How We Cut Spam by 75% with Abstract API, Fail2Ban & ModSecurity

Tired of spam cluttering your inbox and wasting your resources? So were we. From dodgy sign-ups to fake comments, spam was a constant nuisance. One of the biggest challenges businesses face online is dealing with spam—whether it's in contact forms, comment sections, or sign-up pages. Spam not only clutters your inbox but also exposes your site to potential security risks.

But we tackled the problem head-on, and here’s how we did it by integrating AbstractAPI Email Validation API .

Stage 1: Cutting Spam with Real-Time Email Validation

Spam often originates from fake or disposable email addresses. To stop these in their tracks, we integrated AbstractAPI’s Email Validation Service.

Why Email Validation Works

By validating emails in real-time, we ensure only legitimate users with real email addresses are allowed through our forms. AbstractAPI checks if the email is syntactically correct, verifies the domain, and even checks if an email is valid, active, and not disposable.

Our Approach: Real-Time Filtering

  • Initial Email Validation: Every email submitted is sent to AbstractAPI for validation.
  • Blocking Fake Emails: Invalid emails are immediately blocked.
  • Monitoring API Usage: We ensured efficiency and cost-effectiveness.

Development Team's Research & Suggestions

  • Combining IP and Email Validation: Using CleanTalk’s anti-spam block list.
  • Threshold-Based Filtering: Applying spam rate thresholds before email validation.
  • Rate Limiting & Caching: Reducing excessive API calls and improving efficiency.

Results: A Clear Decline in Spam

Before using AbstractAPI, our site faced nearly 500 spam submissions per day. As shown in the chart below, after integrating AbstractAPI and implementing additional security layers, spam was reduced to around 100 submissions per day. This drastic drop demonstrates the power of real-time email validation in cutting down spam

 

 

Why We Chose AbstractAPI

AbstractAPI offers an affordable pricing structure with flexible plans:

  • Starter Plan: 10,000 API calls/month for $19/month.
  • Basic Plan: 25,000 API calls/month for $39/month.
  • Standard Plan: 50,000 API calls/month for $69/month.
  • Business Plan: 100,000 API calls/month for $99/month.

Each plan comes with domain whitelisting, different request limits per second, and multiple API keys for advanced integration.

By choosing AbstractAPI, we were able to significantly improve our spam filtering without incurring high costs upfront. This made it a cost-effective and scalable solution that integrated seamlessly with our existing system.

Integrating AbstractAPI with Other Tools

To further refine our spam prevention strategy, we also plan to integrate anti-spam block lists. This combination will allow us to filter out known malicious IPs and perform deeper email checks only when necessary, reducing API calls and costs.

By combining these two tools, we are creating a multi-layered defense against spam, ensuring that only genuine users interact with our platform.

Stage 2: Enhancing Security with Fail2Ban and ModSecurity

While real-time email validation significantly reduced spam, we took our security measures even further by fine-tuning Fail2Ban and ModSecurity. These two powerful security tools allowed us to block malicious traffic, prevent brute-force attacks, and filter out unwanted spam requests at the server level.

Why We Chose Fail2Ban & ModSecurity for Spam Prevention

1. Blocking Spam Bots & Malicious IPs with Fail2Ban

Fail2Ban is an intrusion prevention system that automatically bans IP addresses exhibiting suspicious activity—like excessive failed login attempts or spam form submissions. Since many spam attacks originate from the same bad IP ranges, Fail2Ban helped us block these threats dynamically without manual intervention.

2. Stopping Malicious Requests with ModSecurity

ModSecurity is a Web Application Firewall (WAF) that monitors and filters HTTP traffic. We configured it to detect common spam patterns, such as bots trying to post junk content, probing for vulnerabilities, or accessing non-existent files (404 attacks).

By combining Fail2Ban’s dynamic IP blocking with ModSecurity’s request filtering, we established a robust, multi-layered defense against spam.

 

Fine-Tuning Fail2Ban for Spam Filtering

To maximize Fail2Ban’s efficiency, we implemented custom jails and rules to specifically target spam bots.

Step 1: Creating a Jail for Spam IPs

Fail2Ban uses "jails", which define what logs to monitor and when to trigger a ban. Since most spam activity occurs via our contact forms, we created a Fail2Ban jail to detect POST requests from suspicious IPs.

