Waterfall Enrichment for Website Visitor Identification

Waterfall enrichment means routing an identified website visitor through multiple identity graphs in sequence instead of relying on one vendor's match. If the first source can't resolve a name, email, or title, the next one tries, and the next, until you've squeezed the maximum coverage out of the traffic you already have. Most teams evaluating website visitor identification skip this entirely: they pick one vendor, accept whatever match rate it returns, and never ask why 40 to 80% of their engaged sessions still show up as "anonymous."

That's the wrong question to optimize. The right question isn't "which vendor has the best match rate?" It's "why am I trusting my pipeline to a single data source at all?"

What Waterfall Enrichment Actually Means for Website Visitors

Outbound teams have run waterfalls for years: hit Clearbit, fall back to Apollo, fall back to a phone-verified source, stop as soon as you get a verified email. Nobody builds a cold-outbound data stack around one provider, because everyone knows single-source match rates cap out well below what the market actually offers.

Website visitor identification has been slower to catch up. Most tools on the market run one detection method, either IP-to-company resolution or a single identity graph, and stop there. That's fine for company-level identification, where IP resolution is genuinely strong. It falls apart for person-level identification, where a single provider's graph might only cover a fraction of the people actually on your site.

A waterfall applied to inbound, already-identified traffic works the same way it does for outbound lists, just in reverse order of confidence: start with your highest-confidence, most complete source, and only fall through to secondary and tertiary graphs for the visitors the first pass missed. The visitor doesn't know or care how many sources you checked. They just show up in your CRM with a name, a title, and a company instead of a session ID. This is a different question than person-level versus company-level identification. Waterfalling is about how many sources you check to hit whichever level you're targeting, not which level you're targeting in the first place.

Why Single-Source Identification Leaves Pipeline on the Table

We hear a version of the same story on nearly every call with a team switching off a single-source tool. A RevOps lead at a B2B software company selling into large enterprise and financial-services accounts put it plainly: their sales team never fully trusted the identification data from their previous vendor, so adoption quietly died. Reps went back to "spray and pray" outreach on target accounts because they weren't confident who was actually researching them, even though the traffic was there.

That's the real cost of single-source identification. It's not just a lower match-rate number on a dashboard. It's reps who stop trusting the tool, stop acting on the alerts, and revert to guessing. A 25% match rate that nobody uses is worse than a 45% match rate that a sales team actually works.

The gap is structural, not a quality problem with any one vendor. A provider that resolves identity purely off IP address will be strong on company-level matches and blind on person-level detail. A provider built for firmographic enrichment will hand you industry and headcount but not a verified email. Every single-source tool has a shape, and that shape leaves a predictable hole in your data. Waterfalling doesn't fix a "bad" vendor. It covers the hole any one vendor, by design, is going to have. If you're currently evaluating a vendor's numbers, read our breakdown of how to vet a website visitor ID vendor's accuracy claims before you sign anything.

How a Waterfall Actually Works, Step by Step

  1. Match on your highest-fidelity source first. Run the visitor through the identity graph most likely to return a complete, verified match: name, business email, title, and company.
  2. Fall through unresolved sessions to a second graph. Anyone the first pass couldn't resolve gets checked against a different data source with different underlying coverage, not a re-run of the same lookup.
  3. Layer in company-level resolution as a floor. Even when person-level matching fails on every pass, IP-to-company resolution should still identify the account, so a rep at least knows which company is on the site.
  4. Score confidence, not just presence. A match from your primary source and a match stitched together from a third-tier fallback aren't equally reliable. Route them differently instead of treating every "identified" row the same.
  5. Route on engaged sessions, not raw pageviews. Waterfall the traffic worth the compute: sessions of 10+ seconds or 2+ pageviews, where there's an actual buying signal to chase.

Teams that get this right don't run a single waterfall provider and call it done, either. A vertical SaaS company we work with in the property management space deliberately runs identification through more than one platform side by side. Their reasoning: the overlap between sources is smaller than people assume, and the added coverage is net-additive, not redundant. They'd rather pay for a second pass than leave real buyers unidentified. Once those visitors are matched, the fastest way to lose them again is a messy CRM. See our guide to CRM data hygiene for website visitor identification for how to keep waterfalled records from becoming duplicate junk.

