Google's 18 spam policies and how to comply

Google's 18 spam policies define manipulative practices that can result in ranking suppression, deindexing, or manual penalties, operating independently from quality frameworks like E-E-A-T. The March 2024 update added three new policies—scaled content abuse, site reputation abuse, and expired domain abuse—with enforcement continuing through 2025 and 2026 via increased spam updates and manual actions. The document serves as both an installation manual for building defensive infrastructure and an audit reference for identifying, remediating, and recovering from violations.

Originally published atPart of ThatDevPro's open SEO + AI framework library. thatdevpro.com . ThatDevPro is an SDVOSB-certified veteran-owned web + AI engineering studio. Open-source AI citation toolkit: github.com/Janady13/aio-surfaces . Google's Explicit Anti-Spam Policies — What Gets Punished, How to Avoid It, and How to Recover A comprehensive installation and audit reference for understanding Google's documented spam policies, identifying spam policy violations on a website, remediating violations, recovering from spam updates and manual actions, and building structural defenses against accidentally violating spam policies through scale or third-party content. This document is dual-purpose: installation manual and audit document. Cross-stack implementation note: the code samples in this framework are written in plain HTML for clarity. For React, Vue, Svelte, Next.js, Nuxt, SvelteKit, Astro, Hugo, 11ty, Remix, WordPress, Shopify, and Webflow equivalents of every pattern below, see . For pure client-rendered SPAs no SSR/SSG see framework-cross-stack-implementation.md . For Tailwind-specific concerns purge, dynamic classes, dark-mode CLS, focus accessibility see framework-react.md . framework-tailwind.md 1. Document Purpose & How to Use This Document 1.1 What This Document Is This is the canonical reference for Google's spam policies — the documented rules at developers.google.com/search/docs/essentials/spam-policies that define what Google considers manipulative practices, what triggers algorithmic spam updates, and what triggers manual actions. While the rest of the foundational framework library focuses on what to do to earn rankings and citations, this document focuses on what not to do — the practices that result in ranking suppression, deindexing, or manual penalties regardless of how strong other signals are. Spam policies are operationally distinct from quality frameworks. A site can score 130/130 on E-E-A-T, satisfy YMYL standards perfectly, and still get hit by a spam policy violation that suppresses or removes it from search entirely. Conversely, a site can have weak E-E-A-T and still avoid spam violations. The two systems run in parallel — quality frameworks affect where you rank; spam policies affect whether you can rank at all. The 2024-2026 evolution of Google's spam policies has been significant. The March 2024 update added three new spam policies scaled content abuse, site reputation abuse, expired domain abuse and integrated existing policies more aggressively into core ranking. The May 2024 spam update enforced these policies with substantial site impact. Continuing through 2025 and into 2026, spam updates have run alongside core updates with increasing frequency, and manual action issuance has accelerated for the new policy categories. This document specifies every documented spam policy, the patterns Google uses to detect violations, defensive structural patterns to prevent accidental violations, response procedures when violations are detected, and recovery protocols for both algorithmic suppression and manual actions. 1.2 Three Operating Modes Mode A — Install Mode : Building defensive infrastructure into a site to prevent spam policy violations. Follow Sections 2 → 14. Mode B — Audit Mode : Evaluating an existing site for spam policy compliance. Skip to Section 11. Mode C — Hybrid Mode : Audit then install for failing items. 1.3 How Claude Code CLI Should Consume This Document - Read Section 2 — collect client variables, especially historical penalty status - Read Section 3 — understand the difference between spam updates, manual actions, and core updates - Apply Section 4 — work through every documented spam policy systematically - Apply Section 5 — special focus on the three policies added in March 2024 most active enforcement - Install defensive patterns — Sections 6-9 - Validate — Section 11 - If active violation suspected — go directly to Section 10 response and recovery - Generate report — Section 14 1.4 Conflict Resolution Rules | Conflict | Rule | |---|---| | Existing manual action | Stop all other work. Section 10.3 takes priority. | | Suspected scaled content abuse | Audit immediately. Stop publishing AI content until audit complete. | | Existing site reputation abuse via subdomain/subfolder leasing | Terminate the arrangement. No remediation works while it's active. | | Existing expired domain abuse | Either commit to substantively continuing original purpose or migrate to new domain. | | Existing link schemes | Disavow + cease + document for any reconsideration request. | | Aggressive SEO contractor recommending policy-violating practices | Do not implement. Document advice in writing for accountability. | 1.5 Required Tools - Google Search Console — primary source for manual action notifications and spam-related ranking data - Google Search Console Disavow Tool — for disavowing toxic backlinks - Bing Webmaster Tools — parallel monitoring for Bing manual actions - The actual spam policies documentation — developers.google.com/search/docs/essentials/spam-policies - Originality.ai or similar — AI content detection for scaled content abuse audit - Ahrefs/Semrush/Majestic — backlink profile auditing for link scheme detection - Wayback Machine — historical site state research, especially for expired domain audit - Server logs — to detect cloaking, sneaky redirects, hacked content 2. Client Variables Intake ============================================ SPAM POLICIES FRAMEWORK CLIENT VARIABLES ============================================ --- Business Identity REQUIRED --- business name: "" primary domain: "" domain age years: 0 domain acquired from someone else: false Critical — if true, expired domain abuse risk previous domain owner known: "" previous domain purpose: "" --- Penalty History REQUIRED --- has received manual action: false manual action history: List of past manual actions and dates has filed reconsideration request: false reconsideration request outcome: "" historical spam update impacts: Past spam updates that affected this site --- Content Creation Patterns REQUIRED — be honest --- publishes ai generated content: false ai content publication volume: "" "low" <5/month , "medium" 5-50/month , "high" 50/month ai content review quality: "" "expert review", "editor review", "minimal review", "none" ai content disclosure: false publishes at high volume: false 10 articles per week content outsourced to freelancers: false content outsourced volume: "" --- Site Architecture REQUIRED --- has subdomains: false subdomain list: has subfolders with external content: false Critical for site reputation abuse external partners publishing on site: allows user generated content: false ugc moderation level: "" "none", "post hoc", "pre publication", "vetted only" --- Linking Patterns REQUIRED --- has outbound paid links: false paid links use rel sponsored: false has link exchange arrangements: false has purchased links: false has used link building services: false sponsored content disclosed: false affiliate links use rel sponsored: false --- Technical Spam Vectors REQUIRED --- serves different content to googlebot: false Cloaking risk uses user agent detection: false has redirect chains: false has meta refresh redirects: false has javascript redirects obscuring destination: false has doorway pages: false Many pages targeting variations of same intent has thin pages targeting keywords: false --- Content Quality Signals REQUIRED --- has scraped or syndicated content without value add: false has duplicated content across pages: false has machine translated content without review: false has auto generated text filler: false has keyword stuffed content: false has invisible or misleading text: false --- Hacking & Security REQUIRED --- last security audit date: "" has been hacked historically: false hack remediation complete: false has 2fa on admin accounts: false has security monitoring: false --- Affiliate & Monetization REQUIRED --- business model includes affiliate: false affiliate content adds value beyond links: false Honest answer affiliate disclosure present: false affiliate disclosure clear and conspicuous: false --- E-Commerce Specific if applicable --- sells user data: false displays misleading product information: false deceptive pricing practices: false fake reviews present: false review acquisition methods: How reviews are obtained --- Compliance Documentation REQUIRED --- has documented anti spam policies: false has third party content review process: false has link acquisition policy: false has ai content policy: false quarterly spam audit performed: false After variables are gathered, save as spam-policies-variables.yml . 