I first heard about referrer spam in the spring.  By June, it started to show up in a few of my clients. By late July, as much as 80% of traffic for some of my clients was from referrer spammers.

What Is Referrer Spam? Referrer spam is junk traffic at your website. You think you have 1,000 daily visitors, but most of those are fake.

Why Are They Doing This? Spammers use computers to register fake visits in your analytics data. They don’t actually visit your site; they just register the data in your analytics account at Google. You look at your data, see visits from a site, and out of curiosity to see who it is, you click. Bingo, the spammer gets a visit. If they visit perhaps ten million sites, they’ll get a few thousand visits, which increase the spammer’s ranking in search engines or they sell that traffic to other sites.

What Is Google Doing about This? Google knew about this three years ago but, due to the technology of their analytics software, there is nothing they can do about this. To stop this, they would have to completely change Google Analytics, which is unlikely. So if you use Google Analytics (and 80-90% of all analytics is Google Analytics), you have to deal with it yourself for now.

What Can You Do about This? To block the fake traffic, you create a filter. That’s the easy part. However, more show up, so you add more filters. To block the current spammers, you need 19 filters. And if you manage ten clients, you’ll spend most of a day to set this up. And every month, you’ll add more filters.

Do You Have to Do This? Look at your traffic. If it’s just a few, don’t bother. But when it’s 5-10% of your traffic, it screws up your numbers. If it’s 60-80% of your traffic, your traffic data is junk.

What Should You Do? Don’t create 19 filters with 180 spammers. Many of those won’t visit your site, so it’s wasted work. Next month, there will be more. Finally, it’s messy to deal with several dozen filters.

  1. Look at your referrer traffic for the last twelve months.
  2. Download the list and find the spammers.
  3. Make a filter for those.
  4. Every 30 days, review the last 30 days of traffic, find new spammers, and add them to the filter.
  5. You should also create a Valid Host Name filter. This also stops spammers from using fake host name.

How to Do This: There are pretty good pages now on how to create the filters so you can look at those. Here are my notes on doing this:

  • The filter limit is 255 characters. If you need more, add another filter.
  • I number the filters: Refspam-01, Refspam-02, Refspam-03, etc.
  • Keep a copy of the filters in as a text file so you can search.
  • Don’t include the extension (.com, .ru, etc.). Some spammers are using multiple extensions. If they switch, you have to add a new one. This also shortens your filter.

More Notes: You can get an updated list of spammers at Github, but it doesn’t help because there are so many.

Update: Sept. 23, 2015

After more thought, I now only add refspammers to the filter if they are 1% or more of the monthly traffic. If they’re less than that, they don’t affect the data so there’s no point in adding them.

Look at the number of sessions. Let’s say there are 1,000 sessions. 1% is ten, so if a refspammer has only 7 sessions in the last 30 days, that won’t significantly affect the overall data. It’s just a bit of noise.

If a refspammer has 10 or more sessions, he crosses the 1% threshold. I copy his domain name and add him to the filter.