Google Spam Policies: all 18 policies with detection, prevention, and remediation

A comprehensive installation and audit reference for understanding Google's documented spam policies, identifying spam policy violations on a website, remediating violations, recovering from spam…

Google's Explicit Anti-Spam Policies — What Gets Punished, How to Avoid It, and How to Recover

A comprehensive installation and audit reference for understanding Google's documented spam policies, identifying spam policy violations on a website, remediating violations, recovering from spam updates and manual actions, and building structural defenses against accidentally violating spam policies through scale or third-party content. This document is dual-purpose: installation manual and audit document.

Cross-stack implementation note: the code samples in this framework are written in plain HTML for clarity. For React, Vue, Svelte, Next.js, Nuxt, SvelteKit, Astro, Hugo, 11ty, Remix, WordPress, Shopify, and Webflow equivalents of every pattern below, see framework-cross-stack-implementation.md. For pure client-rendered SPAs (no SSR/SSG) see framework-react.md. For Tailwind-specific concerns (purge, dynamic classes, dark-mode CLS, focus accessibility) see framework-tailwind.md.

1. Document Purpose & How to Use This Document

1.1 What This Document Is

This is the canonical reference for Google's spam policies — the documented rules at developers.google.com/search/docs/essentials/spam-policies that define what Google considers manipulative practices, what triggers algorithmic spam updates, and what triggers manual actions. While the rest of the foundational framework library focuses on what to do to earn rankings and citations, this document focuses on what not to do — the practices that result in ranking suppression, deindexing, or manual penalties regardless of how strong other signals are.

Spam policies are operationally distinct from quality frameworks. A site can score 130/130 on E-E-A-T, satisfy YMYL standards perfectly, and still get hit by a spam policy violation that suppresses or removes it from search entirely. Conversely, a site can have weak E-E-A-T and still avoid spam violations. The two systems run in parallel — quality frameworks affect where you rank; spam policies affect whether you can rank at all.

The 2024-2026 evolution of Google's spam policies has been significant. The March 2024 update added three new spam policies (scaled content abuse, site reputation abuse, expired domain abuse) and integrated existing policies more aggressively into core ranking. The May 2024 spam update enforced these policies with substantial site impact. Continuing through 2025 and into 2026, spam updates have run alongside core updates with increasing frequency, and manual action issuance has accelerated for the new policy categories.

This document specifies every documented spam policy, the patterns Google uses to detect violations, defensive structural patterns to prevent accidental violations, response procedures when violations are detected, and recovery protocols for both algorithmic suppression and manual actions.

1.2 Three Operating Modes

Mode A — Install Mode: Building defensive infrastructure into a site to prevent spam policy violations. Follow Sections 2 → 14.

Mode B — Audit Mode: Evaluating an existing site for spam policy compliance. Skip to Section 11.

Mode C — Hybrid Mode: Audit then install for failing items.

1.3 How Claude Code CLI Should Consume This Document

1. Read Section 2 — collect client variables, especially historical penalty status
2. Read Section 3 — understand the difference between spam updates, manual actions, and core updates
3. Apply Section 4 — work through every documented spam policy systematically
4. Apply Section 5 — special focus on the three policies added in March 2024 (most active enforcement)
5. Install defensive patterns — Sections 6-9
6. Validate — Section 11
7. If active violation suspected — go directly to Section 10 (response and recovery)
8. Generate report — Section 14

1.4 Conflict Resolution Rules

1.5 Required Tools

• Google Search Console — primary source for manual action notifications and spam-related ranking data
• Google Search Console Disavow Tool — for disavowing toxic backlinks
• Bing Webmaster Tools — parallel monitoring for Bing manual actions
• The actual spam policies documentation — developers.google.com/search/docs/essentials/spam-policies
• Originality.ai or similar — AI content detection for scaled content abuse audit
• Ahrefs/Semrush/Majestic — backlink profile auditing for link scheme detection
• Wayback Machine — historical site state research, especially for expired domain audit
• Server logs — to detect cloaking, sneaky redirects, hacked content

2. Client Variables Intake

# ============================================
# SPAM POLICIES FRAMEWORK CLIENT VARIABLES
# ============================================

# --- Business Identity (REQUIRED) ---
business_name: ""
primary_domain: ""
domain_age_years: 0
domain_acquired_from_someone_else: false  # Critical — if true, expired domain abuse risk
previous_domain_owner_known: ""
previous_domain_purpose: ""

# --- Penalty History (REQUIRED) ---
has_received_manual_action: false
manual_action_history: []            # List of past manual actions and dates
has_filed_reconsideration_request: false
reconsideration_request_outcome: ""
historical_spam_update_impacts: []    # Past spam updates that affected this site

# --- Content Creation Patterns (REQUIRED — be honest) ---
publishes_ai_generated_content: false
ai_content_publication_volume: ""    # "low" (<5/month), "medium" (5-50/month), "high" (>50/month)
ai_content_review_quality: ""        # "expert_review", "editor_review", "minimal_review", "none"
ai_content_disclosure: false
publishes_at_high_volume: false      # >10 articles per week
content_outsourced_to_freelancers: false
content_outsourced_volume: ""

# --- Site Architecture (REQUIRED) ---
has_subdomains: false
subdomain_list: []
has_subfolders_with_external_content: false  # Critical for site reputation abuse
external_partners_publishing_on_site: []
allows_user_generated_content: false
ugc_moderation_level: ""             # "none", "post_hoc", "pre_publication", "vetted_only"

# --- Linking Patterns (REQUIRED) ---
has_outbound_paid_links: false
paid_links_use_rel_sponsored: false
has_link_exchange_arrangements: false
has_purchased_links: false
has_used_link_building_services: false
sponsored_content_disclosed: false
affiliate_links_use_rel_sponsored: false

# --- Technical Spam Vectors (REQUIRED) ---
serves_different_content_to_googlebot: false  # Cloaking risk
uses_user_agent_detection: false
has_redirect_chains: false
has_meta_refresh_redirects: false
has_javascript_redirects_obscuring_destination: false
has_doorway_pages: false             # Many pages targeting variations of same intent
has_thin_pages_targeting_keywords: false

# --- Content Quality Signals (REQUIRED) ---
has_scraped_or_syndicated_content_without_value_add: false
has_duplicated_content_across_pages: false
has_machine_translated_content_without_review: false
has_auto_generated_text_filler: false
has_keyword_stuffed_content: false
has_invisible_or_misleading_text: false

# --- Hacking & Security (REQUIRED) ---
last_security_audit_date: ""
has_been_hacked_historically: false
hack_remediation_complete: false
has_2fa_on_admin_accounts: false
has_security_monitoring: false

# --- Affiliate & Monetization (REQUIRED) ---
business_model_includes_affiliate: false
affiliate_content_adds_value_beyond_links: false  # Honest answer
affiliate_disclosure_present: false
affiliate_disclosure_clear_and_conspicuous: false

# --- E-Commerce Specific (if applicable) ---
sells_user_data: false
displays_misleading_product_information: false
deceptive_pricing_practices: false
fake_reviews_present: false
review_acquisition_methods: []        # How reviews are obtained

# --- Compliance Documentation (REQUIRED) ---
has_documented_anti_spam_policies: false
has_third_party_content_review_process: false
has_link_acquisition_policy: false
has_ai_content_policy: false
quarterly_spam_audit_performed: false

After variables are gathered, save as spam-policies-variables.yml.

