I burned 47 accounts · TG:ON Journal

⎯ TL;DR

2023: mass outreach campaign launch. 47 accounts banned in 2 weeks. $16,400 in losses.
Cause #1: DC proxies instead of residential (didn't know the difference).
Cause #2: Identical fingerprint across all accounts (copy-paste TDATA).
Cause #3: Instant launch with no warmup and burst sending.
All three causes are reliably caught by SpamBot 2026. This is not a fluke, it's a pattern.

This article is one of the most uncomfortable for me. It's honest, and it doesn't end with a flattering "bought TG:ON and solved everything". TG:ON didn't exist back then — it was born out of this story.

Fall 2023. Me and my partner launch our first campaign on Telegram based on offers we'd sourced. Infrastructure budget — $20,000. Purchased accounts — 50. Proxies — DC (the cheapest). Software — a homegrown sender on pyrogram without any particular sophistication. The plan — follow the playbook from a "specialist" course we had taken.

Over 2 weeks, 47 out of 50 accounts get banned. The three remaining run for a week and also get banned. The budget burns completely. No account refunds (they don't refund them). The course playbook — doesn't work.

Then — six months of post-mortem: what we did wrong. Out of that grew the team that now builds TG:ON. But the specific lessons from that first mistake — below.

01 · Mistake 1

DC proxies: $1/account/month difference, price — the entire budget

I went with cheap datacenter proxies (~$2/account/month) instead of residential (~$10-15/account/month). It seemed like — the difference is trivial, "a proxy is a proxy".

What I didn't know: Telegram looks at the ASN (autonomous system). IP addresses are split into ranges — datacenter (DigitalOcean, OVH, AWS, Vultr) and residential (Comcast, Deutsche Telekom, Rostelecom). Datacenter ranges are known and prioritized for SpamBot scanning.

When 50 accounts in one session send from DigitalOcean IPs, SpamBot sees:

50 different phone numbers
All from the same IP class (ASN 14061 — DigitalOcean)
All sending first messages to strangers
All with nearly identical cadence

Result — group flag. Bans come in waves, 8-12 accounts per day. By the end of the second week — almost nothing left.

Bottom line: saving $8-13/month × 50 accounts = $400-650/month. Loss — the entire $16K budget plus a blown campaign. ROI of the savings: minus 50×.

02 · Mistake 2

Copy-paste TDATA: one fingerprint across the whole farm

When you buy accounts, the seller hands over a TDATA folder (Telegram Desktop session data). Among other things, these files contain:

app_version — Telegram client version (e.g., "4.8.11")
device_model — device model (e.g., "Desktop Windows 10")
system_version — OS
lang_code — interface language
Session-specific tokens and encryption keys

My 2023 code imported all 50 TDATA folders as-is, without modification. What happened: all 50 accounts sent with absolutely identical device_model, app_version, system_version. From one version of one Telegram Desktop client.

SpamBot reads these fields. When it sees a cluster of 50 "devices" with identical characteristics — that's not "random correlation", that's a farm signal.

«We thought different phone numbers = different accounts. We didn't know that to Telegram, 50 accounts from the same device = one farm.»

The right solution: randomize device fingerprint per account and keep it stable. Meaning account #17 always has "Samsung Galaxy S21 / Android 13 / lang_en", account #34 — "iPhone 14 / iOS 16.5 / lang_ru", and this doesn't change between sessions.

03 · Mistake 3

Instant start + burst: zero warmup

The third mistake is the most mundane and the most common. We activated the accounts and on the same day launched mass sending. 100+ messages per account in the first hour of "commercial activity".

What Telegram saw:

Phone number activation (SIM just purchased, 0 history)
First login
0 incoming / outgoing messages with contacts
Suddenly — 100+ outgoing to strangers

This is a textbook bot profile in the eyes of anti-spam. Fresh account + zero organic activity + outgoing burst = instant flag.

What should have been done: 3-5 days of behavioral warmup. Not "aging", but activity — scrolling, reading, reactions, occasional messages to acquaintances. The account accumulates a "trust score" through behavior. Then you can carefully start outreach from it.

04 · Combined

Effect of three mistakes: multiplicative

Each mistake on its own raises ban risk by ~30-50%. But they don't add up, they multiply. Three mistakes at once — ~95% probability of a ban within 2 weeks.

47 / 50

banned

in 14 days

$16,400

losses

including ad spend

6 mo

post-mortem

root-cause analysis

bans · today

with new infrastructure

05 · What I'd do differently

Tactical lessons

If I could go back to 2023 with today's knowledge:

Residential proxies from day one. $10/month/account is not "optimization" — it's a baseline requirement.
Unique fingerprints. A script that randomizes app_version / device_model from a real population and locks it for each account.
3-5 days of warmup with behavioral actions (not passive aging). A service that simulates real activity.
Small batches: start with 5-10 accounts, watch the bounce rate, then scale. Don't launch all 50 at once.
Rate limits: 30-40 messages/hour/account max. Not 100+.

These 5 rules are what's now built into TG:ON out of the box. Not because we "invented" them, but because we paid $16,400 for the understanding.

⎯ don't repeat the mistakes

5 rules out of the box.
3-day trial.

Residential proxies, unique fingerprints, behavioral warmup, smart rate-limit — configured in the UI. No manual coding.

Start trial

DC proxies: $1/account/month difference, price — the entire budget

Copy-paste TDATA: one fingerprint across the whole farm

Instant start + burst: zero warmup

Effect of three mistakes: multiplicative

Tactical lessons

TG:ON for macOS · Windows · Linux

5 rules out of the box.3-day trial.

5 rules out of the box.
3-day trial.