© 2022 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Denis Shagimuratov, CleanTalk: “spam should not be an issue of website visitors”


Spam can be an annoying inconvenience, but even more so - lengthy and often faulty verification processes that prevent users from effortlessly entering a website. But it shouldn’t be the users’ responsibility to prevent spam messages in the first place.

Spam can be a serious issue for website owners, as it often includes malicious links and lowers Google ranks. However, dealing with it can be a serious headache, requiring either a dedicated team or complex verification methods. Websites should adopt comprehensive and user-friendly spam-protection solutions to ensure their SEO rankings, as well as the security of their visitors, are not affected. CleanTalk provides anti-spam tools for websites, leaving CAPTCHAs and verification puzzles behind.

Denis Shagimuratov, Founder and CEO at CleanTalk, shared with us why CAPTCHA is an outdated solution to identifying human visitors and discussed alternative anti-spam solutions offered by CleanTalk.

Tell us a little bit about what you do. How did the idea of CleanTalk originate?

We protect websites from spam signups, comments, orders, contact messages. The idea was born in 2011. Denis Shagimuratov, one of the authors of the project, created his first version of CleanTalk in order to protect the websites of his friends from spam. Since existing solutions were not able to solve all needed tasks, the main concept of the cloud solution of protection from spam was created. The idea was in offering a solution that will work unnoticeably for all kinds of website visitors, will have a central spam filtration database (which will allow change/add new filters and conditions without needing to update the plugin on websites,) and will offer logging of functioning of the spam filtration system. To meet these conditions and avoid loading hosting servers of users with the anti-spam data, our choice was made in favor of a cloud model.

As a result, I made a decision to publish CleanTalk while understanding that effective protection from spam requires constant improvement, and if I put the project on the commercial level, then I have good chances for a long-term solution website owners can rely on.

How can excessive spamming cause serious issues for one’s website?

Spam is not just annoying advertising messages and notifications in your email inbox. Spam on websites can be very dangerous. Spammers can use their comments to improve the SEO of their resources and ads. However, there might be even more dangerous cases. They can post a harmless comment or recommendation and leave a link to some phishing websites or websites infected with a virus. So the danger might be for the future visitors who click the spam links, and then their accounts might become infected, potentially leading to blackmailing or stolen payment credentials. The presence of such links on websites may lead to fines and penalties from search engines, or websites could be removed from search results.

Moreover, social engineering might be used in messages from contact forms to achieve someone's goals, including getting access to companies' infrastructure. Therefore, protection from spam is one of the tools that websites are required to have.

You often stress that reCAPTCHA is a flawed safety measure. What does this technology lack when compared to other available options?

It concerns not only reCAPTCHA but any other type of CAPTCHA or other solutions that oblige visitors to prove that they are real humans. We stick to our position that spam is not an issue of website visitors, they don't have to prove anything. Their user experience has to be comfortable, and the anti-spam has to be unnoticeable.

The next issue is a chance of failure in CAPTCHA’s decisions. It's quite annoying when you fill out all form fields, and you are sure that everything is correct, and then suddenly an error pops up. That means a visitor has to be very attentive. It really distracts from the initial reason for coming to the website, and often such errors are the cause of refusing to continue doing something on the website. Visitors might choose to leave the website without signing up or without posting their comments. I believe everyone faced these issues and not just once.

The next important moment is that users who solve CAPTCHAs are basically working for free for the owner of the human verification service. Earlier, users were helping in digitizing books, and now they help solve other tasks for free for the projects of a Freemium type or help improve Artificial Intelligence.

Did you notice any new spamming techniques emerge as a result of the COVID-19 pandemic?

I can’t say for certain if there were any changes because of the COVID-19 pandemic. We did not notice anything unusual, and the number of spam links has not risen too much. A few years ago, we spotted a trend that a release of mass or popular products led to a higher than the usual number of spam attacks. For instance, the release of the new version of iPhone caused that for a few months, now such behavior has stopped. There are seasonal waves in the spam attack numbers. They get lower in summer, higher in fall, and correspondingly get lower again in spring. We connect it with business activity in general in these periods.

