Avoid WhatsApp Bans with Anti-Spam Rules

One wrong move and WhatsApp permanently bans your business number. No appeal. No recovery. Your customers, your conversations, your reputation—gone. Here's how to protect yourself.

MoltFlow's atomic rate limiter uses Redis Lua scripts to prevent race conditions. Your account is protected even under heavy load. This guide shows you how to configure anti-spam rules, warm up new numbers, and avoid the patterns that trigger WhatsApp's ban hammer.

What You'll Need

Before starting, make sure you have:

• A MoltFlow account with an active WhatsApp session — Anti-spam rules apply to connected sessions. If you haven't connected WhatsApp yet, see the "Connect Your WhatsApp Account" guide first.
• Understanding of your use case — Different use cases have different risk profiles. Bulk marketing campaigns are higher risk than one-on-one customer support replies.

No special permissions required—all users can configure anti-spam settings.

Anti-spam protection (all plans) — We protect every account, period. Rate limiting and message delays are built-in, not premium add-ons.

Step 1: Understand WhatsApp's Anti-Spam Policies

WhatsApp anti-spam detection doesn't publish exact thresholds (for obvious reasons), but their systems monitor several signals to prevent WhatsApp spam:

Message Velocity

Sending too many messages in a short time window triggers flags. Known thresholds (based on community reports and testing):

• New accounts — More than 20-30 messages/day in the first week often triggers a review
• Established accounts — More than 100-200 messages/hour is risky
• Sudden spikes — Going from 10 messages/day to 500 messages/day overnight looks suspicious

Identical Content

Sending the exact same message to multiple recipients is a classic spam pattern. WhatsApp detects:

• Copy-paste messages — Same text sent to 10+ different contacts within an hour
• Bulk template abuse — Using the same template without personalization
• Media fingerprinting — Sending the same image/video to many recipients

Even if you're sending legitimate newsletters, WhatsApp's algorithm can't distinguish intent—it only sees patterns.

New Contact Outreach

Messaging people who haven't saved your number or initiated contact first is high-risk:

• Cold messaging — Sending to numbers you bought from a list or scraped from the web
• First-contact marketing — Reaching out to leads who never opted in
• Group harvesting — Extracting numbers from WhatsApp groups and messaging them

This behavior violates WhatsApp's Terms of Service and will result in a ban if detected.

Delivery Failures and Blocks

High rates of failed deliveries signal spam:

• User blocks — If many recipients block your number, WhatsApp assumes you're spamming
• "Not on WhatsApp" errors — Sending to invalid numbers looks like you're guessing/scraping
• Delivery failures — Messages that don't reach recipients (e.g., the user deleted their account)

Monitor your delivery rate—if it drops below 80%, pause campaigns and investigate. Use the usage tracking dashboard to monitor delivery metrics in real-time.

Automated Behavior Patterns

WhatsApp's ML models detect non-human messaging patterns:

• Uniform timing — Sending messages exactly every 10 seconds for hours
• No idle periods — 24/7 messaging with no breaks (humans sleep!)
• Instant replies — Auto-replying to every message in under 1 second
• No typos — Perfectly formatted messages with zero human errors

Ironically, making your automation "too perfect" can get you flagged. Randomization helps (covered in Step 3).

Step 2: Configure Message Rate Limits

MoltFlow enforces WhatsApp rate limits at the API level to prevent you from accidentally triggering WhatsApp anti-spam detection. These limits are hard-coded per plan tier and cannot be increased (by design—higher limits would endanger your account).

Default Rate Limits by Plan

Soft limits are recommendations—you can burst above them temporarily. Hard limits are enforced at the API—exceeding them returns HTTP 429 Too Many Requests.

How Rate Limiting Works

MoltFlow uses an atomic Redis-based Lua script to enforce rate limits. Here's the flow:

1. You call POST /messages/send
2. MoltFlow checks Redis for your current message count in this minute
3. If count < hard limit, the script increments the counter and allows the message
4. If count >= hard limit, the API returns 429 without touching your WhatsApp session

This prevents race conditions—even if you send 100 parallel requests, only the first N (up to the limit) succeed.