Configuration (/etc/fail2ban/jail.local)

[apache-spam]

enabled = true

filter = apache-spam

logpath = /var/log/apache2/access.log

maxretry = 3

bantime = 86400

findtime = 3600

  • maxretry = 3 → If an IP submits 3 spammy form requests, it gets banned.
  • bantime = 86400 → The IP is banned for 24 hours.
  • findtime = 3600 → The 3 failed attempts must occur within 1 hour to trigger a ban.

Step 2: Writing a Custom Spam Filter for Fail2Ban

Next, we defined what Fail2Ban should consider a spam request. This includes repeated POST requests to /contact-form or known malicious user-agents.

Filter (/etc/fail2ban/filter.d/apache-spam.conf)


[Definition]

failregex = <HOST> .*POST.* /(contact-form|comment) HTTP/1.1"

ignoreregex =

  • failregex → Matches IPs sending POST requests to spam-prone pages.
  • ignoreregex → Prevents legitimate users from being falsely flagged.

After setting this up, we restarted Fail2Ban:

sudo systemctl restart fail2ban

 

With this filter in place, any bot trying to spam our forms multiple times is automatically blocked at the firewall level.

Fine-Tuning ModSecurity to Block Spam Requests

ModSecurity works as a server-side firewall that monitors HTTP requests and blocks spam traffic before it even reaches our application.

Step 1: Enabling ModSecurity on Apache/Nginx

To ensure that ModSecurity is filtering web requests correctly, we checked if it was active:

sudo apachectl -M | grep security  # For Apache

sudo nginx -V 2>&1 | grep modsecurity  # For Nginx

If ModSecurity was not enabled, we installed it:

 

sudo apt install libapache2-mod-security2 -y  # Apache

sudo apt install libnginx-mod-http-modsecurity -y  # Nginx


 

Step 2: Adjusting ModSecurity Rules to Reduce Spam

We configured ModSecurity to block: Suspicious POST requests
Fake user-agents (bots pretending to be browsers)

Repeated form submissions

Blocking Suspicious Spam Requests (/etc/modsecurity/crs-setup.conf)

 

SecRule REQUEST_METHOD "POST" "id:10001,phase:1,deny,status:403,msg:'Spam detected'"

 

Blocking Known Spam Bots (/usr/share/modsecurity-crs/rules/custom-spam-rules.conf)

 

SecRule REQUEST_HEADERS:User-Agent "@pmFromFile /etc/modsecurity/spam-bots.txt" \

    "id:10002,phase:1,deny,status:403,msg:'Known spam bot blocked'"

 

We then added a list of known spam bot user-agents in /etc/modsecurity/spam-bots.txt:

AhrefsBot

Baiduspider

DotBot

MJ12bot

 

To apply changes, we restarted the web server:

sudo systemctl restart apache2


     

Fail2Ban’s Impact on API Usage

February 5th – Fail2Ban Implemented

  • Before February 5th, our API usage hovered around 400 requests per day due to repeated spam form submissions.
  • Once Fail2Ban was activated, it started blocking known malicious IPs, preventing them from making requests.

As a result, API usage dropped significantly to 277 calls on February 5th, showing that many spam attempts never reached our validation system.

Key Takeaways from Fail2Ban:

  • Fewer bot requests reaching the application layer.
  • Lower server load due to blocked repeat offenders
  • .Cost savings on API calls by rejecting spam before validation

ModSecurity’s Impact on API Usage

February 16th – ModSecurity Fully Configured

  • After implementing Fail2Ban, there were still persistent low-level spam attempts reaching our forms.
  • By enabling ModSecurity’s custom rules, we filtered out malicious patterns directly at the WAF level before they could even make an API request.

API usage dropped even further from 227 calls on February 16th to nearly 100 requests per day by the end of the month.

Final Results: A 75% Drop in Spam

  • Before: ~500 spam-related API calls per day.
  • After Fail2Ban: ~277 calls per day.
  • After ModSecurity: ~100 calls per day.

By combining real-time email validation, Fail2Ban, and ModSecurity, we’ve created a multi-layered spam defence system that’s both effective and efficient.

What’s Next? AI and Honeypots

  • AI-Based Detection: Spotting emerging spam trends.
  • Honeypots: Tricking bots into revealing themselves.

Stay tuned as we continue to refine our strategy and share more tips to keep your site spam-free.

The Takeaway

By combining real-time email validation, IP filtering, and robust server-side tools, we’ve created a strong, scalable, and cost-effective spam prevention strategy. Spam doesn’t stand a chance—neither should your business.