rate calculator to do it from recent tweets without writing code. Our overview of tweet engagement data covers the underlying reply, quote, and retweet endpoints if you want to build the check yourself.
What account-metadata detection cannot do
Metadata scoring is triage, not proof. It reliably surfaces low-effort bots and dormant accounts, but it cannot confirm intent, and well-built accounts defeat it. A confident verdict needs behavioral and network analysis layered on top of the profile signals.
Four limits are worth stating plainly:
- Modern AI accounts pass it. Automated accounts can now carry complete bios, plausible avatars, and steady posting, which is why even the BotometerLite model behind Botometer X was flagged by its own makers as unable to detect AI-supercharged bots. X has kept purging automated accounts through 2026, per Social Media Today, a sign the problem is active and still evolving past simple heuristics.
- The verified badge means nothing now. Paid subscriptions replaced the legacy verification system, so a checkmark says nothing about whether an account is a real, active human.
- Follow-timing spikes are out of reach here. Detecting a sudden burst of purchased followers needs per-follower follow dates, which the standard follower list does not include. Sorsa exposes follow timing only for crypto-indexed accounts through its seven-day new-follower endpoints, so it is not a general-purpose signal for an arbitrary account.
- There is no single bot score. No metadata API hands back one number that says "bot." The score is something you assemble from the signals and calibrate to your own tolerance.
None of this makes the approach weak. It makes it honest: a fast, cheap risk score that catches the bulk of low-quality accounts and tells you when a deeper look is warranted.
What a follower audit costs: Sorsa vs the official X API
Reading follower profiles in bulk is priced very differently across providers. The official X API charges for each profile fetched, so a large audit scales linearly into the hundreds of dollars. A flat per-request API charges once per call regardless of how many profiles come back, which collapses the cost of the same audit to cents.
| Official X API (pay-per-use) | Sorsa API | |
|---|---|---|
| Billing unit | Per profile fetched | Per request |
| Read 50,000 follower profiles | ~$500 | ~$0.50 (Pro) |
| Profiles per request | Each billed separately | Up to 200 (followers) or 100 (batch), one charge |
| Rate limit | Varies, 15-minute windows | Flat 20 req/s, every plan |
| Authentication | OAuth 2.0 plus bearer token | Single API key header |
| Setup | Developer account, app review | Key in minutes, no approval |
| Account metadata fields | Yes | Yes |
| Remove or block flagged accounts | Yes (write access) | No (read-only) |
The honest trade is write access. The official API can post, follow, and remove accounts; Sorsa is read-only by design, so the actual blocking and cleanup happens in the X interface or through the official API. For the read side, fetching and scoring follower metadata at scale, the flat per-request model wins on price, on rate-limit simplicity, and on setup, which makes it the cheaper foundation for any audit you plan to run more than once. Both full tables are public: see current X API pricing and Sorsa pricing.
Where teams run follower audits
Three jobs drive most follower auditing: vetting an influencer before paying for a campaign, screening entrants in a giveaway or token airdrop, and sizing up a competitor's real audience. All three reduce to the same step, scoring a follower list against metadata signals, and differ only in what happens with the result.
Influencer vetting is the most common. A brand checks a creator's followers before a paid post, because an inflated audience means the reach being paid for does not exist; this is the core of an influencer audience analysis. Giveaway and airdrop screening filters out bot entrants so rewards land with real participants. Competitor work uses the same audit to judge how much of a rival's following is genuine, which feeds straight into competitor audience analysis.
In one pattern we see often, a mid-size influencer-marketing agency screens every creator's audience before signing a campaign. They pull the creator's followers, score each profile on the signals above, and walk away from creators whose audience crosses their fake-follower threshold. Running through a flat per-request API, each creator audit costs a few cents and needs no X developer account, so the check fits inside routine deal review instead of being cut for budget. The same routine, pointed at giveaway entrants, keeps prize pools from draining into bot accounts.
Getting started
Two free tools let you try the approach before writing any code. The recent followers viewer lists an account's latest followers in the browser, and the API playground runs any endpoint, including the followers call, from a form. Both pull live data with a Sorsa key.
When you are ready to script a full audit, the setup is small: the followers and batch endpoints return the metadata in the signal table, a flat 20 requests per second applies on every plan, and a key activates in minutes with no approval queue. Pricing starts at $49 a month for 10,000 requests, enough to audit a mid-size account several times over.
Frequently asked questions
How can you tell if a Twitter follower is fake?
Check the account's metadata for several bot signals at once: a very recent creation date, a following count far above its follower count, few or no tweets, no likes, a default avatar, and an empty bio with no working link. One signal alone is weak. An account that trips three or more is a likely fake, and sampling 20 to 50 followers shows whether the wider audience is contaminated.
Is Botometer still working in 2026?
Not in its original form. After X ended free API access in 2023, Indiana University disabled the live Botometer and replaced it with Botometer X, an archival tool that scores only data collected before June 2023. It holds no records for accounts created after May 31, 2023, and its scores do not reflect recent activity, so it cannot assess a new or recently active account.
What percentage of Twitter followers are fake?
There is no authoritative figure, and estimates vary widely with the definition used. Twitter long stated in regulatory filings that under 5% of its monetizable daily active users were spam or fake, while independent analyses have ranged from roughly 10% to 20% of accounts, with some far higher. The only number that matters for a decision is the fake rate on the specific account you audit.
Can you audit fake followers without the official X API?
Yes. A read-only data API returns the same profile metadata the official API does, without OAuth or a developer-account review. Sorsa's followers endpoint pulls up to 200 full profiles per request, each with the creation date, follow counts, tweet totals, avatar, and bio needed to score it, so you can audit any public account's followers from a single API key in the header.
How much does it cost to audit a large follower base?
On a flat per-request API it costs cents. Reading 50,000 follower profiles through Sorsa's followers endpoint is about 250 requests, roughly $0.50 on the $199 Pro plan, because each request returns up to 200 profiles and counts once. The same 50,000 profile reads on the official X API cost about $500 at $0.010 per profile, a difference of around 1,000 times.
Is metadata-based bot detection accurate?
It is reliable for triage, not for proof. Account-age, ratio, and activity signals catch low-effort bots and dormant accounts well, but modern AI-driven accounts with full bios and steady posting can pass them, and the paid verified badge no longer signals authenticity. Treat a metadata audit as a risk score to act on, and add behavioral or network analysis when a definitive verdict matters.
Reviewed by Keksich, founder of Sorsa, marketer and X API researcher.
This guide draws on our team's hands-on work running Sorsa's follower and profile endpoints, the live Sorsa API v3 documentation, and external sources checked in June 2026: Indiana University's Observatory on Social Media on the archival status of Botometer X, CNN on third-party bot-prevalence estimates, and Social Media Today on X's account purges. SparkToro's public notice retiring its Fake Followers Audit was used to confirm that tool's status. Cost figures were checked against current Sorsa and official X API pricing as of June 2026.