Rate Limit Headers

Every API response includes headers showing your current rate limit status:

X-RateLimit-Limit: 30
X-RateLimit-Remaining: 18
X-RateLimit-Reset: 1676301660

• X-RateLimit-Limit — Your messages/minute limit (based on plan tier)
• X-RateLimit-Remaining — How many messages you can send in the current minute
• X-RateLimit-Reset — Unix timestamp when the counter resets (top of the next minute)

Use these headers to pace your sends. Example:

curl -X POST https://apiv2.waiflow.app/api/v2/messages/send \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "YOUR_SESSION_ID",
    "phone": "972501234567",
    "message": "Test message"
  }' \
  -v 2>&1 | grep -i ratelimit

This shows your rate limit status after each send.

Handling 429 Responses

If you hit the rate limit, the API returns:

{
  "detail": "Rate limit exceeded: 30 messages per minute. Try again in 23 seconds.",
  "retry_after": 23
}

Your code should:

1. Stop sending immediately (don't retry in a tight loop)
2. Sleep for retry_after seconds
3. Resume sending at a slower pace

Example (Python):

import requests
import time

def send_with_backoff(session_id, phone, message):
    while True:
        response = requests.post(
            "https://apiv2.waiflow.app/api/v2/messages/send",
            headers={"Authorization": f"Bearer {JWT_TOKEN}"},
            json={"session_id": session_id, "phone": phone, "message": message}
        )
        if response.status_code == 429:
            retry_after = response.json().get("retry_after", 60)
            print(f"Rate limited. Sleeping {retry_after}s...")
            time.sleep(retry_after)
            continue
        return response.json()

This pattern ensures you never lose messages due to rate limiting.

Step 3: Set Up Cooldown Periods Between Messages

Rate limits prevent bursting, but cooldown delays between messages make your automation look more human. WhatsApp's spam detection is trained on human behavior—and humans don't send messages at perfectly uniform intervals.

Random Delays for Bulk Sends

When using MoltFlow's bulk send feature, configure random delays:

1. Navigate to Bulk Send in the dashboard
2. Create a new campaign
3. In the Advanced Settings section, set:
   • Minimum delay: 3 seconds
   • Maximum delay: 8 seconds
4. Enable "Randomize delay per message"

MoltFlow will send each message with a random delay between 3-8 seconds. This variance looks human and avoids the "uniform timing" red flag. Learn more about bulk messaging best practices in our bulk send guide.

API Parameter for Delays

If you're using the bulk send API, include the delay_range parameter:

curl -X POST https://apiv2.waiflow.app/api/v2/bulk-send \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "YOUR_SESSION_ID",
    "recipients": ["972501234567", "972509876543"],
    "message": "Hello from MoltFlow!",
    "delay_range": [3, 8]
  }'

The delay_range array specifies [min, max] seconds. Each message waits a random delay within that range.

Recommended Delay Ranges by Use Case

Rule of thumb: Higher risk use cases need longer delays. If you're messaging contacts who opted in and expect your messages, shorter delays are fine. If you're doing cold outreach (not recommended), use very long delays and low volumes.

Daily Sending Quotas

Even with rate limits and delays, you should self-impose daily quotas:

• New accounts (first 2 weeks): Max 20-50 messages/day
• Established accounts (2+ weeks): Max 200-500 messages/day
• Warmed-up accounts (1+ month): Max 1,000-2,000 messages/day

These quotas depend heavily on your account history. A brand-new WhatsApp Business number should start conservatively and gradually ramp up over 2-4 weeks.

Step 4: Monitor for Rate Limit Warnings

MoltFlow provides several ways to monitor your rate limit status and detect potential issues before they escalate.

Usage Dashboard Warnings

Navigate to Usage in the sidebar. The dashboard shows:

• Messages sent this hour — If this spikes above your plan's soft limit, you'll see a yellow warning
• Rate limit hits — Count of 429 responses (if non-zero, you're pushing limits)
• Delivery failure rate — If this exceeds 20%, pause campaigns immediately

The usage dashboard updates in real-time—watch it during bulk campaigns to ensure you're not triggering alarms. For webhook-based alerts, see our webhooks guide to get notified of delivery failures automatically.