3. What Spam Policies Are

Google's spam policies are explicit rules documented at developers.google.com/search/docs/essentials/spam-policies that define manipulative practices Google does not allow in search results. These are operationally distinct from quality frameworks like E-E-A-T or HCS.

3.1 The Three Enforcement Mechanisms

Algorithmic Spam Updates — Periodic updates to Google's spam-detection algorithms. Like core updates, they roll out over days to weeks, are publicly named, and affect rankings broadly. Sites violating spam policies see ranking suppression, sometimes severe. Recovery requires remediation plus time. Recent named spam updates include:

• May 2024 Spam Update (enforcement of the new March 2024 policies)
• October 2024 Spam Update
• December 2024 Spam Update
• June 2025 Spam Update
• November 2025 Spam Update

Manual Actions — Human-issued penalties communicated via Search Console under Security & Manual Actions. Manual actions can be partial (specific pages or sections affected) or sitewide. Some are reconsideration-eligible (after demonstrating remediation), some are not. Manual action types include:

• Site abused with third-party spam
• User-generated spam
• Spammy free hosts
• Structured data issue
• Unnatural links to your site
• Unnatural links from your site
• Thin content with little or no added value
• Cloaking and/or sneaky redirects
• Pure spam
• Cloaked images
• Hidden text and/or keyword stuffing
• AMP content mismatch
• Sneaky mobile redirects
• News and Discover policy violations

Algorithmic Demotion (No Manual Action) — Some spam-detection happens algorithmically without manual review, resulting in ranking suppression without an explicit manual action notification. Sites may experience traffic loss without knowing the cause. These cases require diagnostic investigation against spam policy criteria.

3.2 What Distinguishes Spam from Low Quality

Quality issues (low E-E-A-T, weak HCS) are matters of degree — content can be more or less helpful, more or less authoritative. Spam violations are matters of category — content either is or isn't keyword stuffed, scraped, cloaked. Spam policies define bright lines.

The practical implication: improving quality moves rankings up gradually. Eliminating spam violations may unlock sudden ranking restoration once Google's systems re-evaluate the site post-remediation.

3.3 The 2024 Policy Expansions

In March 2024, Google added three new spam policies that have driven substantial enforcement activity:

Scaled Content Abuse — Producing pages at scale primarily for ranking purposes, regardless of whether AI, human, or mixed authorship. Replaced the older "automatically generated content" policy with a broader definition focused on intent and pattern rather than method.

Site Reputation Abuse — Third parties publishing content on a host site primarily to leverage that site's ranking signals. Common pattern: established media sites leasing subdomains or subfolders to coupon, casino, or supplement marketers.

Expired Domain Abuse — Repurposing expired domains with prior authority to host content unrelated to the prior purpose, primarily for ranking benefit from inherited trust signals.

These three policies represent the largest spam policy expansion in years and continue to drive significant enforcement through 2026.

3.4 What Spam Policies Don't Cover

Spam policies don't cover:

• Quality issues — addressed via core updates and HCS, not spam policies
• Mistakes or accidents — Google distinguishes between intentional manipulation and good-faith errors
• Personal preference disagreements — practices Google might not love but doesn't classify as spam
• Legal compliance issues — copyright, defamation, etc. are addressed through other mechanisms

When something isn't a spam policy violation, addressing it requires the relevant quality framework.

4. Documented Spam Policies — Comprehensive Reference

This section catalogs every documented spam policy, what it covers, detection patterns, and avoidance requirements.

4.1 Cloaking

What it is: Presenting different content to search engine crawlers than to human users.

Common patterns:

• User-agent detection serving different HTML to Googlebot vs browsers
• IP-based content swapping
• JavaScript that hides content from users that Googlebot sees as text
• Reverse cloaking — keyword-stuffed text visible to bots, "cleaner" version to users
• Geographic cloaking serving different content based on visitor location for ranking manipulation

Detection:

• Google fetches with browser-like user agents and compares
• Googlebot also runs in different network locations
• Discrepancies between rendered DOM and HTML sent to crawlers flagged

Avoidance requirements:

• Serve identical content to all visitors (with legitimate exceptions for personalization, A/B testing through proper Google-supported methods, paywall/login walls properly declared)
• If using A/B testing, use Google's recommended approach (canonical to original, no rel=canonical pointing to test variant)
• Personalization based on user signals must not differ for Googlebot in ways that would change ranking signals
• Geographic content variations must use proper hreflang
• Verify with Google's URL Inspection Tool — what Googlebot sees should match what users see

Code pattern (anti-cloaking):

<!-- Same HTML for all visitors -->
<!-- Personalization happens client-side AFTER initial render -->
<!-- Or via Google-recognized signals like cookies, not user-agent -->

4.2 Doorway Pages

What it is: Pages created primarily to rank for specific queries that funnel users to a different destination of less direct utility.

Common patterns:

• Multiple landing pages for slight variations of the same query (e.g., "cheap car rental Austin," "affordable car rental Austin," "low cost car rental Austin" all leading to same booking page)
• Geographic doorway pages with thin city-specific content but identical service offering
• Pages that exist solely to rank, then redirect or funnel users elsewhere
• Templated pages with minor keyword variations across each instance

Distinction from legitimate location pages: A genuine local landing page provides location-specific information (local team, local hours, local context, local testimonials). A doorway page just swaps the city name in templated content.

Detection:

• Pattern recognition across page templates
• Bounce-and-redirect behavior monitoring
• Lack of unique value per page in a series

Avoidance requirements:

• Each page must offer substantive unique value beyond keyword targeting
• Location-specific pages must include genuinely location-specific content
• Don't create variations targeting query stems that resolve to the same intent
• Consolidate query variations into single comprehensive pages

Programmatic SEO consideration: Programmatic city pages (such as those covering 4,715 city/service combinations) are not automatically doorway pages. They're doorway pages when they're thin and offer no location-specific value. They're legitimate when each page offers genuinely useful location-specific information — local team contact, local pricing variations, local case studies, local testimonials, local regulatory considerations, etc.

4.3 Hacked Content

What it is: Content placed on a site without permission, typically through security vulnerabilities, that's used for spam, phishing, or malware distribution.

Common patterns:

• Injected pages selling unrelated products (pharmaceuticals, gambling)
• Hidden content (cloaked) only visible to search engines
• Redirected pages sending users to malicious destinations
• Modified existing pages with injected spam content
• Created admin accounts using compromised credentials

Detection:

• Google security systems flag known hack patterns
• Search Console issues "Hacked" warning
• Sudden appearance of pages on unfamiliar topics
• Server logs show unusual activity

Avoidance requirements:

• Keep all software (CMS, plugins, themes, server stack) current
• Use 2FA on all admin accounts
• Strong unique passwords (password manager)
• Limit admin account count
• Regular security scanning (Wordfence, Sucuri, Patchstack for WordPress; equivalent for other stacks)
• Web Application Firewall (Cloudflare, Sucuri, Wordfence)
• File integrity monitoring
• Intrusion detection on server level
• Off-site backups for rapid recovery

Response if hacked: See Section 10.5.