3. What Spam Policies Are Google's spam policies are explicit rules documented at developers.google.com/search/docs/essentials/spam-policies that define manipulative practices Google does not allow in search results. These are operationally distinct from quality frameworks like E-E-A-T or HCS. 3.1 The Three Enforcement Mechanisms Algorithmic Spam Updates — Periodic updates to Google's spam-detection algorithms. Like core updates, they roll out over days to weeks, are publicly named, and affect rankings broadly. Sites violating spam policies see ranking suppression, sometimes severe. Recovery requires remediation plus time. Recent named spam updates include: - May 2024 Spam Update enforcement of the new March 2024 policies - October 2024 Spam Update - December 2024 Spam Update - June 2025 Spam Update - November 2025 Spam Update Manual Actions — Human-issued penalties communicated via Search Console under Security & Manual Actions. Manual actions can be partial specific pages or sections affected or sitewide. Some are reconsideration-eligible after demonstrating remediation , some are not. Manual action types include: - Site abused with third-party spam - User-generated spam - Spammy free hosts - Structured data issue - Unnatural links to your site - Unnatural links from your site - Thin content with little or no added value - Cloaking and/or sneaky redirects - Pure spam - Cloaked images - Hidden text and/or keyword stuffing - AMP content mismatch - Sneaky mobile redirects - News and Discover policy violations Algorithmic Demotion No Manual Action — Some spam-detection happens algorithmically without manual review, resulting in ranking suppression without an explicit manual action notification. Sites may experience traffic loss without knowing the cause. These cases require diagnostic investigation against spam policy criteria. 3.2 What Distinguishes Spam from Low Quality Quality issues low E-E-A-T, weak HCS are matters of degree — content can be more or less helpful, more or less authoritative. Spam violations are matters of category — content either is or isn't keyword stuffed, scraped, cloaked. Spam policies define bright lines. The practical implication: improving quality moves rankings up gradually. Eliminating spam violations may unlock sudden ranking restoration once Google's systems re-evaluate the site post-remediation. 3.3 The 2024 Policy Expansions In March 2024, Google added three new spam policies that have driven substantial enforcement activity: Scaled Content Abuse — Producing pages at scale primarily for ranking purposes, regardless of whether AI, human, or mixed authorship. Replaced the older "automatically generated content" policy with a broader definition focused on intent and pattern rather than method. Site Reputation Abuse — Third parties publishing content on a host site primarily to leverage that site's ranking signals. Common pattern: established media sites leasing subdomains or subfolders to coupon, casino, or supplement marketers. Expired Domain Abuse — Repurposing expired domains with prior authority to host content unrelated to the prior purpose, primarily for ranking benefit from inherited trust signals. These three policies represent the largest spam policy expansion in years and continue to drive significant enforcement through 2026. 3.4 What Spam Policies Don't Cover Spam policies don't cover: - Quality issues — addressed via core updates and HCS, not spam policies - Mistakes or accidents — Google distinguishes between intentional manipulation and good-faith errors - Personal preference disagreements — practices Google might not love but doesn't classify as spam - Legal compliance issues — copyright, defamation, etc. are addressed through other mechanisms When something isn't a spam policy violation, addressing it requires the relevant quality framework. 4. Documented Spam Policies — Comprehensive Reference This section catalogs every documented spam policy, what it covers, detection patterns, and avoidance requirements. 4.1 Cloaking What it is : Presenting different content to search engine crawlers than to human users. Common patterns : - User-agent detection serving different HTML to Googlebot vs browsers - IP-based content swapping - JavaScript that hides content from users that Googlebot sees as text - Reverse cloaking — keyword-stuffed text visible to bots, "cleaner" version to users - Geographic cloaking serving different content based on visitor location for ranking manipulation Detection : - Google fetches with browser-like user agents and compares - Googlebot also runs in different network locations - Discrepancies between rendered DOM and HTML sent to crawlers flagged Avoidance requirements : - Serve identical content to all visitors with legitimate exceptions for personalization, A/B testing through proper Google-supported methods, paywall/login walls properly declared - If using A/B testing, use Google's recommended approach canonical to original, no rel=canonical pointing to test variant - Personalization based on user signals must not differ for Googlebot in ways that would change ranking signals - Geographic content variations must use proper hreflang - Verify with Google's URL Inspection Tool — what Googlebot sees should match what users see Code pattern anti-cloaking : php < -- Same HTML for all visitors -- < -- Personalization happens client-side AFTER initial render -- < -- Or via Google-recognized signals like cookies, not user-agent -- 4.2 Doorway Pages What it is : Pages created primarily to rank for specific queries that funnel users to a different destination of less direct utility. Common patterns : - Multiple landing pages for slight variations of the same query e.g., "cheap car rental Austin," "affordable car rental Austin," "low cost car rental Austin" all leading to same booking page - Geographic doorway pages with thin city-specific content but identical service offering - Pages that exist solely to rank, then redirect or funnel users elsewhere - Templated pages with minor keyword variations across each instance Distinction from legitimate location pages : A genuine local landing page provides location-specific information local team, local hours, local context, local testimonials . A doorway page just swaps the city name in templated content. Detection : - Pattern recognition across page templates - Bounce-and-redirect behavior monitoring - Lack of unique value per page in a series Avoidance requirements : - Each page must offer substantive unique value beyond keyword targeting - Location-specific pages must include genuinely location-specific content - Don't create variations targeting query stems that resolve to the same intent - Consolidate query variations into single comprehensive pages Programmatic SEO consideration : Programmatic city pages such as those covering 4,715 city/service combinations are not automatically doorway pages. They're doorway pages when they're thin and offer no location-specific value. They're legitimate when each page offers genuinely useful location-specific information — local team contact, local pricing variations, local case studies, local testimonials, local regulatory considerations, etc. 4.3 Hacked Content What it is : Content placed on a site without permission, typically through security vulnerabilities, that's used for spam, phishing, or malware distribution. Common patterns : - Injected pages selling unrelated products pharmaceuticals, gambling - Hidden content cloaked only visible to search engines - Redirected pages sending users to malicious destinations - Modified existing pages with injected spam content - Created admin accounts using compromised credentials Detection : - Google security systems flag known hack patterns - Search Console issues "Hacked" warning - Sudden appearance of pages on unfamiliar topics - Server logs show unusual activity Avoidance requirements : - Keep all software CMS, plugins, themes, server stack current - Use 2FA on all admin accounts - Strong unique passwords password manager - Limit admin account count - Regular security scanning Wordfence, Sucuri, Patchstack for WordPress; equivalent for other stacks - Web Application Firewall Cloudflare, Sucuri, Wordfence - File integrity monitoring - Intrusion detection on server level - Off-site backups for rapid recovery Response if hacked : See Section 10.5. 