What if you are faced with spam in Google Analytics reports? Does it mean that someone can access your Google Analytics accounts? Or maybe someone can modify data inside your GA? How can you prevent it?
There are two main types of Measurement Protocol spam: referral traffic and events spam. More rarely you can see spam in languages, keywords, URLs, transactions, and so on. In this article, I will explain what Measurement Protocol spam is and how you can prevent it with the help of Google Tag Manager Server-Side tagging.
Google Analytics is the most popular web analytics tool used by millions of users. Referral spammers hope that when you go to Google Analytics and see traffic from unknown websites, you will be curious to see what they are. It is one of the grey ways of getting traffic. There are multiple ways of monetization: redirecting to any affiliate offers or directing to a landing page offering to buy something, download software, promote a marketing agency, or any other service. A few years ago, it was even used in politics. Before the Trump election, many GA accounts were hit by referral spam that was saying “Vote for Trump”.
To send fake hits to your GA account spammers need to know your Google Analytics ID. But sometimes they don’t even bother themselves with finding real Google Analytics IDs. Spammers may generate fake IDs in large quantities and hope that some of them are real GA identifiers. An automated script sends false data to GA accounts using measurement protocol.
Because of ghost spam, you cannot see the real data about your website visitors since fake traffic is mixed with organic. It affects all GA metrics: number of visits, bounce rate, avg. session duration, etc.
It can also lower your position in the organic ranking since search engines can interpret spam traffic as attempts of increasing your SEO positions by using grey technologies.
There are two ways of blocking referral spam through the GTM server container. GTM server-side tagging can be used not only for blocking Measurement Protocol spam, but it can also help to reduce the loading time of your website, better protect your customer data, have access to full data inside analytics software, etc. This article explains the main benefit of the GTM server container. You can test GTM server-side tagging for free using our service. In our blog, you can also find several useful articles that describe what possibilities you’ll have if you move from web container to server.
1. Hiding your real Google Analytics ID.
Some of the spammers first crawl websites (similar to what google bots do) and scrape Google Analytics IDs. After that, they use a Measurement Protocol to send fake hits to your Google Analytics. If you’ve set up a GTM server container and added a custom tagging URL (you can check how to set up a GTM server container in this article), it is possible to replace your real Google Analytics ID with the fake one. Spambots will see the fake Google Analytics ID and won’t be able to send Measurement Protocol spam into your real Google Analytics account. Your GA settings will look similar to the settings on the screenshot. You can add any Tracking ID you want, but make sure you added and set up the transport URL. I recommend testing these changes before publishing them. To do that, just log in to GA and test data in the realtime.
2. Adding a secret code to your Google Analytics
The first method won’t help you prevent spam traffic from those who send requests to random Google Analytics IDs. Sine, in this case, spammers don’t need to know your Google Analytics ID. It’s just a matter of luck if your GA account will be on their list. This type of spam relies on quantity, not quality.
You can prevent this type of spam by adding a secret key. Google Analytics tag inside your server container should send this key. You will have to add this secret key as a custom dimension and then create a filter that allows traffic that matches custom dimensions.
The first step is to add a new custom dimension inside your Universal Analytics tag in the server container.
Then, add a new custom dimension in GA and create a filter that will include only traffic with this secret key.
Chances are that random spammers will know your secret key is close to zero. So this way, you can keep your Google Analytics data clean.
If you want to filter referral spam inside GA4, the second method that I described in this article won’t work since filters are not available inside GA4. But the good news is that Google uses a default feature to help prevent measurement protocol spam. This feature is called Measurement Protocol API secrets. It allows you to create a secret value to enable additional events to be sent into this stream through the Measurement Protocol.
This is one of the many possibilities that GTM server-side tagging can offer you. For instance, we also described how you can use it to send Slack notifications in this article.