4.4 Hidden Text and Links

What it is: Text or links placed in a way that human users can't see but search engines can read.

Common patterns:

• White text on white background
• Text positioned off-screen (text-indent: -9999px)
• Text behind images
• Tiny font sizes (1px font, 0px line-height)
• Display:none or visibility:hidden on text containing keywords
• Hiding text with CSS that's recoverable by crawlers
• Links in characters like commas or single periods
• 1×1 pixel images linking to other sites

Detection:

• Google rendering identifies hidden content
• Comparison of rendered vs HTML content reveals hidden elements
• Pattern recognition on common hiding techniques

Avoidance requirements:

• All text on the page should be visible to users
• Don't use CSS to hide content for ranking purposes
• Legitimate cases where content is hidden until user interaction (accordions, tabs, collapsible sections) are acceptable but content should still be visible/accessible upon interaction
• Modal/popup content acceptable when triggered by user action
• Skip-to-content links acceptable if standard accessibility pattern

Code pattern (legitimate progressive disclosure):

<details>
  <summary>Click to expand</summary>
  <p>Content visible after click. This is acceptable — user can access.</p>
</details>

Code pattern (spam):

<style>.hidden { display: none; }</style>
<div class="hidden">
  Keyword stuffed text invisible to users but indexed by search engines.
</div>

4.5 Keyword Stuffing

What it is: Loading pages with keywords or numbers in attempts to manipulate ranking, especially when it harms user experience.

Common patterns:

• Lists of phone numbers without substantive value
• Blocks of text listing cities or regions where the page wants to appear
• Repeating same words or phrases unnaturally
• Hidden keyword lists in meta tags or alt text
• Stuffing alt attributes with keyword variations rather than describing images
• Awkward sentences padded with keyword variations

Detection:

• Keyword density relative to surrounding context
• Unnatural phrasing patterns
• Disproportionate keyword frequency
• Patterns that match known stuffing approaches

Avoidance requirements:

• Use keywords naturally in service of communication
• Alt attributes describe images, don't list keywords
• Meta descriptions describe content, don't pack keywords
• Don't list cities/regions/services as plain text blocks
• Vary language naturally; let topic-relevant terms appear organically
• Write for humans first; if it reads awkwardly, it's stuffed

Word count consideration: Stuffing is about pattern, not absolute frequency. A long article on a specific topic will naturally include the topic term frequently — that's fine. A short article repeating the same phrase 30 times is stuffing.

4.6 Link Schemes

What it is: Links intended to manipulate ranking that aren't editorial in nature.

Common patterns:

Buying or selling links for ranking:

• Purchasing dofollow links
• Selling dofollow links
• Trading goods or services for links
• Sending free products in exchange for links without rel="sponsored"

Excessive link exchanges:

• "Link to us, we'll link to you" reciprocal arrangements
• Triangular link schemes (A→B→C→A)
• Link exchange directories purpose-built for SEO

Large-scale article marketing or guest posting with optimized anchor text:

• Guest posts where the primary purpose is dropping a link
• Optimized anchor text in guest content
• Single-author guest posting on dozens of sites
• Guest posts with author bios containing manipulated anchor text

Automated link building:

• Using software to create links across forums, blog comments, profiles
• Paid services that generate links at scale
• Link injection through hacked sites

Forum signatures and comments with optimized anchor text:

• Strategic forum participation primarily for link drops
• Blog comment links with money-anchor text

PBNs (Private Blog Networks):

• Network of sites primarily existing to link to a money site
• Often built on expired domains
• Often interlinked in patterns that reveal coordination

Detection:

• Backlink profile analysis showing unnatural patterns
• Anchor text distribution analysis
• Velocity analysis (sudden link spikes)
• Link source quality signals
• Pattern matching against known PBN footprints

Avoidance requirements:

• Earn links through valuable content, not solicitation
• Mark sponsored/paid links with rel="sponsored"
• Mark guest post author bio links with rel="ugc" or rel="nofollow" if unrelated to content
• Never participate in link exchanges for SEO purposes
• Never purchase links for ranking
• Never use link building services that promise dofollow links at volume

If unnatural inbound links are discovered:

• Disavow via Google's Disavow Tool
• Document disavow file in Search Console
• File reconsideration request if manual action issued

4.7 Machine-Generated Traffic

What it is: Automated queries or bot traffic to Google or to a site that doesn't reflect real user behavior.

Common patterns:

• Sending automated queries to Google (rank checking at high volume)
• Bot-driven traffic to a site to manipulate engagement signals
• Click manipulation services purchasing bot clicks on search results

Detection:

• Pattern analysis of query and click behavior
• Unusual session patterns
• Click-through patterns not matching organic behavior

Avoidance requirements:

• Use Google's official APIs for any automated query needs
• Don't use rank-tracking services that send unauthorized queries to Google (most reputable services use their own indexes)
• Never use traffic generation services
• Never use click-bot services

4.8 Malware and Malicious Behaviors

What it is: Software that harms users — viruses, trojans, ransomware, unwanted software, drive-by downloads.

Common patterns:

• Direct malware distribution
• Misleading downloads (claiming to be one thing, actually another)
• Software that modifies browser settings without consent
• Drive-by downloads triggered by visiting a page
• Sites distributing pirated software with bundled malware

Detection:

• Google Safe Browsing scans
• Detected malware triggers Search Console alerts and search result warnings

Avoidance requirements:

• All downloads must accurately describe what's being downloaded
• No bundled software users haven't consented to
• No browser modification scripts
• Maintain site security to prevent malware injection
• Verify all third-party scripts and ads

4.9 Misleading Functionality

What it is: Sites that don't work as advertised — fake login forms, fake software, fake services.

Common patterns:

• Pretending to be a brand the site isn't (phishing)
• Promising functionality the site doesn't deliver
• Fake "free PDF generator" or similar tools that don't work
• Bait-and-switch products or services

Avoidance requirements:

• Sites must accurately represent themselves and their function
• Promised features must work
• Brand impersonation prohibited
• Deceptive product descriptions prohibited

4.10 Scaled Content Abuse (Added March 2024)

What it is: Producing many pages whose primary purpose is search ranking manipulation rather than helping users — regardless of whether the content was created by AI, humans, or both.

This is one of the most actively enforced policies in 2025-2026.

Common patterns:

• AI-generated articles published at high volume with minimal review
• Content farms producing hundreds or thousands of articles per month
• Spinning existing content into many variations
• Programmatic page generation without genuine per-page value
• Templated content with minor variations to target keyword variations
• "AI in, content out" workflows with no editorial layer

Critical clarification: AI use isn't automatically scaled content abuse. The violation is scale + low value + ranking primary purpose. AI can be used responsibly as a research and drafting assistant for content that adds genuine value. AI cannot be used to mass-produce content that exists primarily to occupy SERP space.

Detection:

• Pattern recognition across publication volume
• Content originality and value analysis
• Engagement signals indicating low user satisfaction
• Linguistic patterns common to AI generation when not edited
• Site-wide content quality distribution
• Rate of publication relative to organizational capacity

The December 2024 core update specifically targeted scaled content abuse patterns. Many content farms saw 40-80% organic traffic loss. The pattern continues — sites publishing high-volume AI content with minimal review face increasing risk through 2026.