4.4 Hidden Text and Links What it is : Text or links placed in a way that human users can't see but search engines can read. Common patterns : - White text on white background - Text positioned off-screen text-indent: -9999px - Text behind images - Tiny font sizes 1px font, 0px line-height - Display:none or visibility:hidden on text containing keywords - Hiding text with CSS that's recoverable by crawlers - Links in characters like commas or single periods - 1×1 pixel images linking to other sites Detection : - Google rendering identifies hidden content - Comparison of rendered vs HTML content reveals hidden elements - Pattern recognition on common hiding techniques Avoidance requirements : - All text on the page should be visible to users - Don't use CSS to hide content for ranking purposes - Legitimate cases where content is hidden until user interaction accordions, tabs, collapsible sections are acceptable but content should still be visible/accessible upon interaction - Modal/popup content acceptable when triggered by user action - Skip-to-content links acceptable if standard accessibility pattern Code pattern legitimate progressive disclosure : <details <summary Click to expand</summary <p Content visible after click. This is acceptable — user can access.</p </details Code pattern spam : <style .hidden { display: none; }</style <div class="hidden" Keyword stuffed text invisible to users but indexed by search engines. </div 4.5 Keyword Stuffing What it is : Loading pages with keywords or numbers in attempts to manipulate ranking, especially when it harms user experience. Common patterns : - Lists of phone numbers without substantive value - Blocks of text listing cities or regions where the page wants to appear - Repeating same words or phrases unnaturally - Hidden keyword lists in meta tags or alt text - Stuffing alt attributes with keyword variations rather than describing images - Awkward sentences padded with keyword variations Detection : - Keyword density relative to surrounding context - Unnatural phrasing patterns - Disproportionate keyword frequency - Patterns that match known stuffing approaches Avoidance requirements : - Use keywords naturally in service of communication - Alt attributes describe images, don't list keywords - Meta descriptions describe content, don't pack keywords - Don't list cities/regions/services as plain text blocks - Vary language naturally; let topic-relevant terms appear organically - Write for humans first; if it reads awkwardly, it's stuffed Word count consideration : Stuffing is about pattern, not absolute frequency. A long article on a specific topic will naturally include the topic term frequently — that's fine. A short article repeating the same phrase 30 times is stuffing. 4.6 Link Schemes What it is : Links intended to manipulate ranking that aren't editorial in nature. Common patterns : Buying or selling links for ranking : - Purchasing dofollow links - Selling dofollow links - Trading goods or services for links - Sending free products in exchange for links without rel="sponsored" Excessive link exchanges : - "Link to us, we'll link to you" reciprocal arrangements - Triangular link schemes A→B→C→A - Link exchange directories purpose-built for SEO Large-scale article marketing or guest posting with optimized anchor text : - Guest posts where the primary purpose is dropping a link - Optimized anchor text in guest content - Single-author guest posting on dozens of sites - Guest posts with author bios containing manipulated anchor text Automated link building : - Using software to create links across forums, blog comments, profiles - Paid services that generate links at scale - Link injection through hacked sites Forum signatures and comments with optimized anchor text : - Strategic forum participation primarily for link drops - Blog comment links with money-anchor text PBNs Private Blog Networks : - Network of sites primarily existing to link to a money site - Often built on expired domains - Often interlinked in patterns that reveal coordination Detection : - Backlink profile analysis showing unnatural patterns - Anchor text distribution analysis - Velocity analysis sudden link spikes - Link source quality signals - Pattern matching against known PBN footprints Avoidance requirements : - Earn links through valuable content, not solicitation - Mark sponsored/paid links with rel="sponsored" - Mark guest post author bio links with rel="ugc" or rel="nofollow" if unrelated to content - Never participate in link exchanges for SEO purposes - Never purchase links for ranking - Never use link building services that promise dofollow links at volume If unnatural inbound links are discovered : - Disavow via Google's Disavow Tool - Document disavow file in Search Console - File reconsideration request if manual action issued 4.7 Machine-Generated Traffic What it is : Automated queries or bot traffic to Google or to a site that doesn't reflect real user behavior. Common patterns : - Sending automated queries to Google rank checking at high volume - Bot-driven traffic to a site to manipulate engagement signals - Click manipulation services purchasing bot clicks on search results Detection : - Pattern analysis of query and click behavior - Unusual session patterns - Click-through patterns not matching organic behavior Avoidance requirements : - Use Google's official APIs for any automated query needs - Don't use rank-tracking services that send unauthorized queries to Google most reputable services use their own indexes - Never use traffic generation services - Never use click-bot services 4.8 Malware and Malicious Behaviors What it is : Software that harms users — viruses, trojans, ransomware, unwanted software, drive-by downloads. Common patterns : - Direct malware distribution - Misleading downloads claiming to be one thing, actually another - Software that modifies browser settings without consent - Drive-by downloads triggered by visiting a page - Sites distributing pirated software with bundled malware Detection : - Google Safe Browsing scans - Detected malware triggers Search Console alerts and search result warnings Avoidance requirements : - All downloads must accurately describe what's being downloaded - No bundled software users haven't consented to - No browser modification scripts - Maintain site security to prevent malware injection - Verify all third-party scripts and ads 4.9 Misleading Functionality What it is : Sites that don't work as advertised — fake login forms, fake software, fake services. Common patterns : - Pretending to be a brand the site isn't phishing - Promising functionality the site doesn't deliver - Fake "free PDF generator" or similar tools that don't work - Bait-and-switch products or services Avoidance requirements : - Sites must accurately represent themselves and their function - Promised features must work - Brand impersonation prohibited - Deceptive product descriptions prohibited 4.10 Scaled Content Abuse Added March 2024 What it is : Producing many pages whose primary purpose is search ranking manipulation rather than helping users — regardless of whether the content was created by AI, humans, or both. This is one of the most actively enforced policies in 2025-2026. Common patterns : - AI-generated articles published at high volume with minimal review - Content farms producing hundreds or thousands of articles per month - Spinning existing content into many variations - Programmatic page generation without genuine per-page value - Templated content with minor variations to target keyword variations - "AI in, content out" workflows with no editorial layer Critical clarification : AI use isn't automatically scaled content abuse. The violation is scale + low value + ranking primary purpose . AI can be used responsibly as a research and drafting assistant for content that adds genuine value. AI cannot be used to mass-produce content that exists primarily to occupy SERP space. Detection : - Pattern recognition across publication volume - Content originality and value analysis - Engagement signals indicating low user satisfaction - Linguistic patterns common to AI generation when not edited - Site-wide content quality distribution - Rate of publication relative to organizational capacity The December 2024 core update