Skip to content

Reducing the Number of Emails Sent by Antispam Bee

  • by

Just the ones I’m interested in please (basically none)

Background

In the process of tweaking a thing or two behind the scenes, I changed how spam was being handled. I now use the very functional Antispam Bee (or ASB, if you’re short on time but long on initialisms):

(interestingly, a other pages outrank ASB’s own homepage; I had to find the WP plugin page from ASB’s GitHub†)

ASB has been working well enough in detecting spam; but it’s also been real noisy on the email front:

Gmail apparently caps those threads at 100. As you can see from the screenshot, there’s at least one unread email in that century of notifications. The were just too many, and the traffic on this blog is basically zero, considering this is a world where six-second footage of someone doing a dance gets tens of millions of views, or so I’m told.

Spambots have no discretion and mercy:

Quietening ASB by Not Sending Some Emails

I haven’t run the numbers yet, but spam tends to be a mix of things with a couple of strong themes. Without wanting to mention the content directly lest I inadvertently give the spammers a platform, a few frequent offenders were:

  1. a kind of book or document you would need if a domestic device was malfuncitoning
  2. a place, traditionally a building where people spend money with the chance to win more and where you might take in a show
  3. alternative forms of monetary exchange

Some more recent ones include:

  1. a supposed preview of the much-anticipated sequel to a very popular game which has been released across several generations of consoles and PC
  2. access to a popular suite of tools that you now need to rent access to instead of a one-off purchase

The actual goal here is to not see emails for obvious, barn door, unmistakable true positive spam. I definitely do want to see emails for actual useful comments held in moderation. For that we can leverage the “disallowed list” (formerly the comment blacklist).

I wonder about running things through the disallowlist before ASB- my gut says a simple disallowlist lookup might be quicker than the various levels of ASB; but on the other hand most spam falls straight into the honeypot by filling out a field that is hidden to humans, so it is probably an early exit there. In any case, ASB hooks the comment cycle earlier than the disallowlist check. Really, it’s maybe worth benchmarking the two approaches- though I suspect for a low-traffic blog like this the result is a wash. Larger sites on the medium scale might benefit. Massive sites probably need a very well tuned approach, if they haven’t simply disabled commenting completely or farmed it out to the likes of Akismet or others.

Since ASB hooks earlier than native WP checks, my first thought was to write a small plugin to check the disallowlist first and nuke the comment if so. I asked in #wordpress, and tex suggested:

2025-07-28 14:09:54	tex	https://github.com/pluginkollektiv/antispam-bee/wiki/en-Hooks
2025-07-28 14:09:59	tex	antispam_bee_notification_recipients
2025-07-28 14:10:06	tex	that it?
2025-07-28 14:10:16	bertieb	(1) comment caught with spamsite.xyz [on blocklist] → no email from ASB; (2) comment caught with no blacklisted site → email
2025-07-28 14:10:18	bertieb	lemme check
2025-07-28 14:11:56	bertieb	so I could hook that filter to remove a recipient if the comment body matches the discussion blacklist; but keep admin email if not?
2025-07-28 14:12:16	tex	seems reasonable assessment
2025-07-28 14:12:17	bertieb	s/a/the/
2025-07-28 14:12:40	bertieb	okay cool, I could look at doing it that way
2025-07-28 14:13:06	tex	alternatively you can hook into pre_/wp_mail and devnull it before it's sent out
2025-07-28 14:13:13	bertieb	sure
2025-07-28 14:13:26	tex	https://developer.wordpress.org/reference/hooks/pre_wp_mail/ https://developer.wordpress.org/reference/hooks/pre_wp_mail/https://developer.wordpress.org/reference/hooks/wp_mail/

Nullrouting the email instead.

The Quick Hack

In the end when I came to implement it, I split the difference: added a check to send_mail_notifications():

        // skip email notif if the comment is in the disallowlist
        if ( wp_check_comment_disallowed_list(
            $comment['comment_author'],
            $comment['comment_author_email'],
            $comment['comment_author_url'],
            $comment['comment_content'],
            $comment['comment_author_IP'],
            $comment['comment_agent']
        ) ) {
            // debug log an "error" noting this so I can see if it happens in log
            error_log( sprintf( 'Antispam Bee: Skipping email notification for comment ID %d as it is in the disallowlist.', $id ) );
            return $id;
        }

As you can see I added a little debug print to the error log. This was important for a couple of reasons. Firstly, I typo/thinko’d the WP function wp_check_comment_disallowed_list() as wp_check_comment_disallowed() causing a fatal error (whoops). I also managed to invert the logic- in my head it was a check of the comment, ie allowed → true, disallowed → false. I blame complete unfamiliarity with the API and a bit of carelessness. But by checking the log I could catch that:

I could also check that the plugin was functioning as expected:

So it works, and I can remove that set of training wheels.

Next on the wishlist: integrating ASB with the digest plugin…


†: surely a couple links from this titan of a website will boost the sites in the ol’ search rankings‡

‡: “the ol’ search rankings” is how true SEO gurus• refer to them

•: they also use multiple nested footnotes with characters chosen in Unicode sequence‣

‣: this one’s code point 0x2023 ^_^

Leave a Reply

Your email address will not be published. Required fields are marked *

Discover more from Rob's Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading