Spam can be defined as the sending of unrequested messages to a large number of recipients. This is a constant problem in email communication, text messages, and phone robocalls; most adults are familiar with the constant stream of unwanted sales offers, election messages, scam attempts, and other messages that have become part of modern society.
However, spam is also a problem in web security—specifically, comment spam. This can harm the websites to which it is submitted.
Sites that accept user-submitted content (posts, reviews, etc.) are usually assailed by bots leaving spam comments and links. Sites that become polluted with spam are penalized by search engines, so the sites will appear lower in the search engine rankings. This reduces incoming traffic. Also, as the site’s customers and users notice the spam, its reputation will be damaged. For both reasons, the site’s user base will decline over time.
Some commercial site platforms offer protection against spam with built-in or add-on modules. However, this protection often relies on increasingly obsolete techniques such as CAPTCHA.
Also, even if this filtering works, it only means that the spam does not appear to legitimate site visitors. But the spam bots still harm the site, since the incoming spam content consumes bandwidth, requires compute resources to process, and also requires a potentially costly subscription to the spam-protection service.
Accepting spam content and then attempting to filter it is a partial solution at best. The best approach is to block incoming traffic from spambots so that their requests never even reach the targeted site. This requires a web security solution that intercepts incoming traffic before it reaches the targeted site, scrubs it, and only allows legitimate traffic to pass through.