specifically targeted scaled content abuse patterns. Many content farms saw 40-80% organic traffic loss. The pattern continues — sites publishing high-volume AI content with minimal review face increasing risk through 2026. Avoidance requirements : - Publication volume should be proportional to genuine editorial capacity - Every published article must add genuine value beyond what's already available - AI-assisted content requires meaningful human review and editing - Establish editorial review process: research → AI-assisted draft → expert revision → fact-check → publish - Disclose AI use per E-E-A-T framework Section 4.4.6 - Maintain author accountability — real bylines, real responsibility for accuracy - Apply Information Gain principles per framework-infogain.md — every article must contribute novelty - Apply HCS principles per framework-hcs.md — content for users, not for search Quantitative guideline : There's no fixed "publish less than X articles per month" rule. The relevant ratio is editorial capacity to publication volume. A team of 1 reviewing 5 AI-assisted articles per month is reasonable. A team of 1 publishing 100 AI articles per month is not. A team of 20 with rigorous editorial workflow can publish more without violation. Google's systems evaluate the quality outcome, not the input method. 4.11 Site Reputation Abuse Added March 2024 What it is : Third-party content published on a host site primarily to take advantage of the host's existing ranking signals, where the third-party content has little oversight from the host site. Common patterns : Parasite SEO arrangements : - Major news sites hosting "coupon code" subdirectories run by third parties - Established sites leasing subdomains to gambling, crypto, supplement marketers - Educational sites carrying commercial review sections operated by external SEO firms - Government or non-profit sites hosting commercial content for revenue Common host targets : - News publications with high domain authority - Educational institutions .edu - Government sites .gov - Long-established commercial sites with strong ranking signals - Wikipedia-adjacent properties The May 2024 spam update aggressively enforced this policy. Many high-profile examples of parasite SEO arrangements were de-ranked. Enforcement continues actively through 2026. Detection : - Subdomain or subfolder content disconnected from main site purpose - Content quality and topic mismatch with host site - Editorial oversight gaps different bylines, different editorial standards, different design patterns - Pattern of similar parasite arrangements across multiple host sites Avoidance requirements : For host sites: - Don't lease subdomains or subfolders to third parties for content unrelated to your site's purpose - All content under your domain should be editorially controlled by your organization - If accepting sponsored content, treat as such with proper disclosure rel="sponsored" - Affiliate content should be created under your editorial standards - Brand partnerships should be clearly disclosed and editorially vetted - Coupon/deals sections, if present, should be operated under main editorial oversight For sites attempting to use parasite SEO: - Don't. The strategy is documented and enforced. - Build authority on your own domain - Use legitimate guest contribution to other sites with rel="sponsored" or rel="ugc" where appropriate Edge cases : - Press releases distributed via wire services : Acceptable when properly attributed and not optimized solely for ranking - Job listings, classified ads : Acceptable when relevant to host site purpose - Forum content from real community members : Acceptable with moderation - Guest articles : Acceptable when editorially vetted and contributing genuine value - Affiliate review sections : Risk depends on editorial control — content created and vetted by host editorial team is acceptable; content provided by affiliate partners and published with minimal review is parasite SEO Specific test for site reputation abuse : - Is the content created by the host site's editorial team? If yes, not parasite SEO. - Is the content created externally but rigorously edited by the host's team to its standards? Probably acceptable. - Is the content created externally and published with minimal host editorial involvement, primarily for ranking benefit? Likely site reputation abuse. 4.12 Expired Domain Abuse Added March 2024 What it is : Acquiring expired domains with prior authority and repurposing them with content unrelated to the prior site's purpose, primarily to leverage inherited ranking signals. Common patterns : - Buying expired domain previously used by a non-profit, repurposing for commercial content - Buying expired domain previously a small business site, repurposing as a content site on unrelated topic - Acquiring multiple expired domains to build PBN - Building content sites on expired domains that have nothing to do with original purpose Detection : - Wayback Machine analysis showing dramatic content shifts - Backlink profile inconsistency with current site purpose - Patterns matching known expired domain reseller markets - Sudden ranking improvements without commensurate content quality Avoidance requirements : If acquiring an expired domain: - Continue the original site's purpose if at all possible - If different purpose, build genuinely from scratch and don't expect inherited ranking benefits - Submit reconsideration request if needed clarifying domain purpose change - Be prepared for ranking signals to be re-evaluated post-acquisition If domain history is unclear: - Wayback Machine review reveals prior content - Major content shifts justify Google's re-evaluation - Disavow inherited backlinks if they're spammy - Build new authority from current activity Best practice : Build on new domains for new businesses. The "buying an aged domain for SEO benefit" strategy is now actively penalized. The domain age signal that this strategy targeted has been re-weighted to require continuity of purpose. 4.13 Scraped Content What it is : Content republished from other sources without adding meaningful value. Common patterns : - Auto-generated scraping of RSS feeds republished as own content - Content "spinning" — taking original content and using software to substitute synonyms - Republishing other sites' content with minor modifications - Aggregator pages with snippets but no substantial value add - Content "rewriting" services that produce technically-different but substantively-identical content Distinction from legitimate aggregation : Aggregation that adds substantial value curation, expert commentary, synthesis is acceptable. Aggregation that adds nothing beyond republishing is scraping. Detection : - Content similarity matching against original sources - Pattern recognition on spinning techniques - Originality analysis Avoidance requirements : - All content should be substantively original to the publishing site - Quotes and excerpts permitted with attribution - Curated lists permitted with substantial original commentary - Syndication agreements permitted when properly canonicalized to original - Synthesis across sources permitted when synthesis itself is the contribution 4.14 Sneaky Redirects What it is : Redirects that send users to a different destination than they expected. Common patterns : - User clicks search result expecting one type of content, redirected to commercial offer - Mobile users redirected to different content than desktop users expecting the same page - Redirects from one search result to entirely unrelated destination - JavaScript redirects that mask the destination - Conditional redirects based on referrer only redirect when from Google Detection : - Mobile vs desktop content comparison - User-experience signals bounce rate, behavior - Crawl path analysis Avoidance requirements : - Redirects must lead to content matching what the search snippet promised - Mobile and desktop should reach equivalent content for the same URL - Use 301/302 redirects appropriately, not JavaScript redirects to mask destinations - Don't redirect users based on referrer for ranking manipulation 4.15 Spammy Automatically-Generated Content What it is : Content produced by automated systems primarily for ranking, without value to users. Largely subsumed by the broader Scaled Content Abuse policy. Common patterns : - Markov chain generated text - Translated text without human review - Automatically combined content from multiple sources - Automatically-created content stitching together database content with templates Note : This older policy has been broadened into Scaled Content Abuse Section 4.10 . The narrow technical definition of "automatically generated" is now less relevant than the broader "content created at scale primarily for ranking." Same defensive patterns apply. 