API Rate Limit Headers

As mentioned in Step 2, check the X-RateLimit-Remaining header after each send. If it drops to 0, you've hit the limit for this minute. Implement client-side throttling to stay below the limit:

def smart_send(session_id, phone, message):
    response = requests.post(...)
    remaining = int(response.headers.get("X-RateLimit-Remaining", 0))

    if remaining < 5:
        # Approaching limit, slow down
        time.sleep(2)
    elif remaining == 0:
        # Hit limit, wait for reset
        reset_time = int(response.headers.get("X-RateLimit-Reset", 0))
        wait_seconds = max(0, reset_time - time.time())
        time.sleep(wait_seconds + 1)

    return response.json()

This preemptive approach prevents hitting 429s entirely.

Webhook Notifications (Planned)

MoltFlow will soon support webhooks for rate limit events:

• rate_limit.approaching — Fired when you hit 80% of your per-minute limit
• rate_limit.exceeded — Fired when a 429 response is returned
• delivery.failure_spike — Fired when delivery failure rate exceeds 20% in an hour

Subscribe to these webhooks to get real-time alerts via Slack, email, or SMS.

Step 5: Best Practices for Avoiding Account Bans

Beyond rate limiting and delays, follow these operational best practices to keep your WhatsApp account safe:

1. Warm Up New Numbers Gradually

If you've just started using a WhatsApp Business number, don't send 1,000 messages on day one. WhatsApp flags sudden high-volume activity.

Recommended warm-up schedule:

• Week 1: 10-20 messages/day (manual sends, test with friends/colleagues)
• Week 2: 30-50 messages/day (small test campaigns)
• Week 3: 100-200 messages/day (gradual ramp-up)
• Week 4+: 500+ messages/day (full automation)

This gradual ramp trains WhatsApp's systems to expect higher volumes from your number.

2. Personalize Message Content

Avoid sending identical messages. Use variables to personalize:

curl -X POST https://apiv2.waiflow.app/api/v2/messages/send \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "session_id": "YOUR_SESSION_ID",
    "phone": "972501234567",
    "message": "Hi {{name}}, thanks for joining our newsletter! We have a special offer for {{city}} customers.",
    "variables": {
      "name": "John",
      "city": "Tel Aviv"
    }
  }'

Personalization makes each message unique, avoiding the "identical content" red flag.

3. Only Message Opted-In Contacts

CRITICAL: Only send messages to contacts who have explicitly opted in to receive them. WhatsApp's Terms of Service prohibit unsolicited messages.

Best practices for opt-in:

• Website form — "Enter your WhatsApp number to receive updates"
• In-person collection — "Can I send you appointment reminders on WhatsApp?"
• Existing customers — "Would you like to switch from email to WhatsApp for order updates?"

Never scrape numbers from websites, buy contact lists, or harvest from WhatsApp groups. This is a guaranteed path to account bans.

4. Monitor Delivery Rates

High delivery failure rates signal problems. Use the Messages API to track delivery:

curl -X GET https://apiv2.waiflow.app/api/v2/messages?status=failed \
  -H "Authorization: Bearer YOUR_JWT_TOKEN"

If more than 20% of messages fail, investigate:

• Invalid numbers — Remove non-existent numbers from your list
• Blocks — Stop sending to contacts who blocked you
• WhatsApp uninstalls — Contacts who deleted WhatsApp won't receive messages

Clean your contact list monthly to maintain high delivery rates.

5. Space Out Campaigns Over Days

Instead of sending 5,000 messages in one afternoon, spread them over 3-5 days:

• Day 1: Send to 1,000 contacts
• Day 2: Send to another 1,000
• Day 3: Send to the final 3,000

This looks more natural and reduces the risk of triggering velocity limits.

