Blocking 99% of Spam for a 4,500+ Member Discord Server
A French-speaking Discord community of over 4,500 members had been dealing with recurring waves of spam from compromised and bot accounts - crypto scam pitches, fake get-rich-quick schemes, Discord invites to NSFW scam servers, and a more recent wave of image spam designed to exploit Discord’s auto-embed behavior. Their moderation team had an established workflow and clear standards, and needed a solution that would integrate with that rather than replace it.
The Spam Problem
Several types of spam dominated. The most common was text-based: accounts posting variations of the same scam template across multiple channels - typically offering to teach people to earn $100k in a week in exchange for 10% of profits, with a Telegram handle or phone number to contact. A related variant dropped Discord invite links to NSFW scam servers, which was particularly disruptive in a community that isn’t adult-only.

The second type was subtler and harder to catch with conventional tools. Accounts would post sequences of image URLs with no text at all. Because Discord auto-embeds any image link regardless of where it’s hosted, these would render directly in the channel: fake screenshots of celebrities on X/Twitter promoting crypto casinos, complete with fabricated follower counts and pinned posts. No keywords to catch, no suspicious external domain to blocklist.

The third variant used direct file uploads. Rather than linking to an image, accounts would attach the scam images directly to their message - the same fake celebrity endorsements, now bypassing any link-based detection entirely.

The content across all three variants was often the same: fabricated endorsements from public figures directing users to crypto gambling sites, paired with fake withdrawal confirmation screens to add credibility.
Detection Architecture
The system doesn’t rely on a single detection method. It combines behavioral signals at the account and message level, evaluated in real time against a Redis cache.
Behavioral heuristics are the core of the system. Rather than asking “does this message look like spam?”, the system primarily asks “does this pattern of activity look like spam?” The key signals include:
- Message velocity and channel spread: the number of messages sent relative to how many distinct channels they appear in. Five messages across four channels is treated as more suspicious than six messages across two - a spammer targeting as many channels as possible leaves a different footprint than an active user staying in one conversation.
- Prior interaction: whether the account has meaningfully participated in the server before. Accounts posting high-velocity content with no prior engagement are weighted more heavily.
- Link behavior: whether links in a message resolve to an image, which is exactly the mechanism image URL spam exploits.
- Attachment signals: the number and size of file attachments in a message.
When a combination of these signals crosses a threshold, the account is automatically timed out and a moderation report is generated. Crucially, because detection is primarily behavioral rather than content-based, the system doesn’t need to match message text or recognize image content - it catches the pattern of activity regardless of what the message actually contains.
Redis backs the rate tracking and fingerprint cache, keeping detection latency low enough to act before a spam wave propagates across channels.
Moderator-Defined Rules
The heuristic engine is dynamic. Moderators can define their own pattern rules using a simplified regex-based syntax, letting them encode knowledge about their specific community - recurring scam formats, known bad actors, content patterns that only make sense in their context. The system improves over time without requiring code changes, and moderators stay in control of what gets flagged.
Discord Automod Integration
The server already used Discord’s native Automod system. Rather than run in parallel and create a fragmented audit trail, our bot integrates directly with Automod: when Automod takes an action, the bot generates a moderation report for it in exactly the same format as reports from our own detections. Every moderation action - whether triggered by Automod, our heuristics, or a moderator-defined rule - appears in the log channel in a consistent, reviewable format that matches what staff have always used.
Results
Within 48 hours of deployment, spam incidents dropped by over 99%. The moderation team’s workflow remained intact - the logs looked the same, the review process worked the same, and staff could verify or override any automated action without adapting to a new system.
NiceBots builds custom Discord tooling. Reach out at hello@nicebots.xyz or join our Discord.