4.16 Thin Affiliate Pages What it is : Affiliate marketing pages with little original content beyond the affiliate offers. Common patterns : - Product review pages that just describe what the product's manufacturer says - Comparison pages with no actual testing or evaluation - "Top 10" lists ranked by affiliate commission rather than user benefit - Pages with no value beyond the affiliate links Distinction from legitimate affiliate content : Affiliate marketing isn't prohibited. Thin affiliate content is. The standard: would this page be valuable even without the affiliate links? If not, it's thin. Avoidance requirements : - Affiliate content must add substantial value beyond the affiliate program - Real product testing or experience documented - Evaluation criteria honest and useful - Recommendations based on user benefit, not commission rate - Affiliate disclosure prominent FTC requirement and quality signal - Use rel="sponsored" on affiliate links 4.17 User-Generated Spam What it is : Spam content posted by third parties on a site, often through comments, forums, or open user-content systems. Common patterns : - Comment spam with promotional links - Profile pages created solely to host links - Forum signatures with money-anchor links - Review spam fake reviews, paid reviews - Marketplace listings designed for SEO rather than genuine commerce Detection : - Pattern recognition on common spam content - Volume and velocity of UGC posting - Author signal analysis Avoidance requirements : For sites with UGC: - Implement moderation pre-publication ideally, post-publication minimum - Require account creation with verification - Use rel="ugc" on links from user-generated content - Implement spam filters Akismet for WordPress, etc. - Manual review of high-volume posters - Remove spam content promptly when discovered - Don't allow comments to remain on old posts indefinitely if not moderated - Consider closing comments on older posts if moderation isn't sustainable If site is hit by user-generated spam manual action: - Audit all UGC for spam patterns - Remove confirmed spam - Strengthen moderation processes - File reconsideration request demonstrating remediation 5. Special Focus: The Three Policies Added March 2024 The three new spam policies introduced in March 2024 represent the most active enforcement areas in 2025-2026. Most penalties issued through this period fall into one of these three categories. 5.1 Scaled Content Abuse — Defensive Implementation Audit current state : Scaled content abuse audit publication volume per month: 0 authors per published article average: 0 review time per article hours: 0 ai assisted articles per month: 0 ai unassisted articles per month: 0 content outsourcing volume: 0 Honesty check publishing at capacity: false Are we publishing more than we can genuinely review? each article adds genuine value: false Honest answer review process is substantive: false Honest answer Risk assessment : | Pattern | Risk Level | |---|---| | <10 articles/month, expert authors, comprehensive review | Very Low | | 10-50/month, mix of human and AI-assisted, full editorial review | Low | | 50-200/month, primarily AI-assisted, light editorial review | Medium-High | | 200/month, primarily AI-generated, minimal review | Critical | | 50/month, single editor reviewing all, no expert input | High | Defensive structural patterns : - Editorial capacity matched to volume : If team can rigorously review N articles per month, publication volume should not exceed N with margin - Documented editorial process : Research → Outline → Draft AI-assisted or not → Expert review → Fact-check → Edit → Publish - Author accountability : Real bylines, real Person schema with credentials, real responsibility for accuracy - Per-article value gating : Pre-publish check requiring articulation of what the article adds Information Gain framework - AI use disclosure : Site-wide policy + per-article disclosure when applicable - Quality monitoring : Track engagement metrics; remove or significantly improve underperforming content - Topical focus discipline : Don't publish on topics outside genuine site authority If currently exceeding safe patterns : - Stop publishing AI content immediately until audit complete - Audit existing AI content — identify articles with insufficient value - Remove or significantly improve identified articles - Restructure publication cadence to match genuine editorial capacity - Document new process for any reconsideration needs 5.2 Site Reputation Abuse — Defensive Implementation Audit current state : Site reputation abuse audit hosts third party subdomain content: false subdomain third parties: List with editorial control level hosts third party subfolder content: false subfolder third parties: List with editorial control level allows external publishing arrangements: false external arrangement details: Description and editorial control level editorial control over all subdomains: "" "full", "partial", "none" editorial control over all subfolders: "" Acceptable arrangements : - Sponsored content : Clearly disclosed, rel="sponsored", produced or rigorously vetted by host editorial - Guest contributions : Vetted by host editorial team, fits topical focus - Affiliate partnerships : Content created by host team, with affiliate links properly disclosed - Coupon/deals : Operated by host team or under direct host editorial supervision - Press releases : Through proper PR/wire mechanisms with proper attribution - Job listings : Relevant to host site purpose, properly structured Unacceptable arrangements : - Subdomain leased to third party for content unrelated to host purpose - Subfolder where third party publishes with minimal host editorial involvement - Coupon section run entirely by external SEO agency - Casino/gambling content on educational or news sites - Supplement marketing on health information sites - Any "we'll pay you to host our content" arrangement Defensive structural patterns : All content under main domain editorially controlled by main organization - Subdomains used for legitimate technical separation status.example.com, blog.example.com when run by same team not for third-party content - Editorial standards applied uniformly across all site content - Sponsored content distinctly marked with rel="sponsored" and visible disclosure - Third-party content prohibited unless rigorously vetted If currently has parasite SEO arrangement : - Terminate the arrangement — no remediation works while it's active - Remove or migrate the third-party content off the host domain - 301 redirect to third party's own domain if appropriate with proper communication - Document termination for any reconsideration request Audit broader site for similar patterns 5.3 Expired Domain Abuse — Defensive Implementation Audit current state : Expired domain abuse audit domain acquired from someone else: false acquisition date: "" prior owner known: "" prior site purpose: "" current site purpose: "" purpose continuity with prior: "" "same", "related", "unrelated", "completely different" wayback machine review completed: false inherited backlinks audited: false problematic inherited backlinks disavowed: false Risk assessment : | Pattern | Risk Level | |---|---| | Domain registered from scratch, never previously used | None | | Acquired domain, continuing original purpose | Low | | Acquired domain, related but evolved purpose | Medium | | Acquired domain, completely different purpose | High | | Multiple acquired domains in same network | Critical | | Acquired domain with documented prior ranking, repurposed | High | Defensive structural patterns : - For new businesses, use new domains — don't acquire aged domains for SEO benefit - For business name acquisitions, focus on the brand value not the SEO equity - If acquiring expired domain, evaluate continuity carefully — substantial purpose continuity is the safe path - If purpose changes substantially , treat as new domain — don't expect inherited ranking benefits - Audit inherited backlink profile — disavow toxic backlinks immediately - Wayback Machine review — document the prior site for context If domain has expired domain abuse risk : - Wayback Machine audit — what was the prior content? - Backlink audit — what does the inherited link profile look like? - Disavow toxic backlinks through Google Search Console - Make domain change explicit — About page acknowledges the change with substantive purpose explanation - Build current authority through current work — don't rely on inherited signals - Be prepared for slow ranking initially — Google will re-evaluate 6. Defensive Site Architecture Beyond avoiding specific violations, structural patterns reduce risk of accidental violations. 6.1 Content Publishing Workflow A workflow that prevents scaled content abuse and thin content: Topic identification → "Why are we covering this?" gate → "What can we contribute?" gate Information Gain → If yes to both, proceed Research → Primary sources gathered → Subject matter expert input Drafting → AI-assisted or human-written either acceptable → Draft completed by named author Expert review → Subject matter expert reviews accuracy → Reviewer takes professional responsibility → Reviewer signs off with name and credentials Fact-checking → Every factual claim verified against primary source → Citations verified to actually support claims → Statistics double-checked Editorial review → Quality assessment → Information Gain confirmation → Style and tone Pre-publication check → Author byline with credentials present → Reviewer credit if YMYL → Disclosures present AI use, affiliate, sponsored → Schema valid → Internal links appropriate → Original imagery Publication → Real bylines with author accountability → AI use disclosed if applicable → Refresh schedule set 6.2 Link Acquisition Policy {{BUSINESS NAME}} Link Acquisition Policy What We Do - Earn links through valuable content - Cite primary sources in our content creating natural inbound interest - Participate in industry communities authentically - Build relationships with relevant publications What We Don't Do - Buy or sell links for ranking purposes - Participate in link exchange schemes - Use link building services that promise volume - Stuff guest post bylines with optimized anchor text - Manipulate forum signatures or comment links - Operate or participate in PBNs Sponsored Content - Sponsored relationships disclosed with rel="sponsored" - Sponsored content visibly marked - Editorial integrity maintained Affiliate Links - All affiliate links use rel="sponsored" - Affiliate disclosure present on all affiliate content - Affiliate recommendations based on user benefit, not commission When We Discover Toxic Inbound Links - Document via backlink audit - Disavow through Google Search Console - Update Disavow file as needed 6.3 Third-Party Content Review Process If the site allows any external content: Third-Party Content Review Process What We Accept - Guest contributions from credentialed experts on our topical focus areas - Sponsored content clearly identified as such - User-generated content through approved channels What We Don't Accept - Subdomain or subfolder leasing - Content from external SEO agencies - Content disconnected from our editorial focus - Content with manipulated anchor text Vetting Process 1. Author/contributor identity verified 2. Content topic fits our editorial focus 3. Quality matches our standards 4. Editorial review by our team 5. Fact-checking through our process 6. Disclosure requirements met 7. Schema and metadata applied per our standards 6.4 AI Content Policy {{BUSINESS NAME}} AI Content Policy How We Use AI - Research assistance and source gathering - First-draft generation reviewed by humans - Grammar and style editing - Outline and structure assistance How We Don't Use AI - Mass-producing articles for SEO - Publishing AI content without expert review - Generating fabricated quotes, statistics, or experiences - Replacing the need for genuine subject matter expertise Editorial Standards for AI-Assisted Content - Every AI-assisted article reviewed by named subject matter expert - Reviewer takes professional responsibility - All factual claims verified against primary sources - AI use disclosed per article when applicable - Same quality bar as human-written content Volume Discipline - Publication volume matches editorial capacity - We don't publish more than we can rigorously review - Quality over quantity is the principle 6.5 Security Posture Documented at /admin/security-posture.md : Security Posture Current Configuration - 2FA enabled on all admin accounts - Strong unique passwords password manager required - Limited admin account count - Web Application Firewall active Cloudflare - File integrity monitoring Wordfence/equivalent - Daily off-site backups - Quarterly security audit Monitoring - Search Console for "Hacked" warnings - Server logs reviewed weekly for unusual activity - Malware scanning weekly - SSL certificate expiration monitoring Incident Response - Hacked content discovered → Section 10.5 protocol - Credential compromise → password rotation across all accounts - Successful intrusion → forensic analysis required before remediation 7. Red Flags and Early Warning Signs Patterns that suggest spam policy violation risk before formal penalty. 7.1 Content Red Flags - Publication volume increasing without staffing increase - AI content disclosure conversations being avoided - Pressure to publish "just to have content" on topics - Articles published that the team hasn't read in full - Topical drift into areas outside genuine expertise - Word count targets driving content padding - Refresh dates being updated without content updates 7.2 Linking Red Flags - Sudden inbound link velocity increases - Inbound links from sites with unrelated topics - Inbound links with optimized anchor text patterns - Outbound link targets the team can't explain - "Link building" budget line items - Email outreach offers for "guaranteed dofollow links" 7.3 Architecture Red Flags - Subdomain or subfolder activity not familiar to main team - Pages indexed that the team didn't create - Geographic content variations beyond legitimate localization - Server log entries showing crawl patterns to unknown URLs - File system changes the team didn't make 7.4 Search Console Red Flags - Manual action notifications immediate priority - Security issue notifications - Sudden indexing decreases without explanation - Sudden indexing increases without explanation - "Hacked" warnings - Coverage report errors increasing 7.5 Traffic Pattern Red Flags - Sudden traffic loss without identified core update - Specific page sections losing traffic while others stable - Branded query traffic dropping suggests manual action - Sudden traffic gains that seem too good to be true often precede manipulation detection 8. Stack-Specific Spam Policy Considerations 8.1 WordPress High-risk patterns : - Plugins generating content automatically - Themes with hidden links to plugin developer - Comment moderation off by default - Outdated plugins creating security vulnerabilities - "SEO" plugins that recommend stuffing keywords or hiding text Defensive practices : - Akismet or similar comment spam filtering - Wordfence or equivalent security - Content publishing workflow plugins Editorial Calendar, PublishPress - Schema validation through Rank Math or Yoast - Regular plugin and theme updates 8.2 Programmatic SEO Sites Next.js, custom High-risk patterns : - City pages or category pages with templated content lacking unique per-page value - Database-driven pages with insufficient editorial layer - Faceted navigation creating thousands of low-value URLs - Auto-generated pages from third-party data feeds Defensive practices : - Per-page minimum content threshold enforced at build time - Per-page unique value validation - Robots.txt or noindex on pages below quality threshold - Editorial review of programmatic page templates - Genuinely location-specific or category-specific content per page 8.3 E-commerce Platforms Shopify, WooCommerce, custom High-risk patterns : - Auto-generated product description from manufacturer feeds - Manufacturer review content republished without value-add - Faceted navigation creating duplicate content URLs - Affiliate review sites disguised as e-commerce - Fake or incentivized reviews Defensive practices : - Original product descriptions per product or properly canonicalized to manufacturer - Genuine customer reviews with verification - Faceted URLs properly handled with canonicals or noindex - Clear distinction between affiliate and direct sales 8.4 News and Media Sites High-risk patterns : - Coupon or deals subdirectories operated by third parties parasite SEO risk - Sponsored content not clearly marked - Aggregated wire content republished without value-add - AI-generated breaking news without verification - Programmatic local pages with thin content Defensive practices : - All editorial sections under direct editorial control - Sponsored content clearly marked and disclosed - AI use restricted to editorial assistance, not