This article explains what a spam NFT is, why they are problematic to NFT dapp developers and users, as well as how to filter spam NFTs using Alchemy's NFT API endpoints.

What is a spam NFT?

Spam NFTs are unsolicited Non-fungible tokens (NFTs) that are sent or airdropped to your wallet address that you didn’t purchase and do not want.

Because anyone can send and receive tokens to and from a wallet address on public blockchains, unwanted NFTs will occasionally appear in your wallet.

What is the difference between a spam NFT and an airdropped NFT?

Spam NFTs refer to the subset of airdropped NFTs that are unwanted by users.

Free NFTs that are airdropped to your wallet may not be considered spam. For example, to provide additional value to collectors, some generative NFT collections will create NFTs and airdrop them to collectors. While these NFTs typically have low re-sell value, they can be fun to keep in your collection as it demonstrates your participation in the community.

Why do people send spam NFTs?

People send unsolicited spam NFTs for many reasons including:

1. To get the attention of popular NFT collectors
2. To embarrass or annoy a wallet owner
3. To attempt a phishing attack and steal tokens from wallet owners
4. To market a new NFT project

With the growth of the NFT market, spam NFTs have been an increasing problem.

Why are spam NFTs a problem?

Two biggest reasons spam NFTs are problematic is that they’re often used by hackers and they promote a poor user experience for NFT collectors.  

1. Scammers

Spam NFTs can be used by scammers to lure people into sharing their private keys, signing messages, or confirming a transaction that sends funds to the hacker’s account.

Scammers might airdrop an NFT into wallets with the hopes that the owner will follow a phishing link leading to a scam website. Scammers might then prompt the unsuspecting wallet holder to sign into their Ethereum wallet to approve this transaction and “claim” their free NFT.

Once the wallet signs a transaction, the scammer can drain the wallet's funds and NFTs.

Some of these websites will use eth_sign, an unsafe method that allows arbitrary messages like “send your ether” to be signed and potentially hand over control of your account and assets.

While these scam sites can be incredibly convincing, they often have red flags including using odd language or making promises that seem too good to be true.

The best way to protect your wallet is to never interact with an unknown smart contract. The safest thing to do when you find spam NFTs sitting in your wallet is to ignore them or send them to a burn address.

2. Poor User Experience

Because NFTs are tied to art, utility, and creators, showcasing a collection is something to be proud of, and having spam NFTs in the same wallet as your most valuable NFTs creates a poor user experience.

For developers building NFT analytics tools, galleries, or marketplaces, spam NFTs are also an issue because it can lead to incorrect data, and deceive unknowing users that a project is more popular than it actually is.

To make sure NFT holders and collectors have the best user experience, platforms need to use an NFT API that provides strong spam filters and custom settings.

How does Alchemy's NFT API help with Spam NFTs?

Alchemy’s NFT API can be used to filter spam NFTs using the getNFTs spam filter, the isSpamForContract, and the getSpamContracts endpoints.

NFT developers using the Alchemy API can add a filter to the getNFTsForOwner (aka getNFTs) API endpoint to exclude NFTs that have been classified as spam.

The isSpamForContract NFT API endpoint checks if a particular contract has been classified as spam. You can filter for contract addresses, which means you can also look for the owners of a particular NFT and check to see if that’s the only one they own.

The getSpamContracts NFT API endpoint returns the list of all ERC 721 and ERC 1155 spam contracts on the selected chain.

As of August 2023, the Alchemy NFT API has marked over 600,000 smart contract addresses as spam.

How to Filter Spam NFTs with Alchemy's NFT API

There are multiple ways to leverage our spam detection to improve your app’s UX.

The most common approach is to up the SPAM exclusion filter on the getNFTsForOwner (aka getNFTs) endpoint to retrieve only legitimate NFTs from a wallet.

isSpamContract can be used to tell if a particular token belongs to a spam contract.

getSpamContracts allows for additional flexibility by allowing you to store the list of spam contracts, and take whatever action you prefer for those contracts!

How are spam NFTs classified?

Spam classification has a wide range of criteria that includes but is not limited to emitting fake events, copying other well-known NFTs, lying about their total supply, and more.

The primary questions we ask when classifying spam are:

1. If the contract is ERC721 or 1155, does it break its implemented ERC standard? If so, how badly does it break the standard?
2. Is the contract known for minting many tokens to popular honeypot wallets? (e.g. vitalik.eth)
3. Does the contract egregiously lie about its total supply or other attributes?
4. Is the metadata a copycat of another NFT collection? Is it blank?
5. How actively have these NFTs been traded across marketplaces?
6. Have users reported this token as spam?

Using a combination of these heuristics, we determine whether or not an NFT is considered spam!

If your smart contract was either incorrectly marked as spam, or if you identified a spam NFT contract address that bypassed the spam filters, please report it to our team via Discord and we will do our best to help you out!

How to Burn Spam NFTs on Ethereum

To burn spam NFTs, send them to a burn address such as the "0xdead" address 0x000000000000000000000000000000000000dEaD.