By Lynn Beighley, Seamus Bellamy

If you find that, in spite of using the CAPTCHA module, you still have spam on your Drupal site, Mollom is your best bet. Mollom is more than a module; it’s also web service. knows how to detect spam from a variety of sources.

When a new comment is entered on your site, checks it to see if it’s spam. If Mollom thinks it may be, the user who entered it is shown a CAPTCHA.

Fortunately, you don’t have to do anything. Your Drupal software, thanks to the Mollom module, automatically sends the user information to the server, checks for spam, and then, if the CAPTCHA challenge is not passed, the comment never even reaches your website. It’s estimated that Mollom blocks up to 99.7 percent of all spam messages.

One of the great things about Mollom is that users don’t see the CAPTCHA unless they are suspected of creating spam. This means that most legitimate users don’t have to go through the trouble of answering a CAPTCHA. A recent study showed that a significant number of users will not bother filling out a CAPTCHA, and they don’t end up writing their comments on your site.

That’s great news if you’re an isolationist, but it’s lousy if you want to build a sense of community and inclusion for your site’s visitors.

For all its sophistication, Mollom is relatively simple:

  1. Browse to and set up an account there.

    You’re walked through a process in which a Public key and Private key are created for your site.

  2. From your Dashboard menu bar, choose Configure→Content Authoring→Mollom.

  3. Enter the Public and Private keys from the Mollom site in the Public Key and Private Key text boxes.

  4. Click Save Configuration.


That’s all there is to it. Each time you browse back to Administer→Site Configuration→Mollom, you see a report of spam that Mollom has stopped. This same location can be visited to select which forms on your site are protected by the module.

Mollom has another nifty feature. Suppose you have a spammy comment on your site. With Mollom installed, every time you delete content, you are presented with a form that asks you if you want to report the content to Mollom as spam.

This is part of how Mollom keeps its data up to date and is able to detect new types of spam. You can even classify what kind of spam it is (for example, violent content, taunting, or simply unsolicited advertising). Reporting the content is optional, which is good because sometimes you delete comments that are not spam.