Avoidance requirements:

• Publication volume should be proportional to genuine editorial capacity
• Every published article must add genuine value beyond what's already available
• AI-assisted content requires meaningful human review and editing
• Establish editorial review process: research → AI-assisted draft → expert revision → fact-check → publish
• Disclose AI use per E-E-A-T framework Section 4.4.6
• Maintain author accountability — real bylines, real responsibility for accuracy
• Apply Information Gain principles per framework-infogain.md — every article must contribute novelty
• Apply HCS principles per framework-hcs.md — content for users, not for search

Quantitative guideline: There's no fixed "publish less than X articles per month" rule. The relevant ratio is editorial capacity to publication volume. A team of 1 reviewing 5 AI-assisted articles per month is reasonable. A team of 1 publishing 100 AI articles per month is not. A team of 20 with rigorous editorial workflow can publish more without violation. Google's systems evaluate the quality outcome, not the input method.

4.11 Site Reputation Abuse (Added March 2024)

What it is: Third-party content published on a host site primarily to take advantage of the host's existing ranking signals, where the third-party content has little oversight from the host site.

Common patterns:

Parasite SEO arrangements:

• Major news sites hosting "coupon code" subdirectories run by third parties
• Established sites leasing subdomains to gambling, crypto, supplement marketers
• Educational sites carrying commercial review sections operated by external SEO firms
• Government or non-profit sites hosting commercial content for revenue

Common host targets:

• News publications with high domain authority
• Educational institutions (.edu)
• Government sites (.gov)
• Long-established commercial sites with strong ranking signals
• Wikipedia-adjacent properties

The May 2024 spam update aggressively enforced this policy. Many high-profile examples of parasite SEO arrangements were de-ranked. Enforcement continues actively through 2026.

Detection:

• Subdomain or subfolder content disconnected from main site purpose
• Content quality and topic mismatch with host site
• Editorial oversight gaps (different bylines, different editorial standards, different design patterns)
• Pattern of similar parasite arrangements across multiple host sites

Avoidance requirements:

For host sites:

• Don't lease subdomains or subfolders to third parties for content unrelated to your site's purpose
• All content under your domain should be editorially controlled by your organization
• If accepting sponsored content, treat as such with proper disclosure (rel="sponsored")
• Affiliate content should be created under your editorial standards
• Brand partnerships should be clearly disclosed and editorially vetted
• Coupon/deals sections, if present, should be operated under main editorial oversight

For sites attempting to use parasite SEO:

• Don't. The strategy is documented and enforced.
• Build authority on your own domain
• Use legitimate guest contribution to other sites with rel="sponsored" or rel="ugc" where appropriate

Edge cases:

• Press releases distributed via wire services: Acceptable when properly attributed and not optimized solely for ranking
• Job listings, classified ads: Acceptable when relevant to host site purpose
• Forum content from real community members: Acceptable with moderation
• Guest articles: Acceptable when editorially vetted and contributing genuine value
• Affiliate review sections: Risk depends on editorial control — content created and vetted by host editorial team is acceptable; content provided by affiliate partners and published with minimal review is parasite SEO

Specific test for site reputation abuse:

1. Is the content created by the host site's editorial team? If yes, not parasite SEO.
2. Is the content created externally but rigorously edited by the host's team to its standards? Probably acceptable.
3. Is the content created externally and published with minimal host editorial involvement, primarily for ranking benefit? Likely site reputation abuse.

4.12 Expired Domain Abuse (Added March 2024)

What it is: Acquiring expired domains with prior authority and repurposing them with content unrelated to the prior site's purpose, primarily to leverage inherited ranking signals.

Common patterns:

• Buying expired domain previously used by a non-profit, repurposing for commercial content
• Buying expired domain previously a small business site, repurposing as a content site on unrelated topic
• Acquiring multiple expired domains to build PBN
• Building content sites on expired domains that have nothing to do with original purpose

Detection:

• Wayback Machine analysis showing dramatic content shifts
• Backlink profile inconsistency with current site purpose
• Patterns matching known expired domain reseller markets
• Sudden ranking improvements without commensurate content quality

Avoidance requirements:

If acquiring an expired domain:

• Continue the original site's purpose if at all possible
• If different purpose, build genuinely from scratch and don't expect inherited ranking benefits
• Submit reconsideration request if needed clarifying domain purpose change
• Be prepared for ranking signals to be re-evaluated post-acquisition

If domain history is unclear:

• Wayback Machine review reveals prior content
• Major content shifts justify Google's re-evaluation
• Disavow inherited backlinks if they're spammy
• Build new authority from current activity

Best practice: Build on new domains for new businesses. The "buying an aged domain for SEO benefit" strategy is now actively penalized. The domain age signal that this strategy targeted has been re-weighted to require continuity of purpose.

4.13 Scraped Content

What it is: Content republished from other sources without adding meaningful value.

Common patterns:

• Auto-generated scraping of RSS feeds republished as own content
• Content "spinning" — taking original content and using software to substitute synonyms
• Republishing other sites' content with minor modifications
• Aggregator pages with snippets but no substantial value add
• Content "rewriting" services that produce technically-different but substantively-identical content

Distinction from legitimate aggregation: Aggregation that adds substantial value (curation, expert commentary, synthesis) is acceptable. Aggregation that adds nothing beyond republishing is scraping.

Detection:

• Content similarity matching against original sources
• Pattern recognition on spinning techniques
• Originality analysis

Avoidance requirements:

• All content should be substantively original to the publishing site
• Quotes and excerpts permitted with attribution
• Curated lists permitted with substantial original commentary
• Syndication agreements permitted when properly canonicalized to original
• Synthesis across sources permitted when synthesis itself is the contribution

4.14 Sneaky Redirects

What it is: Redirects that send users to a different destination than they expected.

Common patterns:

• User clicks search result expecting one type of content, redirected to commercial offer
• Mobile users redirected to different content than desktop users expecting the same page
• Redirects from one search result to entirely unrelated destination
• JavaScript redirects that mask the destination
• Conditional redirects based on referrer (only redirect when from Google)

Detection:

• Mobile vs desktop content comparison
• User-experience signals (bounce rate, behavior)
• Crawl path analysis

Avoidance requirements:

• Redirects must lead to content matching what the search snippet promised
• Mobile and desktop should reach equivalent content for the same URL
• Use 301/302 redirects appropriately, not JavaScript redirects to mask destinations
• Don't redirect users based on referrer for ranking manipulation

4.15 Spammy Automatically-Generated Content

What it is: Content produced by automated systems primarily for ranking, without value to users. Largely subsumed by the broader Scaled Content Abuse policy.

Common patterns:

• Markov chain generated text
• Translated text without human review
• Automatically combined content from multiple sources
• Automatically-created content stitching together database content with templates

Note: This older policy has been broadened into Scaled Content Abuse (Section 4.10). The narrow technical definition of "automatically generated" is now less relevant than the broader "content created at scale primarily for ranking." Same defensive patterns apply.

4.16 Thin Affiliate Pages

What it is: Affiliate marketing pages with little original content beyond the affiliate offers.

