Akismet is a popular spam filtering service originally developed for WordPress. Akismet has AIPs which can be accessed from programming languages such as Python. In this article, we will see how to integrate Akismet with Django.

Setup

We will be using the akismet python package to connect to Akismet APIs. You can install it from PyPI using pip.

pip install akismet

You will also need an API key from Akismet. Create an account in Akismet and get your API. It is free for non-commercial use.

Once you have your API key, you should include that in your settings file.

AKISMET_API_KEY = "put your key here"

AKISMET_BLOG_URL = "put your blog URL here"

Identifying Spam Comments and Contact Form Submissions

Akismet provides a check_comment method which accepts the data from user and returns True if the data is suspected as spam. The check_comment method can check the spam in other types of contents such as contact form submissions, forum posts, messages etc. The type of content can be passed as a parameter to this function. A full list of arguments and types can be found here.

Let’s assume you have a contact form which accepts the name, email and a message from a user. You may want to check whether the message is spam or not before saving the entry to the database. You could do something like the following in your views.

from akismet import Akismet
from django.conf import settings
from django.http import HttpResponseForbidden


def contact_view(request):
    if request.method == 'POST':
        akismet_api = Akismet(key=settings.AKISMET_API_KEY, blog_url=settings.AKISMET_BLOG_URL)

        is_spam = akismet_api.comment_check(
            user_ip=request.META['REMOTE_ADDR'],
            user_agent=request.META['HTTP_USER_AGENT'],
            comment_type='contact-form',
            comment_author=request.POST['name'],
            comment_author_email=request.POST['email'],
            comment_content=request.POST['message'],
        )

        if is_spam:
            return HttpResponseForbidden('You are not allowed to make a contact request.')
        
        # Request is not spam, do whatever you want with the data
    else:
        # Method is get, do your usual stuff

We have created an object of Akismet class by passing the API key and blog URL to it. The comment_check method has two mandatory parameter, user_ip and user_agent. We are accessing these values from the request metadata. comment_type is set to contact-form since we are validating a contact form submission.

Our example illustrates a very simple use case. You may need something little more robust in your application. Here are some tips on doing that.

  • We are accessing the IP address and user agents from request metadata but it may not be available if you are using a reverse proxy server such as Nginx. Make sure you have access to there values in your Django app.

  • We are accessing form data from request.POST. You may want to use a form for this. Also, if you are using a form, you can put the spam check in the validate method (or even in the model’s save method).

  • If you are using Django rest framework, you should put the spam checking in your serializers, not in your views.

  • You can check other types of content by passing a different value for comment_type. Full list of options is available in Akismet documentation


Last updated on October 1, 2019
Tags: Python Django Spam Akismet