How to programmatically prevent users from abusing the @ mentions


One of Twitter’s rules is that you cannot send large numbers of duplicate or unsolicited mentions, which makes sense.

As a social media management app integrated with Twitter, it’s our responsibility to prevent our users from abusing this functionality. How would you detect legit @ mentions from the spammy ones?

For duplicate mentions we’re using an algorithm that checks the similarity of your new Tweet compared to your old and scheduled ones. If for example you’ve already Tweeted "This is a test @user_one @user_two", you won’t be able to Tweet "@user_two a test @user_one".

This also covers the “You may not post duplicative or substantially similar Tweets on one account or over multiple accounts you operate.” rule.

The problem is with unsolicited mentions. How can we programmatically detect that the following is spamming:

Tweet 1: "@user_one visit my site"

Tweet 2: "@user_two take a look at this awesome site".

Tweet 3: "You must check this! @user_three"

Maybe check the time gap between Tweets?


One thing to do would be to check if @user_one is following or has tweeted to the user sending the tweet before - using one of the friends endpoints to check if there’s a link between users:

You could also put a threshold on the number of unique users mentioned in a time window, so that way long conversations with same users are not affected, but it would prevent someone from mention spamming to an extent.


Thank you for your tips. While the first one is very interesting, don’t you think it would falsely prevent legitimate use cases?

For example, let’s say I wanted to Tweet to Rami Malek to congratulate him for his Oscar. I’m not following him and obviously he doesn’t follow me either. I simply loved his performance and wanted to give him a shout-out.

On the other hand, the second tip seems reasonable.


Sure, restricting mentions entirely to friends and followers might sound like a bit too much, but I can’t think of many examples where I’d tweet to someone directly, if i’m not already following them, like these examples: Tweet 2: "@user_two take a look at this awesome site".

But i can definitely see how it might be too restrictive for something like I'm drinking @irnbru - i might want to mention an account that way, and never follow them, so maybe it could only apply to direct mentions like your Tweet 1 & 2 examples?

Thought of another one just now: You could also look at the URLs an account it trying to tweet - and restrict things on that maybe? eg: only allow your users to schedule 5-10 tweets with the same domain name in 1 day or something.


What do you guys think of the following?

For a given Twitter account, we check the Tweets published 24 hours prior to the new Tweet and the Tweets scheduled 24 hours after the new Tweet.

So in a 48 hours window, if there are up to 5 unique Tweets with @ mentions (including the new Tweet), we consider that safe (?). Otherwise, if 80% or more of the Tweets have @ mentions, we consider that going too fast and don’t let the user schedule / post the new Tweet.

This does prevent the abusive users we had trouble with and hopefully it won’t affect the legitimate use cases, for which we will have to wait for feedback from our users.

Looking forward to hearing your thoughts before pushing this to production.


It’s unlikely you’ll get an exact number for any kind of threshold involving the anti-spam stuff. I’ve no idea exactly how it works, and can only guess based on stuff like this:

For what it’s worth, your plan on filtering sounds reasonable to me anyway - even though i don’t have to deal with that kind of problem, and have no bearing on what you end up doing in the end. Hope that helps anyway!