How To Protect Your Website From Spam


We all hate spam, but it's an unfortunate reality of the digital world.  As soon as you create a website and give people a way to communicate with you, spammers are going to start shoveling content through it.  The good news is that Doodlekit has built in tools to help you deal with spam on your website.

Types of Spam

For a typical website there are few areas that spammers focus.  We concentrate on filtering spam coming though the contact us form, blog comments, forum topics and custom form entries.  These are the areas that allow public submissions, are can be easily setup to transmit spam automatically.

There are two types of spamming mechanisms, automated "bots" and manual.  Bots are applications written to scour the Internet looking for any web form they can send spam through.  They don't care what the form is for, or who it's going to, because if they just keep sending they figure eventually it will get where they want it.  There are also manual spammers, which may be a farm of people at computers manually going through websites and typing in spam messages to blog comments and other forms on your website.

The bottom line is that if Google can find your website, the spammers can too. 

Automatic Spam Filter

The first line of defense we have against spam is an automated filter that all blog comments, contact us submissions, and forum topics go through.  We use a third-party service that compares this content, as well as the IP Address of the user to a list of known spam.  This works in much the same way as email spam filters like Gmail.  Unfortunately this filter can sometimes think that good submissions are spam, which is why it's important to moderate your spam and look for false positives.  I'll cover this more below.

Human Verification

captcha.pngOne way to quickly filter out Bots is to add something to the form that only a human can do.  You've probably seen "Captchas" all over then Internet.  These are those annoying jumbled up words that you have to enter in the box.  Unfortunately spammers are getting better and better about automatically figuring these out.  

We use a different service called Are You a Human (  This uses a game that requires interaction and knowledge to complete.  Not only is this harder for a spammer to crack, but I find it's much less frustrating for the user.  You can see an example below in the blog comments form for this post.

You can enable or disable this feature for blog comments, the contact us form, or for individual custom forms.


Spam Word Filter

If there are specific words that you're seeing a lot that aren't being block by the Automatic Spam Filter, you can add them to this word list.  Be careful about how specific you are.  For example, we were getting lots of spam with the word "Ugg" in it.  If we just put "ugg" in our word list, it may block content like "luggage".  Instead you can block specific phrases like "ugg boots".


Time Filter

Sometimes you can recognize spam because the same computer will try to submit a form 100 times in one second.  The time filter will prevent this.  The interval changes the amount of time a single computer will have to wait until the same form can be submitted again.  



Since spam can sometimes be falsely identified, you need to be aware when it happens so you can see if it's something you really needed to read.  This is the same as occasionally checking your email spam box.  You can enable or disable email notifications about spam for different areas of your site.


For each area of the site where we filter spam, blog comments, forums topics, and contact us submissions there is an area in the admin section you can use to see what's marked as spam and what's not.  All of the content for each area is listed, not just the spam.  This way if content is missed by the filter you can mark it as spam.  This will not only remove the content from the site, but it will improve the filter over time.  

Content that has been marked as spam will have [SPAM] next to it.  If content is falsely marked as spam, you can mark it as "Not Spam".  This will display the content and will also improve the filter, preventing this mistake in the future.


Spam is a pain, and it's only getting worse.  We'll continue to work on providing the best tools out there to keep your mind at ease. 

Have more questions? Submit a request


Powered by Zendesk