Specbee: Spam prevention guidelines for your Drupal Website

Spam prevention guidelines for your Drupal Website
Shri Ganesh Hegde
22 Nov, 2019

Accept it, your inbox is infested with Spam and you cannot do anything about it. They’ll just crawl into your website and send you those annoying emails through your contact forms or comments section or just about anywhere they can sneak in through. Sure, you can “Mark” them as Spam. But is that really going to help in keeping all those creepy crawlies at bay?

There are two types of spam – Spambots, which are basically scripts designed to collect email addresses and then spam them , and Human Spammers, who are actually sitting on computers just to spam you. We can protect ourselves from Spambots to a certain level but getting around Human spammers is extremely tricky.

Thankfully, Drupal 8 provides you with plenty of solutions and Drupal modules to protect your website from Spambots. Let us take a look at some of them and see which Drupal 8 modules suit your needs the best.

Capture them with CAPTCHA

We have all come across a CAPTCHA test at some point or the other and though it may seem annoying as a visitor, this can be a very useful tool to a site administrator. It is that fuzzy image of some text that you have to fill in a web form and if you’re a legitimate user you can go ahead with submitting your details. This challenge-response test is a decent way to keep some Drupal spam away, but it isn’t too difficult for them to find a way out either. Thus, using it as a stand-alone solution is not a very good idea. Installing the Drupal 8 Captcha module is as simple as configuring it. 


Taking it up a notch in Drupal spam prevention with the use of CAPTCHA  is another Drupal module that  provides an alternative CAPTCHA security. CAPTCHA Keypad increases the complexity of a CAPTCHA , making it really difficult for the spammers. This module allows the users to make use of a keypad (which can be configured to shuffle the keys, as required) to enter the CAPTCHA. 

Complicate it with ReCAPTCHA

Drupal reCAPTCHA module makes it more complex for the spambots by using the reCAPTCHA services offered from Google. Built for the sole purpose of security, Drupal  reCAPTCHA module also aims at improving the user experience by allowing the users to complete the test with a single click or a tick mark. 

The Drupal reCAPTCHA module offers a choice to provide checkbox, asking the users if they are a robot or not. Despite the fact that this module makes it easier for the users, it still is a hard nut to crack when it comes to Drupal spam prevention. 

Lure them spammers with Honeypot

Honeypot, as the name suggests, acts as a trap to deter spam bots from posting harmful data into your website. Drupal 8 Honeypot module basically adds a hidden field to your web form which is seen only by spambots. So if the hidden field in your form is filled, then you know it’s a spambot and discard the form. Drupal Honeypot also allows you to set a timer for filling the form since if it is a spambot, they can fill those forms in no time! Let’s say, if you set a timer of 5 seconds to fill your contact form, you will know when a spambot is doing so as us humans would most definitely take longer.

AntiSpam by CleanTalk

Developed by CleanTalk, Drupal Antispam module is another module that tests the user in such a way that the users see no tasks that are required to be solved from their end. Drupal Antispam module does a great job if you have your own list of spam email addresses and IP-addresses that you have detected. 

Using a series of tests that filter the spambot registration & the spams in the comments section, Drupal Antispam module ensures that the spam checks are not visible to any of the website users. This ensures a better and more comfortable engagement with the site, eliminating the extra time spent on completing additional registration forms. 


Another Drupal module that boasts of a “NO end user interaction” is Antibot. This light weight module aims to prevent robotic submissions on a Drupal website, with minimal user interactions and zero involvement of API keys and other third party integrations. 

Implementing two major criteria, the Antibot module includes a Javascript interaction test and an analysis for the usage of keyboard and mouse. Also, it also enables caching of the forms, which makes it a lot quicker than other modules like Honeypot. 


Developed by Dries Buytaert, the founder of Drupal, Mollom was an intelligent web service that identified potential spam content and decide if the post is legit or not. Using machine learning techniques to block spammers from posting malicious content, Mallom was one of the most used modules for Drupal spam protection. However, on April 2, 2018, Mallom officially announced its end of life. If you are using the Mollom module, it is advised to disable the same and switch to an alternative.

Shefali ShettyApr 05, 2017