authoritative content - Local journalism backed by genuine local presence 9. Cross-Reference to the 14-Tier Framework Spam Policies compliance interacts with multiple tiers: - Tier 1 SSO — Site Security Optimization prevents hacked content - Tier 1 GCO — Google Compliance Optimization includes spam policies - Tier 2 OBL — Outbound Link strategies must follow link scheme policies - Tier 2 IBL — Inbound Link management must follow link scheme policies - Tier 3 LLMO — AI use must follow scaled content abuse policies - Tier 6 OCO — Original Content Optimization is the inverse of scraped/scaled abuse Spam Policies compliance is a gate — sites failing here can't benefit from optimization in any other tier. 10. Detection, Response, and Recovery 10.1 Manual Action Detection Check Search Console at Search Console Security & Manual Actions Manual actions weekly. When a manual action appears: - Read the description carefully - Note whether it's site-wide or partial - Document the action type and date - Begin immediate investigation per Section 10.3 10.2 Algorithmic Spam Update Detection Use the same protocol as core update detection see framework-coreupdates.md Section 4 : - Monitor SERP volatility trackers - Watch for Google announcements about spam updates - Compare site performance to industry signals - 72-hour hold rule before reactive action When a spam update appears to be active: - Audit site against spam policies Sections 4-5 - Identify likely violation pattern - Begin remediation 10.3 Manual Action Response Protocol When manual action received: Day 1 : - Read action description thoroughly - Identify what triggered it - Document current state for "before" reference - Begin remediation immediately Days 1-7 : - Comprehensive site audit per relevant Section 4 policy - Identify all violating content/patterns - Remediate or remove - Document every remediation action with dates Days 7-14 : - Verify remediation is complete - Audit for any missed instances - Strengthen processes to prevent recurrence - Prepare reconsideration request Reconsideration request structure : Reconsideration Request — {{ACTION TYPE}} Manual Action Details - Action type: {{TYPE}} - Notification date: {{DATE}} - Affected pages/sections: {{SCOPE}} What Caused the Violation {{HONEST DESCRIPTION OF THE PATTERN}} What We Have Done to Fix It 1. {{REMEDIATION ACTION 1 WITH DATE}} 2. {{REMEDIATION ACTION 2 WITH DATE}} 3. {{REMEDIATION ACTION 3 WITH DATE}} Evidence of Remediation - {{EVIDENCE TYPE 1}}: {{LINK OR DESCRIPTION}} - {{EVIDENCE TYPE 2}}: {{LINK OR DESCRIPTION}} Steps We Have Taken to Prevent Recurrence 1. {{PROCESS CHANGE 1}} 2. {{PROCESS CHANGE 2}} 3. {{POLICY DOCUMENT LINK}} Acknowledgment We acknowledge the violation, understand why our prior practices violated Google's policies, and are committed to maintaining compliance going forward. Submitted by: {{NAME}} Date: {{DATE}} Search Console verified property: {{DOMAIN}} Submit through Search Console Manual actions Request a review. Response timeline: Typically days to weeks. Sometimes longer for complex cases. 10.4 Reconsideration Request Best Practices - Be honest about the violation : Google's reviewers know what happened. Trying to deny or minimize is counterproductive. - Show specific remediation : Concrete actions with dates, not vague statements. - Demonstrate understanding : Show you understand why the practice was prohibited. - Provide evidence : Links to changed pages, screenshots of removed content, documentation of process changes. - Don't promise; demonstrate : "We have removed 247 articles" is better than "We will remove low-quality articles." - Address root cause : Process changes, not just symptom remediation. - Be patient : Multiple rounds of review possible. Don't keep filing requests during review periods. 10.5 Hacked Content Response Protocol When hacked content is detected: Hour 1 : - Take site offline if compromise is severe better than serving malware to users - Document the compromise screenshots, server log copies - Notify hosting provider if applicable Hours 1-24 : - Forensic analysis — how did they get in? - Identify all compromised files and pages - Restore from clean backup if available verified pre-compromise - Apply security patches that addressed the vulnerability - Rotate all credentials passwords, API keys, SSH keys - Add 2FA to all admin accounts if not already - Review user accounts; remove unauthorized accounts Days 1-7 : - Comprehensive site scan for residual compromise - Submit hacked content notice in Search Console - Request review once cleaned - Strengthen security posture per Section 6.5 Long-term : - Document the incident - Review security practices - Implement monitoring to detect future compromises faster 10.6 Link Penalty Response For unnatural links to your site: - Comprehensive backlink audit - Identify toxic links spammy domains, manipulated anchor text, link farms - Attempt outreach to remove often unsuccessful at scale - Disavow remaining toxic links via Google Search Console Disavow Tool - Document the disavow file for any reconsideration request - File reconsideration if manual action For unnatural links from your site: - Audit all outbound links - Add rel="nofollow" or rel="sponsored" where appropriate - Remove links acquired through link schemes - Document remediation - File reconsideration 11. Audit Mode 11.1 Comprehensive Spam Policy Audit Score the site against every documented policy: | | Policy Area | Pass/Fail | Notes | |---|---|---|---| | SP1 | Cloaking | || | SP2 | Doorway Pages | || | SP3 | Hacked Content | || | SP4 | Hidden Text and Links | || | SP5 | Keyword Stuffing | || | SP6 | Link Schemes inbound | || | SP7 | Link Schemes outbound | || | SP8 | Machine-Generated Traffic | || | SP9 | Malware and Malicious Behaviors | || | SP10 | Misleading Functionality | || | SP11 | Scaled Content Abuse | || | SP12 | Site Reputation Abuse | || | SP13 | Expired Domain Abuse | || | SP14 | Scraped Content | || | SP15 | Sneaky Redirects | || | SP16 | Spammy Auto-Generated Content | || | SP17 | Thin Affiliate Pages | || | SP18 | User-Generated Spam | Score: 18 policies. World-class compliance: 18/18 with zero risks identified. A site failing any single policy is at substantial risk regardless of other strengths. 11.2 Defensive Infrastructure Audit | | Criterion | Pass/Fail | |---|---|---| | DI1 | Content publishing workflow documented and enforced | | | DI2 | Link acquisition policy documented | | | DI3 | Third-party content review process exists if applicable | | | DI4 | AI content policy documented | | | DI5 | Security posture documented and current | | | DI6 | Quarterly spam audit performed | | | DI7 | Backlink profile audited within last 6 months | | | DI8 | UGC moderation active if applicable | | | DI9 | Editorial capacity matched to publication volume | | | DI10 | Author accountability infrastructure in place | Score: 10. World-class: 10/10. 12. Maintenance Schedule 12.1 Daily - Monitor Search Console for new manual actions - Watch for security warnings - Spam alert monitoring on user-generated content 12.2 Weekly - Review server logs for unusual patterns - Check for new comment spam or UGC spam - Monitor SERP volatility for spam update signals 12.3 Monthly - Backlink profile review for unnatural patterns - Sample content audit for scaled content patterns - Outbound link audit - Disavow file review 12.4 Quarterly - Full spam policy compliance audit - Security audit - Defensive infrastructure audit - Process documentation review and refresh 12.5 Annually - Comprehensive review against current spam policies policies evolve - Strategic compliance posture assessment - Update internal policies for any changes - Reconsideration request review for sites with manual action history 13. Common Mistakes & Anti-Patterns 13.1 Treating Spam Policies as Optional Anti-pattern : Following SEO advice that violates spam policies because "everyone does it." Why it fails : Penalties happen. Recovery is hard. The "everyone does it" sites disappear regularly. Fix : Treat spam policies as bright lines. Don't cross them regardless of competitive pressure. 13.2 AI Content Strategy Ignoring Scaled Content Abuse Anti-pattern : "We can publish 100 AI articles per month for cheap." Mass production with minimal review. Why it fails : Active enforcement target. Detection improving rapidly. Penalty severity high. Fix : Editorial capacity matched to volume. Quality over quantity. Real review process. 13.3 "Renting" Authority Through Parasite SEO Anti-pattern : Buying space on high-authority site to rank for commercial queries. Why it fails : Site reputation abuse policy targets exactly this. Both host site and parasite content suffer. Fix : Build authority on own domain. No parasite SEO arrangements. 