Spam Protection
Keep your checkout safe from spam, bots, and fraudulent orders. PayRequest’s built-in spam protection helps you focus on real customers while automatically blocking suspicious activity.Why Use Spam Protection?
Without protection, your checkout can be targeted by:- Bots: Automated scripts that create fake orders
- Card Testers: Fraudsters testing stolen credit cards
- Spam Submissions: Fake names and emails cluttering your data
- Unwanted Regions: Orders from countries you don’t serve
Getting Started
- Go to Settings in your dashboard
- Click Spam Protection in the sidebar
- Toggle the main Protection switch to enable
Spam protection is disabled by default. Enable it when you start receiving unwanted orders or want to proactively protect your checkout.
Protection Methods
PayRequest uses multiple techniques to identify and block spam:CAPTCHA (Cloudflare Turnstile)
An invisible security check that runs in the background. Most real customers won’t notice it, but bots will be blocked.- Best for: Stopping automated bot attacks
- Customer impact: Minimal - runs silently for most users
Honeypot
A hidden field that’s invisible to humans but gets filled in by bots. If filled, the order is blocked.- Best for: Catching simple bots
- Customer impact: None - invisible to real customers
Name Analysis
Detects randomly generated or suspicious names that don’t look like real customer names.- Best for: Blocking gibberish entries like “asdfJKL123”
- Customer impact: None for legitimate names
Rate Limiting
Limits how many checkout attempts can come from the same IP address or email in one hour.- Best for: Preventing rapid-fire spam attacks
- Customer impact: Only affects users making many attempts quickly
Country Blocking
Block orders from specific countries where you don’t do business or where you see high fraud rates.How to Block Countries
- Go to Settings → Spam Protection
- Enable Country Blocking in the Protection Methods section
- Click the dropdown and search for a country
- Click the + button to add it to your blocked list
- Repeat for other countries you want to block
What Customers See
When someone from a blocked country tries to checkout, they’ll see a friendly message:“Orders from [Country] are currently not accepted. Please contact support if you need assistance.”This gives legitimate customers a way to reach out if they believe they were blocked in error.
Removing a Country
To unblock a country:- Find the country badge in your blocked list
- Click the × on the badge
- The country is immediately unblocked
Sensitivity Settings
Adjust how strict the spam detection should be:| Level | Description |
|---|---|
| Low | Only blocks obvious spam. Best if you’re seeing false positives. |
| Medium (Default) | Balanced protection for most businesses. |
| Strict | Aggressive blocking. May catch some edge cases. |
Rate Limits
Control how many checkout attempts are allowed:- Max IP attempts/hour: How many orders from the same IP address (default: 10)
- Max email attempts/hour: How many orders using the same email (default: 5)
- Block duration: How long blocked IPs stay blocked in minutes (default: 30)
Whitelists
Ensure trusted customers always get through by whitelisting their email or domain.Whitelist an Email
- In the Whitelisted Emails section, enter the email address
- Press Enter or click +
- That email will bypass all spam checks
Whitelist a Domain
- In the Whitelisted Domains section, enter the domain (e.g.,
yourcompany.com) - Press Enter or click +
- All emails from that domain bypass spam checks
Viewing Blocked Attempts
The Blocked Attempts section shows all orders that were stopped by spam protection:- Date: When the attempt occurred
- IP Address: Where it came from
- Email: The email used (if provided)
- Name: The name entered
- Reason: Why it was blocked (Bot Detected, Rate Limited, Country Blocked, etc.)
- Risk Score: How suspicious the attempt was (higher = more suspicious)
Filtering Blocked Attempts
Use the search box and dropdown to filter:- Search by IP, email, or name
- Filter by reason (CAPTCHA Failed, Country Blocked, etc.)
Unblocking an IP
If a legitimate customer gets blocked:- Click Unblock IP in Quick Actions
- Enter their IP address
- Click Unblock
Statistics
At a glance, see how your protection is performing:- Blocked (24h): Attempts blocked in the last day
- Blocked (7 days): Attempts blocked in the last week
- Unique IPs: Different IP addresses that were blocked
- Avg. Risk Score: Average suspiciousness of blocked attempts
Best Practices
Start with default settings
Start with default settings
The default sensitivity and rate limits work well for most businesses. Only adjust if you see issues.
Monitor the blocked attempts log
Monitor the blocked attempts log
Check regularly to ensure you’re not blocking legitimate customers. Look for recognizable emails or company names.
Whitelist important customers
Whitelist important customers
If you have key accounts or partners, whitelist their email domains so they never get blocked.
Block high-fraud countries strategically
Block high-fraud countries strategically
Only block countries where you genuinely don’t do business or see consistent fraud. Don’t block countries where you have real customers.
Use country blocking with care
Use country blocking with care
Remember that VPN users may appear to be from different countries. Consider keeping your contact information visible for edge cases.
Frequently Asked Questions
Will spam protection slow down checkout?
Will spam protection slow down checkout?
No. The checks happen instantly in the background. Customers won’t notice any delay.
What if a real customer gets blocked?
What if a real customer gets blocked?
They’ll see an error message asking them to try again or contact support. You can unblock their IP manually, or whitelist their email for future orders.
Does country blocking work for VPN users?
Does country blocking work for VPN users?
Country detection is based on the customer’s IP address. If someone uses a VPN, they’ll appear to be from the VPN’s location. This is why the blocked message includes contact information for support.
Are existing customers affected?
Are existing customers affected?
Whitelisted emails bypass all checks. For others, protection only applies to new checkout attempts - existing orders and subscriptions are not affected.
Can I see why a specific order was blocked?
Can I see why a specific order was blocked?
Yes. The blocked attempts log shows the exact reason, risk score, and any issues detected for each blocked attempt.
How accurate is country detection?
How accurate is country detection?
Very accurate. PayRequest uses Cloudflare’s infrastructure when available, which provides reliable country detection. IP-based lookups are used as a fallback.
Will this affect invoice payments?
Will this affect invoice payments?
No. Spam protection only applies to shop checkout. Customers paying invoices through payment links are not affected.