Match Confidence by Source Type

Not every "match" in your CRM deserves the same trust. Here's how to think about confidence tiers when you're stacking sources:

  • 🔴 Consent-based identity graph, person-level - name, business email, and title resolved from a consent-based publisher network. Route straight to a rep.
  • 🟠 Multi-source waterfall match, person-level - resolved after falling through two or more graphs. Reliable, but verify email deliverability before a cold send.
  • 🟡 Account-level (IP-to-company) match - you know the company, not the person. Good enough to trigger account-based plays, not a 1:1 outreach sequence.
  • 🟢 Firmographic-only enrichment - industry, size, and tech stack, no contact detail. Useful for lead scoring, not for outreach.
  • Unresolved / anonymous engaged session - a real visitor with real intent that no source could match. Track it for retargeting and re-check on their next visit.

What "Good" Match Rate Actually Looks Like

Ask any vendor for their match rate and you'll get a number with no denominator, which makes it meaningless. The only honest way to report it is against engaged sessions: visits of 10 seconds or more, or two or more pageviews, not total raw traffic, which is full of bounces, bots, and one-second sessions nobody could identify anyway.

Measured against engaged sessions, Knock2 identifies 93%* of accounts and 62%* of individuals (name, email, title) on US traffic. Identification rates measured against engaged sessions. Results may vary by traffic profile, geography, and industry. That gap between the two numbers is exactly the case for waterfalling: account-level resolution is a largely solved problem, but person-level identification is where stacking multiple identity graphs against a consent-based publisher network makes the real difference.

If a vendor won't tell you what denominator their match rate is measured against, that's your answer. Push for the engaged-session number specifically, and ask whether it's a single-source match or a waterfall.

Building Your Own Waterfall Without Buying Five Tools

You don't need to stitch together five separate contracts to get waterfall-level coverage. Two things matter more than vendor count:

  • Pick a platform that already waterfalls multiple identity graphs internally instead of a single-graph tool you'd have to supplement yourself. This is the fastest path. You get the fallback logic without managing it. Knock2's identification layer runs this way by default, matching visitors against an identity graph built from a consent-based publisher network across multiple detection methods before a session is ever marked "unidentified."
  • If you're running two platforms in parallel, route by use case, not by redundancy. Use one as your primary for real-time, person-level alerts and the second as a nightly batch pass on anyone the first missed, rather than paying twice to check the same visitor the same way.

Either way, the goal is the same: stop treating "identified" as a single yes/no outcome from one lookup, and start treating it as the output of a process that tries more than once before it gives up on a visitor. If you're still comparing platforms on this basis, our GTM stack guide for website visitor identification breaks down what to buy, build, and skip.

FAQ

Is waterfall enrichment the same as buying multiple identification tools?

Not necessarily. Some platforms run a waterfall across several identity graphs internally, so you get the benefit without managing separate vendor relationships. Buying multiple point tools and layering them yourself is one way to waterfall, but it's not the only way.

Does waterfalling slow down real-time alerts to sales reps?

It shouldn't, if it's architected correctly. The primary, highest-confidence source should still resolve in real time for immediate alerting. Secondary and tertiary passes on unresolved visitors can run as a fast follow-up rather than blocking the initial notification.

What match rate should I expect from a waterfall versus a single source?

Single-source person-level identification commonly resolves a minority of engaged sessions. A well-built waterfall against a broad, consent-based identity graph should meaningfully outperform that. Knock2, for example, resolves 62%* of individuals on US engaged traffic, against a 93%* account-level rate.

Do I need waterfall enrichment if I only care about account-level identification?

Less urgently. Account-level, IP-to-company resolution is a more mature, largely solved problem where single-source tools already perform well. Waterfalling matters most for person-level identification, where coverage gaps between providers are largest.

How do I know if my current identification tool needs to be supplemented?

Compare your reported match rate's denominator to engaged sessions, not total traffic, and check whether your sales team is actually acting on the alerts. If reps have quietly gone back to guessing which accounts to prioritize, that's a stronger signal than any dashboard metric.

Ready to see what a waterfalled identity graph resolves on your own traffic? Book a demo and Knock2 will show you the match rate on your last 30 days of engaged sessions, side by side with what you're getting today.

Waterfall Enrichment for Website Visitor Identification

John DiLoreto is the founder & CEO of Knock2

Latest articles

Browse all