Protecting your website from spam in comments

This article shows how you can effectively protect your website against spam-submissions in comments.

In order to improve the interaction with the visitors of this website, I allowed anonymous users to post comments to all published stories. Since feedback is quite low, I enforced administrator approval of all comments to stay in full control.

However, shortly after enabling comments for anonymous users, I received more and more emails telling me that new comments were posted which needed my approval.

CAPTCHA to the rescue!

In order to block bots and automated scripts from submitting content, I enabled the CAPTCHA module. This lowered the number of submissions at first, but after a while spam submissions were rising again. I thought that the CAPTCHA's were not strong enough, so I enabled the reCAPTCHA module. Again, this was helping for a while, but after a few weeks spam was coming back. So apparently actual human beings were sitting behind a browser, submitting spam and solving captcha’s. Time for another approach!

Mollom as an alternative and far better solution!

Then I read about Mollom: a web service which offers a spam filter for posted content. Every comment which is being submitted is sent to the Mollom web service for analysis. The service categorizes the content as being SPAM or HAM (content which passed the spam filter). You can read more details here: How Mollom works

As an additional bonus, visitors are not longer bothered with having to solve difficult to read captcha's!

At the time of writing, Mollom has been active for just over 100 days on this website. During this time, it has blocked 26.000 comments containing spam! One day the number of spam comments peaked at 718 messages (which is a lot compared to the daily number of unique visitors).

Installing and configuring Mollom

The installation is very easy: enable the module on your Drupal site and you're done! No dependencies required!

The configuration went easy as well: register for an account on Mollom's website, add your website to your account and you immediately receive your unique keys. Simply type these keys on the Mollom administration page of your Drupal site and configure on which forms Mollom should be used.

One warning though for the privacy-minded: keep in mind that all comments posted by your visitors are being send to a third party. If you use a free Mollom subscription, then no SSL is being used when using Mollom's web service. Luckily the Drupal module offers the (optional) feature of putting Mollom's privacy policy to all forms on which you are using Mollom. This way all your privacy-minded visitors are informed upfront about what it happening with their data. Of course you can also incorporate this in your own privacy policy.


Using Mollom I have been able to fight all spam submissions on my website. This has saved me a lot of time. Installation and configuration are very easy. So all I have left to say is that I recommend Mollem to everybody who has problems with SPAM content being submitted on their website!