How to Minimize Spam on Drupal Website


Honeypot module Protects the Registration Forms, Password Reset Forms, Webforms, Node Forms with an additional option to protect all forms on your site.

Honey PotIt should be your first line of defense, quite simple to use and works invisibly, behind the scenes without adding any complexity to the form for your users. Just enable it and then select which forms you want it to protect.

Honeypot will now look to see if a hidden field (called URL by default) has been filled out or if the form was submitted too quickly. In most cases only a bot would fill in the hidden form or fill out the form too quickly. If either of these conditions is met then the submission will be stopped.

Honeypot is typically all we’ll use on a website and in most cases almost completely removes spam. However, there are additional options for further protection.

Webform Validation

Webform Validation is a very flexible add-on module that extends Webforms with additional validation options that include verifying that a field is numeric, meets minimum or maximum lengths, has a number of words, equals a specific value, doesn’t contain black list words and more. And if this wasn’t enough you can even enter Regular Expressions which can create very complex filters like meeting a area-code and phone number format.

The following validation rules are currently included:

  • Numeric values (optionally specify min and/or max value)
  • Minimum length
  • Maximum length
  • Minimum number of words
  • Maximum number of words
  • Equal values on multiple fields
  • Unique values on multiple fields
  • Specific value
  • Require at least one of two fields
  • Require at least one of several fields
  • Minimum number of selections required
  • Maximum number of selections allowed
  • Exact number of selections required
  • Plain text (disallow tags)
  • Regular expression
  • Must be empty (anti-spam: Hide with CSS)
  • Words blacklist
  • Must match a username

Mollom logo is an intelligent content moderation web service. By monitoring content activity on all sites in the Mollom network, Mollom is in a unique position to determine if a post is potentially spam; not only based on the posted content, but also on the past activity and reputation of the poster.

In short, Mollom handles incoming posts intelligently, in much the same way a human moderator decides what posts are acceptable. Therefore, Mollom enables you to allow anonymous users to post comments and other content on your site.

Mollom decision flowMachine learning.  It uses sophisticated machine learning techniques to block spam and malicious content automatically. Mollom uses a reputation-based system that keeps a continually evolving archive of user profiles to immediately discern an individual’s propensity to submit spam. This applies to everything from user registration forms to blog entries.

Protection against profanity. Using text analytics, it is able to detect harmful content such as profanity and other spam-related content. And Mollom adds language support, stopping unwanted content in 75 languages.

Centralized Captcha Service. Mollom provides a centralized captcha service that stop known spammers. Approved users are not required to solve a captcha.

The captcha is invoked for three specific use cases:

  • Upon user registration, when no content can be classified
  • When Mollom is unable to classify a user
  • When a site owner using Mollom opts for more privacy, and Mollom isn’t allowed to audit all content

Mollom audits the content quality by defining it across three dimensions:
Spam, Ham, and Unsure:

  • Ham is considered positive content and automatically published.
  • Spam is negative content and automatically blocked.
  • Unsure is anything in between. Mollom does not recognize the user, and they’re shown captcha’s, and the customer gets to decide if content is automatically published, blocked, or sent for manual moderation.


Captcha Module Protects User Login, Contact Forms, Registration Forms, Password Reset Forms, Node Forms, Webforms and Custom Forms.

There are various types of captcha’s that can be selected from and more can be installed from other modules that extend the options.

A captcha is a challenge-response test most often placed within web forms to determine whether the user is human. Captcha module which allows you to present the user with a captcha challenge to prove they are not a bot. The purpose of Captcha is to block form submissions by spambots, which are automated scripts that post spam content everywhere they can.

In our experience, captcha can be somewhat helpful in minimizing spam but can also aggravate your users who have a hard time figuring out the challenge. We prefer to use other methods that work silently behind the scenes without giving your users more work to do before they can submit the form. The captcha provides this feature to virtually any user facing web form on a Drupal site.

Custom Hooks

Another option for minimizing form spam is to create your own form validation function.

If you are creating your own forms using Drupal’s Form API then you can simply add your own validation function.

If you’re using a built-in form of any other type then you can use HOOK_form_alter() to add your own validation callback to an existing form.