Common patterns:

• Product review pages that just describe what the product's manufacturer says
• Comparison pages with no actual testing or evaluation
• "Top 10" lists ranked by affiliate commission rather than user benefit
• Pages with no value beyond the affiliate links

Distinction from legitimate affiliate content: Affiliate marketing isn't prohibited. Thin affiliate content is. The standard: would this page be valuable even without the affiliate links? If not, it's thin.

Avoidance requirements:

• Affiliate content must add substantial value beyond the affiliate program
• Real product testing or experience documented
• Evaluation criteria honest and useful
• Recommendations based on user benefit, not commission rate
• Affiliate disclosure prominent (FTC requirement and quality signal)
• Use rel="sponsored" on affiliate links

4.17 User-Generated Spam

What it is: Spam content posted by third parties on a site, often through comments, forums, or open user-content systems.

Common patterns:

• Comment spam with promotional links
• Profile pages created solely to host links
• Forum signatures with money-anchor links
• Review spam (fake reviews, paid reviews)
• Marketplace listings designed for SEO rather than genuine commerce

Detection:

• Pattern recognition on common spam content
• Volume and velocity of UGC posting
• Author signal analysis

Avoidance requirements:

For sites with UGC:

• Implement moderation (pre-publication ideally, post-publication minimum)
• Require account creation with verification
• Use rel="ugc" on links from user-generated content
• Implement spam filters (Akismet for WordPress, etc.)
• Manual review of high-volume posters
• Remove spam content promptly when discovered
• Don't allow comments to remain on old posts indefinitely if not moderated
• Consider closing comments on older posts if moderation isn't sustainable

If site is hit by user-generated spam manual action:

• Audit all UGC for spam patterns
• Remove confirmed spam
• Strengthen moderation processes
• File reconsideration request demonstrating remediation

5. Special Focus: The Three Policies Added March 2024

The three new spam policies introduced in March 2024 represent the most active enforcement areas in 2025-2026. Most penalties issued through this period fall into one of these three categories.

5.1 Scaled Content Abuse — Defensive Implementation

Audit current state:

# Scaled content abuse audit
publication_volume_per_month: 0
authors_per_published_article_average: 0
review_time_per_article_hours: 0
ai_assisted_articles_per_month: 0
ai_unassisted_articles_per_month: 0
content_outsourcing_volume: 0

# Honesty check
publishing_at_capacity: false  # Are we publishing more than we can genuinely review?
each_article_adds_genuine_value: false  # Honest answer
review_process_is_substantive: false  # Honest answer

Risk assessment:

Defensive structural patterns:

1. Editorial capacity matched to volume: If team can rigorously review N articles per month, publication volume should not exceed N (with margin)
2. Documented editorial process: Research → Outline → Draft (AI-assisted or not) → Expert review → Fact-check → Edit → Publish
3. Author accountability: Real bylines, real Person schema with credentials, real responsibility for accuracy
4. Per-article value gating: Pre-publish check requiring articulation of what the article adds (Information Gain framework)
5. AI use disclosure: Site-wide policy + per-article disclosure when applicable
6. Quality monitoring: Track engagement metrics; remove or significantly improve underperforming content
7. Topical focus discipline: Don't publish on topics outside genuine site authority

If currently exceeding safe patterns:

1. Stop publishing AI content immediately until audit complete
2. Audit existing AI content — identify articles with insufficient value
3. Remove or significantly improve identified articles
4. Restructure publication cadence to match genuine editorial capacity
5. Document new process for any reconsideration needs

5.2 Site Reputation Abuse — Defensive Implementation

Audit current state:

# Site reputation abuse audit
hosts_third_party_subdomain_content: false
subdomain_third_parties: []  # List with editorial control level

hosts_third_party_subfolder_content: false
subfolder_third_parties: []  # List with editorial control level

allows_external_publishing_arrangements: false
external_arrangement_details: []  # Description and editorial control level

editorial_control_over_all_subdomains: ""  # "full", "partial", "none"
editorial_control_over_all_subfolders: ""

Acceptable arrangements:

• Sponsored content: Clearly disclosed, rel="sponsored", produced or rigorously vetted by host editorial
• Guest contributions: Vetted by host editorial team, fits topical focus
• Affiliate partnerships: Content created by host team, with affiliate links properly disclosed
• Coupon/deals: Operated by host team or under direct host editorial supervision
• Press releases: Through proper PR/wire mechanisms with proper attribution
• Job listings: Relevant to host site purpose, properly structured

Unacceptable arrangements:

• Subdomain leased to third party for content unrelated to host purpose
• Subfolder where third party publishes with minimal host editorial involvement
• Coupon section run entirely by external SEO agency
• Casino/gambling content on educational or news sites
• Supplement marketing on health information sites
• Any "we'll pay you to host our content" arrangement

Defensive structural patterns:

1. All content under main domain editorially controlled by main organization
2. Subdomains used for legitimate technical separation (status.example.com, blog.example.com when run by same team) not for third-party content
3. Editorial standards applied uniformly across all site content
4. Sponsored content distinctly marked with rel="sponsored" and visible disclosure
5. Third-party content prohibited unless rigorously vetted

If currently has parasite SEO arrangement:

1. Terminate the arrangement — no remediation works while it's active
2. Remove or migrate the third-party content off the host domain
3. 301 redirect to third party's own domain if appropriate (with proper communication)
4. Document termination for any reconsideration request
5. Audit broader site for similar patterns

5.3 Expired Domain Abuse — Defensive Implementation

Audit current state:

# Expired domain abuse audit
domain_acquired_from_someone_else: false
acquisition_date: ""
prior_owner_known: ""
prior_site_purpose: ""

current_site_purpose: ""
purpose_continuity_with_prior: ""  # "same", "related", "unrelated", "completely_different"

wayback_machine_review_completed: false
inherited_backlinks_audited: false
problematic_inherited_backlinks_disavowed: false

Risk assessment:

Defensive structural patterns:

1. For new businesses, use new domains — don't acquire aged domains for SEO benefit
2. For business name acquisitions, focus on the brand value not the SEO equity
3. If acquiring expired domain, evaluate continuity carefully — substantial purpose continuity is the safe path
4. If purpose changes substantially, treat as new domain — don't expect inherited ranking benefits
5. Audit inherited backlink profile — disavow toxic backlinks immediately
6. Wayback Machine review — document the prior site for context

If domain has expired domain abuse risk:

1. Wayback Machine audit — what was the prior content?
2. Backlink audit — what does the inherited link profile look like?
3. Disavow toxic backlinks through Google Search Console
4. Make domain change explicit — About page acknowledges the change with substantive purpose explanation
5. Build current authority through current work — don't rely on inherited signals
6. Be prepared for slow ranking initially — Google will re-evaluate

6. Defensive Site Architecture

Beyond avoiding specific violations, structural patterns reduce risk of accidental violations.