6. Use Scheduled Messages for Automation

MoltFlow's scheduled messages feature lets you queue bulk sends over time:

curl -X POST https://apiv2.waiflow.app/api/v2/scheduled-messages \
  -H "Authorization: Bearer YOUR_JWT_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Newsletter Campaign",
    "session_id": "YOUR_SESSION_ID",
    "recipients": ["972501234567", "972509876543"],
    "message": "Check out our latest blog post!",
    "scheduled_time": "2026-02-15T10:00:00Z",
    "delay_range": [5, 10]
  }'

Scheduled messages are processed by MoltFlow's background workers with built-in rate limiting and retry logic. See our scheduling guide for advanced campaign timing strategies.

7. Avoid 24/7 Automation

Set "business hours" for your automation. If you're sending messages at 3 AM, it looks robotic. Configure your sends to only run during reasonable hours (e.g., 9 AM - 6 PM in your timezone).

Example: Use a cron job to pause scheduled messages outside business hours:

# Pause all scheduled messages at 6 PM
0 18 * * * curl -X POST https://apiv2.waiflow.app/api/v2/scheduled-messages/pause-all

# Resume at 9 AM
0 9 * * * curl -X POST https://apiv2.waiflow.app/api/v2/scheduled-messages/resume-all

This makes your automation indistinguishable from a human operator.

Troubleshooting

Getting 429 Responses Frequently

Problem: You're getting 429 Too Many Requests errors even though you're sending fewer than your plan's monthly limit.

Solution: The 429 is based on per-minute limits, not monthly limits. Check the X-RateLimit-Limit header—you're likely sending too fast. Add delays between sends (see Step 3).

WhatsApp Temporary Ban (24-Hour Block)

Problem: Your WhatsApp account shows "Your account is temporarily banned" and you can't send messages.

Solution:

1. Stop all sends immediately — Don't try to circumvent the ban or you'll get permanently banned
2. Wait for the ban to expire (usually 24 hours, sometimes up to 7 days)
3. Reduce volume when resuming — Start with 10-20 messages/day and ramp up slowly
4. Review your practices — WhatsApp bans are triggered by real policy violations, not random

If you get 3+ temporary bans, a permanent ban is likely.

Messages Not Delivering

Problem: Messages show as "sent" in MoltFlow but recipients don't receive them.

Solution:

1. Check session status — If the session is "stopped" or "failed", messages won't deliver. Restart the session.
2. Verify phone number format — Use 972501234567 (country code + number, no plus or spaces)
3. Check for blocks — The recipient may have blocked your number. Test with a different contact.
4. WhatsApp rate limit — WhatsApp may be silently dropping your messages due to spam detection. Reduce volume and wait 24 hours.

Rate Limit Headers Not Showing

Problem: The API response doesn't include X-RateLimit-* headers.

Solution: Rate limit headers are only included on endpoints that enforce limits (e.g., POST /messages/send). Other endpoints like GET /sessions don't have rate limits and won't return these headers.

What's Next?

Now that you've configured WhatsApp anti-spam rules, explore related features to optimize your messaging strategy and protect your account:

• Send Bulk WhatsApp Messages — Use randomized delays and personalization to avoid spam flags
• Schedule Recurring Messages — Space campaigns over days to stay under velocity limits
• Monitor WhatsApp Usage — Track consumption to stay within safe volumes
• Set Up Webhooks — Get real-time alerts when messages fail delivery

Enterprise-Grade Account Protection

Need higher sending volumes with guaranteed safety? Upgrade to Business or Enterprise plans for:

• Dedicated IP reputation — Your account isolated from multi-tenant risk
• Custom rate limit tuning — Configure limits based on your specific account age and history
• 24/7 deliverability monitoring — Real-time alerts for delivery rate drops and spam flags
• WhatsApp account recovery assistance — Direct escalation to WhatsApp Business API support

View plans and pricing — Protect your business-critical WhatsApp operations.

Got flagged by WhatsApp? Contact support immediately at [email protected]. We can help you diagnose the issue and implement a recovery plan. Early intervention often prevents temporary bans from becoming permanent.