13.4 Aged Domain Acquisitions for SEO Anti-pattern : Buying expired domains with prior authority to skip the authority-building process. Why it fails : Expired domain abuse policy. Re-evaluation removes the inherited authority. Fix : Build on new domains. Earn authority through current work. 13.5 Programmatic SEO Without Per-Page Value Anti-pattern : Generating thousands of city/category pages with templated content lacking unique value. Why it fails : Doorway pages plus thin content. Multiple policy risks. Fix : Programmatic pages must have genuine per-page value. Local content must be genuinely local. 13.6 Ignoring Manual Actions Anti-pattern : Manual action received, ignored or addressed slowly. Why it fails : Penalties compound. Reconsideration becomes harder over time. Fix : Manual actions are top priority. Stop other work; address immediately. 13.7 Assuming Algorithmic Demotion Isn't Spam-Related Anti-pattern : Traffic loss assumed to be core update; spam policy violation never investigated. Why it fails : Misdiagnosis. Spam-policy-related demotion requires different remediation than core update response. Fix : Check spam policies first when traffic loss occurs. Manual action notification doesn't always accompany algorithmic demotion. 13.8 Defensive Disavow Without Backlink Audit Anti-pattern : Disavowing all backlinks indiscriminately "to be safe." Why it fails : Disavowing legitimate authoritative links damages rankings. Fix : Audit-driven disavow. Only disavow demonstrably toxic links. 13.9 No Quarterly Audit Cadence Anti-pattern : Spam compliance treated as one-time setup, never revisited. Why it fails : Sites drift. New violations creep in. Policies evolve. Fix : Quarterly audits per Section 12. 13.10 Reconsideration Requests Without Real Remediation Anti-pattern : Filing reconsideration request with vague claims and no concrete remediation. Why it fails : Reviewers see this constantly. Request denied. Future requests get stricter scrutiny. Fix : Concrete remediation, documented evidence, real process changes. Then file. 14. Implementation/Audit Report Templates 14.1 Spam Policy Implementation Report Template Spam Policies Framework Implementation Report Site : {{BUSINESS NAME}} Implementation Date : {{TODAY}} Comprehensive Audit Results {{TABLE OF 18 POLICIES WITH FINDINGS}} Critical Issues Identified and Remediated {{LIST}} Defensive Infrastructure Installed - Content publishing workflow: {{STATUS}} - Link acquisition policy: {{STATUS}} - Third-party content process: {{STATUS}} - AI content policy: {{STATUS}} - Security posture documentation: {{STATUS}} Process Changes Implemented {{LIST WITH DATES}} Items Requiring Ongoing Monitoring {{LIST}} Sign-Off Implementation complete: {{DATE}} Implementer: {{NAME}} 14.2 Spam Policy Audit Report Template Spam Policies Audit Report Site : {{BUSINESS NAME}} Audit Date : {{TODAY}} Executive Summary {{ASSESSMENT}} Compliance Status - Policies in compliance: {{X}}/18 - Critical violations identified: {{COUNT}} - High-risk patterns identified: {{COUNT}} - Defensive infrastructure score: {{X}}/10 Per-Policy Findings {{DETAILED PER POLICY FINDINGS}} Critical Issues Requiring Immediate Action {{LIST WITH REMEDIATION PLANS}} Risk Patterns Identified {{LIST}} Defensive Infrastructure Gaps {{LIST}} Recommended Remediation Order {{PRIORITIZED LIST WITH TIMELINES}} Manual Action Status {{NONE / ACTIVE ACTION TYPE / HISTORICAL ACTIONS}} Sign-Off Audit complete: {{DATE}} Auditor: {{NAME}} 14.3 Manual Action Reconsideration Request Template Reconsideration Request — {{ACTION TYPE}} Manual Action Acknowledgment We received a manual action notification on {{DATE}} for {{ACTION TYPE}}. We acknowledge the violation and have completed remediation. What Caused the Violation {{HONEST AND SPECIFIC DESCRIPTION OF WHAT HAPPENED INCLUDING WHY IT HAPPENED}} Specific Remediation Actions {{REMEDIATION AREA 1}} - {{DATE}}: {{ACTION TAKEN}} - {{DATE}}: {{ACTION TAKEN}} - Evidence: {{LINK OR DESCRIPTION}} {{REMEDIATION AREA 2}} - {{DATE}}: {{ACTION TAKEN}} - Evidence: {{LINK OR DESCRIPTION}} Process Changes to Prevent Recurrence 1. {{NEW POLICY OR PROCESS}}: {{LINK TO DOCUMENTED POLICY}} 2. {{NEW POLICY OR PROCESS}}: {{LINK TO DOCUMENTED POLICY}} 3. {{NEW POLICY OR PROCESS}}: {{LINK TO DOCUMENTED POLICY}} Supporting Evidence - {{EVIDENCE DOC 1}}: {{LINK}} - {{EVIDENCE DOC 2}}: {{LINK}} - {{EVIDENCE DOC 3}}: {{LINK}} Commitment Going Forward We understand why our prior practices violated Google's spam policies. We have implemented systematic changes to prevent recurrence. We are committed to maintaining policy compliance and serving users with high-quality content. --- Submitted by: {{NAME}} Title: {{TITLE}} Date: {{DATE}} Search Console verified property: {{DOMAIN}} Contact: {{EMAIL}} End of Framework Document Document version : 1.0 Last updated : 2026-04-29 Maintained by : ThatDeveloperGuy Spam policies are the defensive half of search visibility. The frameworks that focus on quality E-E-A-T, HCS, YMYL, Information Gain tell you how to earn rankings. This framework tells you how not to lose them. A site that scores perfectly on quality frameworks but violates spam policies will be penalized regardless. A site that maintains spam policy compliance but lacks quality won't rank well but won't be removed. The 2024-2026 spam policy expansion — scaled content abuse, site reputation abuse, expired domain abuse — represents Google's most aggressive anti-manipulation enforcement in years. Sites that haven't audited against these new policies are at risk regardless of historical compliance. The work in this framework is defensive but essential. Compliance is a continuous practice, not a one-time setup. Quarterly audits per Section 12 are the minimum. Sites with growth, new content patterns, new partnerships, or new authors require more frequent review. The cost of a penalty — both ranking damage and remediation work — is dramatically higher than the cost of compliance. Companion documents in this library: - framework-eeat.md — Foundational E-E-A-T the quality counterpart to spam policies - framework-ymyl.md — Your Money or Your Life elevated standards - framework-hcs.md — Helpful Content System - framework-sqrg.md — Search Quality Rater Guidelines - framework-coreupdates.md — Google Core Updates - framework-infogain.md — Information Gain - framework-entitysalience.md — Entity Salience - framework-knowledgegraph.md — Knowledge Graph - framework-aicitations.md — AI Citations About this framework library This article is the Dev.to republish of a framework reference document from ThatDevPro's SEO + AI engineering library. Canonical source: https://www.thatdevpro.com/insights/framework-spampolicies/ ThatDevPro is an SDVOSB-certified veteran-owned web + AI engineering studio operating from Cassville, Missouri. The studio runs the full 14-tier Engine Optimization https://www.thatdevpro.com/services/engine-optimization/ stack and ships open-source tooling for AI citation engineering. Companion 14-tier Engine Optimization stack each tier is its own article : Tier 1 — Foundation https://www.thatdevpro.com/insights/seo-tier-1-foundation/ Tier 2 — Search Visibility https://www.thatdevpro.com/insights/seo-tier-2-search-visibility/ Tier 3 — AI Domination https://www.thatdevpro.com/insights/seo-tier-3-ai-domination/ Tier 4 — Entity and Authority https://www.thatdevpro.com/insights/seo-tier-4-entity-and-authority/ Tier 5 — Local Domination https://www.thatdevpro.com/insights/seo-tier-5-local-domination/ Tier 6 — Content and Multimedia https://www.thatdevpro.com/insights/seo-tier-6-content-and-multimedia/ Tier 7 — Social and Community https://www.thatdevpro.com/insights/seo-tier-7-social-and-community/ Tier 8 — Data, Analytics, Conversion https://www.thatdevpro.com/insights/seo-tier-8-data-analytics-conversion/ Tier 9 — Monitoring and Intelligence https://www.thatdevpro.com/insights/seo-tier-9-monitoring-and-intelligence/ Tier 10 — Workflow and Operations https://www.thatdevpro.com/insights/seo-tier-10-workflow-and-operations/ Tier 11 — Marketplace and Retail https://www.thatdevpro.com/insights/seo-tier-11-marketplace-and-retail/ Tier 12 — International https://www.thatdevpro.com/insights/seo-tier-12-international/ Tier 14 — Advanced and Immersive https://www.thatdevpro.com/insights/seo-tier-14-advanced-and-immersive/ Need this framework implemented on your site? See the Engine Optimization service https://www.thatdevpro.com/services/engine-optimization/ or hire through ThatDevPro contact https://www.thatdevpro.com/contact/ .