6.1 Content Publishing Workflow

A workflow that prevents scaled content abuse and thin content:

Topic identification
  → "Why are we covering this?" gate
  → "What can we contribute?" gate (Information Gain)
  → If yes to both, proceed

Research
  → Primary sources gathered
  → Subject matter expert input

Drafting
  → AI-assisted or human-written (either acceptable)
  → Draft completed by named author

Expert review
  → Subject matter expert reviews accuracy
  → Reviewer takes professional responsibility
  → Reviewer signs off with name and credentials

Fact-checking
  → Every factual claim verified against primary source
  → Citations verified to actually support claims
  → Statistics double-checked

Editorial review
  → Quality assessment
  → Information Gain confirmation
  → Style and tone

Pre-publication check
  → Author byline with credentials present
  → Reviewer credit if YMYL
  → Disclosures present (AI use, affiliate, sponsored)
  → Schema valid
  → Internal links appropriate
  → Original imagery

Publication
  → Real bylines with author accountability
  → AI use disclosed if applicable
  → Refresh schedule set

6.2 Link Acquisition Policy

# {{BUSINESS_NAME}} Link Acquisition Policy

## What We Do

- Earn links through valuable content
- Cite primary sources in our content (creating natural inbound interest)
- Participate in industry communities authentically
- Build relationships with relevant publications

## What We Don't Do

- Buy or sell links for ranking purposes
- Participate in link exchange schemes
- Use link building services that promise volume
- Stuff guest post bylines with optimized anchor text
- Manipulate forum signatures or comment links
- Operate or participate in PBNs

## Sponsored Content

- Sponsored relationships disclosed with rel="sponsored"
- Sponsored content visibly marked
- Editorial integrity maintained

## Affiliate Links

- All affiliate links use rel="sponsored"
- Affiliate disclosure present on all affiliate content
- Affiliate recommendations based on user benefit, not commission

## When We Discover Toxic Inbound Links

- Document via backlink audit
- Disavow through Google Search Console
- Update Disavow file as needed

6.3 Third-Party Content Review Process

If the site allows any external content:

# Third-Party Content Review Process

## What We Accept

- Guest contributions from credentialed experts on our topical focus areas
- Sponsored content clearly identified as such
- User-generated content through approved channels

## What We Don't Accept

- Subdomain or subfolder leasing
- Content from external SEO agencies
- Content disconnected from our editorial focus
- Content with manipulated anchor text

## Vetting Process

1. Author/contributor identity verified
2. Content topic fits our editorial focus
3. Quality matches our standards
4. Editorial review by our team
5. Fact-checking through our process
6. Disclosure requirements met
7. Schema and metadata applied per our standards

6.4 AI Content Policy

# {{BUSINESS_NAME}} AI Content Policy

## How We Use AI

- Research assistance and source gathering
- First-draft generation reviewed by humans
- Grammar and style editing
- Outline and structure assistance

## How We Don't Use AI

- Mass-producing articles for SEO
- Publishing AI content without expert review
- Generating fabricated quotes, statistics, or experiences
- Replacing the need for genuine subject matter expertise

## Editorial Standards for AI-Assisted Content

- Every AI-assisted article reviewed by named subject matter expert
- Reviewer takes professional responsibility
- All factual claims verified against primary sources
- AI use disclosed per article when applicable
- Same quality bar as human-written content

## Volume Discipline

- Publication volume matches editorial capacity
- We don't publish more than we can rigorously review
- Quality over quantity is the principle

6.5 Security Posture

Documented at /admin/security-posture.md:

# Security Posture

## Current Configuration
- 2FA enabled on all admin accounts
- Strong unique passwords (password manager required)
- Limited admin account count
- Web Application Firewall active (Cloudflare)
- File integrity monitoring (Wordfence/equivalent)
- Daily off-site backups
- Quarterly security audit

## Monitoring
- Search Console for "Hacked" warnings
- Server logs reviewed weekly for unusual activity
- Malware scanning weekly
- SSL certificate expiration monitoring

## Incident Response
- Hacked content discovered → Section 10.5 protocol
- Credential compromise → password rotation across all accounts
- Successful intrusion → forensic analysis required before remediation

7. Red Flags and Early Warning Signs

Patterns that suggest spam policy violation risk before formal penalty.

7.1 Content Red Flags

• Publication volume increasing without staffing increase
• AI content disclosure conversations being avoided
• Pressure to publish "just to have content" on topics
• Articles published that the team hasn't read in full
• Topical drift into areas outside genuine expertise
• Word count targets driving content padding
• Refresh dates being updated without content updates

7.2 Linking Red Flags

• Sudden inbound link velocity increases
• Inbound links from sites with unrelated topics
• Inbound links with optimized anchor text patterns
• Outbound link targets the team can't explain
• "Link building" budget line items
• Email outreach offers for "guaranteed dofollow links"

7.3 Architecture Red Flags

• Subdomain or subfolder activity not familiar to main team
• Pages indexed that the team didn't create
• Geographic content variations beyond legitimate localization
• Server log entries showing crawl patterns to unknown URLs
• File system changes the team didn't make

7.4 Search Console Red Flags

• Manual action notifications (immediate priority)
• Security issue notifications
• Sudden indexing decreases without explanation
• Sudden indexing increases without explanation
• "Hacked" warnings
• Coverage report errors increasing

7.5 Traffic Pattern Red Flags

• Sudden traffic loss without identified core update
• Specific page sections losing traffic while others stable
• Branded query traffic dropping (suggests manual action)
• Sudden traffic gains that seem too good to be true (often precede manipulation detection)

8. Stack-Specific Spam Policy Considerations

8.1 WordPress

High-risk patterns:

• Plugins generating content automatically
• Themes with hidden links to plugin developer
• Comment moderation off by default
• Outdated plugins creating security vulnerabilities
• "SEO" plugins that recommend stuffing keywords or hiding text

Defensive practices:

• Akismet or similar comment spam filtering
• Wordfence or equivalent security
• Content publishing workflow plugins (Editorial Calendar, PublishPress)
• Schema validation through Rank Math or Yoast
• Regular plugin and theme updates

8.2 Programmatic SEO Sites (Next.js, custom)

High-risk patterns:

• City pages or category pages with templated content lacking unique per-page value
• Database-driven pages with insufficient editorial layer
• Faceted navigation creating thousands of low-value URLs
• Auto-generated pages from third-party data feeds

Defensive practices:

• Per-page minimum content threshold enforced at build time
• Per-page unique value validation
• Robots.txt or noindex on pages below quality threshold
• Editorial review of programmatic page templates
• Genuinely location-specific or category-specific content per page

8.3 E-commerce Platforms (Shopify, WooCommerce, custom)

High-risk patterns:

• Auto-generated product description from manufacturer feeds
• Manufacturer review content republished without value-add
• Faceted navigation creating duplicate content URLs
• Affiliate review sites disguised as e-commerce
• Fake or incentivized reviews

Defensive practices:

• Original product descriptions per product (or properly canonicalized to manufacturer)
• Genuine customer reviews with verification
• Faceted URLs properly handled with canonicals or noindex
• Clear distinction between affiliate and direct sales

8.4 News and Media Sites

High-risk patterns:

• Coupon or deals subdirectories operated by third parties (parasite SEO risk)
• Sponsored content not clearly marked
• Aggregated wire content republished without value-add
• AI-generated breaking news without verification
• Programmatic local pages with thin content

Defensive practices:

• All editorial sections under direct editorial control
• Sponsored content clearly marked and disclosed
• AI use restricted to editorial assistance, not authoritative content
• Local journalism backed by genuine local presence

9. Cross-Reference to the 14-Tier Framework

Spam Policies compliance interacts with multiple tiers:

• Tier 1 SSO — Site Security Optimization prevents hacked content
• Tier 1 GCO — Google Compliance Optimization includes spam policies
• Tier 2 OBL — Outbound Link strategies must follow link scheme policies
• Tier 2 IBL — Inbound Link management must follow link scheme policies
• Tier 3 LLMO — AI use must follow scaled content abuse policies
• Tier 6 OCO — Original Content Optimization is the inverse of scraped/scaled abuse

Spam Policies compliance is a gate — sites failing here can't benefit from optimization in any other tier.

