Spam Detection
Catch burst-posters by counting how many messages a user sends inside a rolling time window. The classic message-rate velocity trigger.
Open AutoMod →Spam Detection fires when a single user posts too many messages within a short rolling window, across all channels in the guild. It is the baseline volumetric trigger every server should ship with.
What is this?
A rule that counts how many messages a single user sends across the whole server inside a rolling time window. Defaults to 5 messages in 10 seconds. When the count goes over, the rule fires.
Why you might want it
For the user who joined and pasted the same message in six channels in thirty seconds, and the compromised account that drops a full payload before a mod sees it. The defaults catch almost every burst-poster without bothering normal chatters. Pair with a short mute so the user has to take a breath before they can spam again.
(guild_id, user_id). Counts messages across every channel in the guild.window_seconds is strictly greater than max_messages.Why use this rule?
- Stops burst-posters flooding a channel with many short messages in seconds.
- Catches simple flood raids where a single account spams nonsense to push real conversation off-screen.
- Limits compromised accounts before they can drop a full payload.
- Works without a word list — the abuse pattern is volume, not content.
What it detects
One user sending more than max_messages messages in the last window_seconds. The count is taken at the guild level — messages across different channels in the same server all feed the same buffer. With the defaults (max_messages = 5, window_seconds = 5), the 6th message inside a 5-second window is the one that trips the rule.
6 msgs in 5s. Action: mute 5 min.What it does NOT detect
- Cross-guild spam — buffers are keyed per
(guild_id, user_id), so a user spamming in two different servers has two independent counters. - Distributed spam from multiple accounts — each account has its own buffer. A coordinated raid with one message per account looks normal to this trigger.
- Bot and webhook messages — they are skipped before reaching the evaluator.
- Spam that survives a bot restart — the buffer is in-memory only and resets on process start.
- Message content — this trigger does not care what was posted, only how fast.
Configuration
| Field | Type | Default | What it means |
|---|---|---|---|
| max_messages | integer | 5 | Fires when a user sends more than this many messages inside the window. A value of 5 means the 6th message trips the rule. |
| window_seconds | integer | 5 | Rolling window length in seconds. Only timestamps newer than now - window_seconds are counted. |
Recommended starter settings
A safe baseline for most community chat servers:
{
"max_messages": 5,
"window_seconds": 5
}Pair with the Mute action and a 5-minute duration, and set per_user_cooldown_seconds to 60 on the rule to avoid chain-muting the same user on every subsequent burst inside the cooldown.
Common false positives
- Quick back-and-forth banter — an active user can easily hit 5 messages in 5 seconds during a heated discussion.
- Lists posted one message at a time instead of in a single block.
- Bot-command spam where the user issues several commands in a row and the bot replies in between.
- Typo corrections: the user posts, sees the mistake, posts again, then a third correction.
How to test this rule safely
Set the rule to Log Only
Log Only records matches without muting or banning anyone. It is the right starting point for every AutoMod rule.
Lower the threshold for testing
Temporarily set max_messages to 3 and window_seconds to 5.
Send 5 messages inside 5 seconds
In a private test channel, send five short messages as fast as you can. The Event Log dashboard should show exactly one entry — after the 4th message, which is the first one strictly greater than max_messages = 3. Matched pattern reads "4 msgs in 5s".
Confirm a slower burst does NOT fire
Wait 10 seconds to let the window roll. Post one more message. No Event Log entry should appear — the buffer has cleared.
Flip to Live
Restore your real thresholds and switch the rule from Log Only to Live.
Known current behavior
- Current behavior: the threshold uses a strict greater-than comparison. Setting
max_messages = 5means the 6th message in the window fires; five does not. - Current behavior: the spam buffer is shared across every
spam_detectionrule in a guild. One deque per(guild_id, user_id)pair backs all such rules. If two spam_detection rules exist with different window sizes, the first one to execute sets the deque's maximum length, and all rules read from the same list of timestamps afterwards. - Current behavior: the rule cache has a 60-second TTL. Configuration changes saved in the dashboard can take up to a minute to propagate to the bot.
- Current behavior: counting is timing-based, not content-based. A user posting several short on-topic replies in quick succession will trip the rule exactly the same way a flood raider would.
- Current behavior: the spam buffer is in-memory only. A bot restart clears the counters — fresh windows start from zero after a deploy.
- Current behavior: allowlist words do not apply. Spam Detection is volumetric, so the rule's
allowlist_wordslist is ignored for the count. A spammer cannot neutralise the rule by sprinkling allowlisted fragments into their bursts. - Current behavior: exempt users do not contribute to the buffer at all. Their messages are skipped before the timestamp is recorded, so they cannot accidentally drag a non-exempt user closer to the threshold either.
Action reference
The most common pairing is Mute (Discord timeout) in the 5–10 minute range — short enough to be proportionate to a single burst, long enough to stop the flood. Combine with per_user_cooldown_seconds on the rule so the same user does not get re-muted for every additional burst inside the cooldown window.
action_config field.