What are the most common security mistakes you notice new website owners make?

Users without experience in working with websites often take spam as real visitors. Do not expect that your recently launched website will have signups and comments right away. A lot of spam mimic neutral or praising comments like these ones from our own website:

"Usually, I do not read post on blogs, but I wish to say that this write-up very forced me to try and do it! Your writing style has been amaze..."

"My spouse and I absolutely love your blog and find almost all of your post's to be just what I'm looking for. can you offer guest writers to..."

Of course, it might be pleasant to get complimentary reviews, but it was actually spam that was sent to hundreds of other websites and contained a link to another suspicious website.

One more general recommendation for all users: do not post your personal email address and phone number in public places. Personal data may go to spammers and will be used for spam mailing without your consent.

What are spammers usually trying to gain by posting their messages repeatedly across various outlets? Are there different types of spammers?

I think, mainly, it should be a promotion of their websites or websites of their clients in the search engine results. It’s the so-called “BlackSEO.” Moreover, a posted link on a million websites might bring not a significant but still desirable number of clicks, and on the scale of millions of links, the overall profit might be thousands of visits from the posted link. The goals of the spammers may not be only SEO rankings, but redirecting users to a fraud page or a malware page for stealing data.

The next step is using spam in fraud, hacking websites, and spreading viruses.

Another type of spams is being used to promote any goods or services. Competition is very high, and it's very hard to get clients if you are not on the first page of the search results. If you created a service, the biggest problem is finding your clients. That means the cost of entering the market is rather big, and expenses on advertisement are rather sizable for the budget. Thus, some companies choose to mail spam to advertise their services and goods. Even the spammers themselves offer their services to website owners to mail spam.

In your opinion, which industries are the most vulnerable to cyberattacks? What features make their websites an easy target?

It's not that important, as spammers do their job using their own lists of websites. The more popular a website is, the more often it is being updated, the more often it gets included in different spam lists. Some spambots are tuned to send spam to standard URLs, for example, to a contact form www.example.com/contact or to collect website addresses from the search results. The spam lists might be categorized by topics, as well as by certain CMS.

While for a small personal blog, spam is not that important because it's not that big of a deal to delete missed spam there, but for big and commercial websites, it might be a real headache. All posts would have to be filtered from spam manually to get valid data of real visitors, and moderators need to be hired too if your sales department has to delete spam and wade through real orders and requests. Additionally, fines and penalties from the search engines might happen. The end result of all this is wasting time and money.

Besides implementing spam protection, what other security measures do you consider essential for websites nowadays?

There are general recommendations to keep your security levels high.

  • Installing an SSL Certificate is a must. Firstly, it affects SEO parameters. Secondly, it protects transferring data between your website and your visitors, and points out that your website is genuine.
  • Web Application Firewall lowers the possible chances of your website being hacked, SQL/XSS injections, and of your software being exploited.
  • Protection from brute-force attacks. It helps to keep your accounts safe from an exhaustive key search.
  • Strengthen your FTP and your hosting panel passwords. Even when your hosting provider has its own protection, password searching by hackers happens for FTP accounts, too, so it’s a good practice to make your FTP passwords longer and more sophisticated.
  • If possible, set up two-factor authentication. It almost completely eliminates the chances for cybercriminals to access your accounts. Always use this feature if it is available to you.
  • Keep your plugins, PHP versions, and other software up to date. Install recommended and stable releases of the software you use. Outdated versions might have vulnerabilities that could be used for malicious activity.

Tell us, what’s next for CleanTalk?

We develop anti-spam protection not only from spambots but from real human spam. There is spam that is being sent not by bots but by real people, and it is rather tricky to catch. In this case, the anti-spam system decisions based on CAPTCHA's decisions are useless. CleanTalk partially blocks manual spam and offers a few features for webmasters, such as email address validation and the Stop-Word feature. We plan to improve the technology of automatic manual spam detection. Also, we plan to apply protection of email addresses and phone numbers that were posted on public pages to our Security Service from bots that do public data gathering.

Leave a Reply

Your email address will not be published. Required fields are marked