10. Detection, Response, and Recovery

10.1 Manual Action Detection

Check Search Console at Search Console > Security & Manual Actions > Manual actions weekly.

When a manual action appears:

• Read the description carefully
• Note whether it's site-wide or partial
• Document the action type and date
• Begin immediate investigation per Section 10.3

10.2 Algorithmic Spam Update Detection

Use the same protocol as core update detection (see framework-coreupdates.md Section 4):

• Monitor SERP volatility trackers
• Watch for Google announcements about spam updates
• Compare site performance to industry signals
• 72-hour hold rule before reactive action

When a spam update appears to be active:

• Audit site against spam policies (Sections 4-5)
• Identify likely violation pattern
• Begin remediation

10.3 Manual Action Response Protocol

When manual action received:

Day 1:

1. Read action description thoroughly
2. Identify what triggered it
3. Document current state for "before" reference
4. Begin remediation immediately

Days 1-7:

1. Comprehensive site audit per relevant Section 4 policy
2. Identify all violating content/patterns
3. Remediate or remove
4. Document every remediation action with dates

Days 7-14:

1. Verify remediation is complete
2. Audit for any missed instances
3. Strengthen processes to prevent recurrence
4. Prepare reconsideration request

Reconsideration request structure:

# Reconsideration Request — {{ACTION_TYPE}}

## Manual Action Details
- Action type: {{TYPE}}
- Notification date: {{DATE}}
- Affected pages/sections: {{SCOPE}}

## What Caused the Violation
{{HONEST_DESCRIPTION_OF_THE_PATTERN}}

## What We Have Done to Fix It
1. {{REMEDIATION_ACTION_1_WITH_DATE}}
2. {{REMEDIATION_ACTION_2_WITH_DATE}}
3. {{REMEDIATION_ACTION_3_WITH_DATE}}

## Evidence of Remediation
- {{EVIDENCE_TYPE_1}}: {{LINK_OR_DESCRIPTION}}
- {{EVIDENCE_TYPE_2}}: {{LINK_OR_DESCRIPTION}}

## Steps We Have Taken to Prevent Recurrence
1. {{PROCESS_CHANGE_1}}
2. {{PROCESS_CHANGE_2}}
3. {{POLICY_DOCUMENT_LINK}}

## Acknowledgment
We acknowledge the violation, understand why our prior practices violated Google's policies, and are committed to maintaining compliance going forward.

Submitted by: {{NAME}}
Date: {{DATE}}
Search Console verified property: {{DOMAIN}}

Submit through Search Console > Manual actions > Request a review.

Response timeline: Typically days to weeks. Sometimes longer for complex cases.

10.4 Reconsideration Request Best Practices

• Be honest about the violation: Google's reviewers know what happened. Trying to deny or minimize is counterproductive.
• Show specific remediation: Concrete actions with dates, not vague statements.
• Demonstrate understanding: Show you understand why the practice was prohibited.
• Provide evidence: Links to changed pages, screenshots of removed content, documentation of process changes.
• Don't promise; demonstrate: "We have removed 247 articles" is better than "We will remove low-quality articles."
• Address root cause: Process changes, not just symptom remediation.
• Be patient: Multiple rounds of review possible. Don't keep filing requests during review periods.

10.5 Hacked Content Response Protocol

When hacked content is detected:

Hour 1:

1. Take site offline if compromise is severe (better than serving malware to users)
2. Document the compromise (screenshots, server log copies)
3. Notify hosting provider if applicable

Hours 1-24:

1. Forensic analysis — how did they get in?
2. Identify all compromised files and pages
3. Restore from clean backup if available (verified pre-compromise)
4. Apply security patches that addressed the vulnerability
5. Rotate all credentials (passwords, API keys, SSH keys)
6. Add 2FA to all admin accounts if not already
7. Review user accounts; remove unauthorized accounts

Days 1-7:

1. Comprehensive site scan for residual compromise
2. Submit hacked content notice in Search Console
3. Request review once cleaned
4. Strengthen security posture per Section 6.5

Long-term:

1. Document the incident
2. Review security practices
3. Implement monitoring to detect future compromises faster

10.6 Link Penalty Response

For unnatural links to your site:

1. Comprehensive backlink audit
2. Identify toxic links (spammy domains, manipulated anchor text, link farms)
3. Attempt outreach to remove (often unsuccessful at scale)
4. Disavow remaining toxic links via Google Search Console Disavow Tool
5. Document the disavow file for any reconsideration request
6. File reconsideration if manual action

For unnatural links from your site:

1. Audit all outbound links
2. Add rel="nofollow" or rel="sponsored" where appropriate
3. Remove links acquired through link schemes
4. Document remediation
5. File reconsideration

11. Audit Mode

11.1 Comprehensive Spam Policy Audit

Score the site against every documented policy:

Score: 18 policies. World-class compliance: 18/18 with zero risks identified.

A site failing any single policy is at substantial risk regardless of other strengths.

11.2 Defensive Infrastructure Audit

Score: 10. World-class: 10/10.

12. Maintenance Schedule

12.1 Daily

• Monitor Search Console for new manual actions
• Watch for security warnings
• Spam alert monitoring on user-generated content

12.2 Weekly

• Review server logs for unusual patterns
• Check for new comment spam or UGC spam
• Monitor SERP volatility for spam update signals

12.3 Monthly

• Backlink profile review for unnatural patterns
• Sample content audit for scaled content patterns
• Outbound link audit
• Disavow file review

12.4 Quarterly

• Full spam policy compliance audit
• Security audit
• Defensive infrastructure audit
• Process documentation review and refresh

12.5 Annually

• Comprehensive review against current spam policies (policies evolve)
• Strategic compliance posture assessment
• Update internal policies for any changes
• Reconsideration request review for sites with manual action history

13. Common Mistakes & Anti-Patterns

13.1 Treating Spam Policies as Optional

Anti-pattern: Following SEO advice that violates spam policies because "everyone does it."

Why it fails: Penalties happen. Recovery is hard. The "everyone does it" sites disappear regularly.

Fix: Treat spam policies as bright lines. Don't cross them regardless of competitive pressure.

13.2 AI Content Strategy Ignoring Scaled Content Abuse

Anti-pattern: "We can publish 100 AI articles per month for cheap." Mass production with minimal review.

Why it fails: Active enforcement target. Detection improving rapidly. Penalty severity high.

Fix: Editorial capacity matched to volume. Quality over quantity. Real review process.

13.3 "Renting" Authority Through Parasite SEO

Anti-pattern: Buying space on high-authority site to rank for commercial queries.

Why it fails: Site reputation abuse policy targets exactly this. Both host site and parasite content suffer.

Fix: Build authority on own domain. No parasite SEO arrangements.

