Drupal is a registered trademark of Dries Buytaert
cms 2.1.3 Update released for Drupal core (2.1.3)! drupal 10.5.11 Update released for Drupal core (10.5.11)! drupal 11.3.11 Update released for Drupal core (11.3.11)! drupal 11.2.13 Update released for Drupal core (11.2.13)! drupal 10.6.10 Update released for Drupal core (10.6.10)! cms 2.1.2 Update released for Drupal core (2.1.2)! drupal 11.1.10 Update released for Drupal core (11.1.10)! drupal 10.5.10 Update released for Drupal core (10.5.10)! drupal 10.4.10 Update released for Drupal core (10.4.10)! drupal 11.2.12 Update released for Drupal core (11.2.12)! drupal 11.3.10 Update released for Drupal core (11.3.10)! drupal 10.6.9 Update released for Drupal core (10.6.9)! drupal 10.6.8 Update released for Drupal core (10.6.8)! drupal 11.3.9 Update released for Drupal core (11.3.9)! drupal 11.3.8 Update released for Drupal core (11.3.8)! drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)!
← All modules

nobotiq_spam_protection

6 sites Security covered
View on drupal.org

The module sends submitted text and email addresses to the NoBotIQ AI engine in real time and blocks the request if spam is detected, before it ever reaches your inbox or database.

Features

NoBotIQ Spam Protection provides AI-powered spam filtering for Drupal sites of any size:

- Contact form protection — checks submitted messages against the NoBotIQ API and blocks delivery if spam is detected
- Email verification — detects disposable, temporary, and spam-trap email addresses at registration or form submission
- Text spam detection — analyzes the title and body of any submitted content (comments, webform submissions, registrations) for spam patterns
- Hybrid check — simultaneously validates both email and text content in a single API call for maximum efficiency
- No CAPTCHA needed — protection runs invisibly in the background, keeping UX smooth for legitimate users
- Token-based billing — credits are consumed per API call based on text length; unused credits never expire
- Configurable responses — choose to silently block, show a validation error, or log spam attempts

Ideal for any Drupal site with user-generated content: community platforms, marketplaces, membership sites, HR portals, contact-heavy business sites, and SaaS products.

Post-Installation

After enabling the module, navigate to Configuration → Web services → NoBotIQ Spam Protection (/admin/config/services/spam-protection) to complete setup:

1. Register a free account at nobotiq.com — you receive 3,000 free credits on sign-up, no credit card required.
2. Copy your API credentials (Client ID, Client Secret, and your account username/password) from the API Documentation page inside your NoBotIQ account.
3. Paste the credentials into the module configuration form and save.
4. Select which forms to protect — contact forms, comment forms, user registration, or custom webforms.
5. Choose check types per form: email-only, text-only, or hybrid (email + text combined).

Once configured, the module operates silently. Spam submissions are blocked before processing; legitimate submissions pass through without any friction.

Additional Requirements

- Drupal 10 or 11
- A free or paid NoBotIQ account at nobotiq.com (includes 3,000 free credits on registration)
- PHP `curl` extension (standard on most hosting environments)
- Outbound HTTPS access to `nobotiq.com` from your server

No additional Drupal contrib modules are required.

Recommended modules/libraries

- Webform — NoBotIQ protection can be extended to custom Webform elements for full-site coverage
- Honeypot — can be used alongside NoBotIQ as a first-pass bot filter before API credits are consumed
- Flood Control — rate-limiting as a complementary layer against brute-force submissions

Similar projects

- Antispam (Mollom) — Mollom service has been discontinued; no longer actively maintained
- Akismet — focused primarily on comment spam; requires a WordPress.com account; no hybrid email+text check in a single call
- CleanTalk — subscription-based with a fixed monthly fee regardless of usage; NoBotIQ uses pay-as-you-go credits with no monthly commitment
- Honeypot — bot detection only via hidden fields; no AI-based content analysis; works well as a complement to NoBotIQ
- CAPTCHA — requires active user interaction; degrades UX and accessibility; NoBotIQ works invisibly in the background

What makes NoBotIQ different:

AI-based content analysis (not just pattern matching), hybrid email+text checks in one request, no CAPTCHA friction, pay-as-you-go pricing with no subscription, and credits that never expire.

Supporting this Module

The best way to support continued development of this module is to use and top up your NoBotIQ account. You can also place a backlink to NoBotIQ on your site to receive discounted credit pricing — see the FAQ on nobotiq.com/faq for details.

For bug reports and feature requests, please use the issue queue on this project page.

Community Documentation

- Full API reference: nobotiq.com/api-docs *(requires free registration)*
- Pricing and credits: nobotiq.com/pricing
- FAQ: nobotiq.com/faq
- Support email: [email protected]

Activity

Total releases
10
First release
Mar 2026
Latest release
1 week ago
Release cadence
9 days
Stability
90% stable

Release Timeline

Releases

Version Type Release date
1.0.8 Stable Jun 4, 2026
1.0.7 Stable Jun 4, 2026
1.0.6 Stable May 20, 2026
1.0.5 Stable May 19, 2026
1.0.4 Stable May 19, 2026
1.0.3 Stable Mar 30, 2026
1.0.2 Stable Mar 25, 2026
1.0.1 Stable Mar 20, 2026
1.0.0 Stable Mar 18, 2026
1.0.x-dev Dev Mar 11, 2026