13.4 Aged Domain Acquisitions for SEO

Anti-pattern: Buying expired domains with prior authority to skip the authority-building process.

Why it fails: Expired domain abuse policy. Re-evaluation removes the inherited authority.

Fix: Build on new domains. Earn authority through current work.

13.5 Programmatic SEO Without Per-Page Value

Anti-pattern: Generating thousands of city/category pages with templated content lacking unique value.

Why it fails: Doorway pages plus thin content. Multiple policy risks.

Fix: Programmatic pages must have genuine per-page value. Local content must be genuinely local.

13.6 Ignoring Manual Actions

Anti-pattern: Manual action received, ignored or addressed slowly.

Why it fails: Penalties compound. Reconsideration becomes harder over time.

Fix: Manual actions are top priority. Stop other work; address immediately.

13.7 Assuming Algorithmic Demotion Isn't Spam-Related

Anti-pattern: Traffic loss assumed to be core update; spam policy violation never investigated.

Why it fails: Misdiagnosis. Spam-policy-related demotion requires different remediation than core update response.

Fix: Check spam policies first when traffic loss occurs. Manual action notification doesn't always accompany algorithmic demotion.

13.8 Defensive Disavow Without Backlink Audit

Anti-pattern: Disavowing all backlinks indiscriminately "to be safe."

Why it fails: Disavowing legitimate authoritative links damages rankings.

Fix: Audit-driven disavow. Only disavow demonstrably toxic links.

13.9 No Quarterly Audit Cadence

Anti-pattern: Spam compliance treated as one-time setup, never revisited.

Why it fails: Sites drift. New violations creep in. Policies evolve.

Fix: Quarterly audits per Section 12.

13.10 Reconsideration Requests Without Real Remediation

Anti-pattern: Filing reconsideration request with vague claims and no concrete remediation.

Why it fails: Reviewers see this constantly. Request denied. Future requests get stricter scrutiny.

Fix: Concrete remediation, documented evidence, real process changes. Then file.

14. Implementation/Audit Report Templates

14.1 Spam Policy Implementation Report Template

# Spam Policies Framework Implementation Report

**Site**: {{BUSINESS_NAME}}
**Implementation Date**: {{TODAY}}

## Comprehensive Audit Results
{{TABLE_OF_18_POLICIES_WITH_FINDINGS}}

## Critical Issues Identified and Remediated
{{LIST}}

## Defensive Infrastructure Installed
- Content publishing workflow: {{STATUS}}
- Link acquisition policy: {{STATUS}}
- Third-party content process: {{STATUS}}
- AI content policy: {{STATUS}}
- Security posture documentation: {{STATUS}}

## Process Changes Implemented
{{LIST_WITH_DATES}}

## Items Requiring Ongoing Monitoring
{{LIST}}

## Sign-Off
Implementation complete: {{DATE}}
Implementer: {{NAME}}

14.2 Spam Policy Audit Report Template

# Spam Policies Audit Report

**Site**: {{BUSINESS_NAME}}
**Audit Date**: {{TODAY}}

## Executive Summary
{{ASSESSMENT}}

## Compliance Status
- Policies in compliance: {{X}}/18
- Critical violations identified: {{COUNT}}
- High-risk patterns identified: {{COUNT}}
- Defensive infrastructure score: {{X}}/10

## Per-Policy Findings
{{DETAILED_PER_POLICY_FINDINGS}}

## Critical Issues Requiring Immediate Action
{{LIST_WITH_REMEDIATION_PLANS}}

## Risk Patterns Identified
{{LIST}}

## Defensive Infrastructure Gaps
{{LIST}}

## Recommended Remediation Order
{{PRIORITIZED_LIST_WITH_TIMELINES}}

## Manual Action Status
{{NONE / ACTIVE_ACTION_TYPE / HISTORICAL_ACTIONS}}

## Sign-Off
Audit complete: {{DATE}}
Auditor: {{NAME}}

14.3 Manual Action Reconsideration Request Template

# Reconsideration Request — {{ACTION_TYPE}}

## Manual Action Acknowledgment

We received a manual action notification on {{DATE}} for {{ACTION_TYPE}}. We acknowledge the violation and have completed remediation.

## What Caused the Violation

{{HONEST_AND_SPECIFIC_DESCRIPTION_OF_WHAT_HAPPENED_INCLUDING_WHY_IT_HAPPENED}}

## Specific Remediation Actions

### {{REMEDIATION_AREA_1}}
- {{DATE}}: {{ACTION_TAKEN}}
- {{DATE}}: {{ACTION_TAKEN}}
- Evidence: {{LINK_OR_DESCRIPTION}}

### {{REMEDIATION_AREA_2}}
- {{DATE}}: {{ACTION_TAKEN}}
- Evidence: {{LINK_OR_DESCRIPTION}}

## Process Changes to Prevent Recurrence

1. {{NEW_POLICY_OR_PROCESS}}: {{LINK_TO_DOCUMENTED_POLICY}}
2. {{NEW_POLICY_OR_PROCESS}}: {{LINK_TO_DOCUMENTED_POLICY}}
3. {{NEW_POLICY_OR_PROCESS}}: {{LINK_TO_DOCUMENTED_POLICY}}

## Supporting Evidence

- {{EVIDENCE_DOC_1}}: {{LINK}}
- {{EVIDENCE_DOC_2}}: {{LINK}}
- {{EVIDENCE_DOC_3}}: {{LINK}}

## Commitment Going Forward

We understand why our prior practices violated Google's spam policies. We have implemented systematic changes to prevent recurrence. We are committed to maintaining policy compliance and serving users with high-quality content.

---
Submitted by: {{NAME}}
Title: {{TITLE}}
Date: {{DATE}}
Search Console verified property: {{DOMAIN}}
Contact: {{EMAIL}}

End of Framework Document

Document version: 1.0 Last updated: 2026-04-29 Maintained by: ThatDeveloperGuy

Spam policies are the defensive half of search visibility. The frameworks that focus on quality (E-E-A-T, HCS, YMYL, Information Gain) tell you how to earn rankings. This framework tells you how not to lose them. A site that scores perfectly on quality frameworks but violates spam policies will be penalized regardless. A site that maintains spam policy compliance but lacks quality won't rank well but won't be removed.

The 2024-2026 spam policy expansion — scaled content abuse, site reputation abuse, expired domain abuse — represents Google's most aggressive anti-manipulation enforcement in years. Sites that haven't audited against these new policies are at risk regardless of historical compliance. The work in this framework is defensive but essential.

Compliance is a continuous practice, not a one-time setup. Quarterly audits per Section 12 are the minimum. Sites with growth, new content patterns, new partnerships, or new authors require more frequent review. The cost of a penalty — both ranking damage and remediation work — is dramatically higher than the cost of compliance.

Companion documents in this library:

• framework-eeat.md — Foundational E-E-A-T (the quality counterpart to spam policies)
• framework-ymyl.md — Your Money or Your Life elevated standards
• framework-hcs.md — Helpful Content System
• framework-sqrg.md — Search Quality Rater Guidelines
• framework-coreupdates.md — Google Core Updates
• framework-infogain.md — Information Gain
• framework-entitysalience.md — Entity Salience
• framework-knowledgegraph.md — Knowledge Graph
• framework-aicitations.md — AI Citations