- ✗ DC proxies instead of residential
- ✗ Same fingerprint across all accounts (app_version / device_model)
- ✗ Burst sending — 100+ messages per hour from one account
- ✗ Zero warmup — straight into work after SIM activation
- ✗ Template text without spintax — same hash for everyone
- Even one checkmark — already a risk. Two — guaranteed ban within 48 hours.
Telegram anti-spam doesn't catch one mistake. It catches coincidence of several signals — and then applies sanction. Below — 5 patterns, each triggering one signal. You need 2+ simultaneous to get flagged.
But probabilities are multiplicative. One mistake — 30-40% risk. Two — 70-80%. Three — practically 100%. That's why advice "do everything right" is important not individually, but as a complex.
DC proxies instead of residential
Datacenter proxies (AWS, DigitalOcean, Vultr, OVH) are 5-10× cheaper than residential. Logical to take them to save money. Illogical — that Telegram sees the difference.
Mechanics: each IP has an ASN (autonomous system number) — recorded in WHOIS. ASN 14061 = DigitalOcean, 16509 = AWS, 63949 = Linode. This is public info, any service can check.
Telegram (like most anti-spam systems) divides ASNs into:
- Datacenter — AWS, DO, GCP, Vultr, OVH, Linode, Hetzner. "Suspicious by default".
- Residential ISP — Comcast, Deutsche Telekom, Rostelecom, BT. "Normal users".
- Mobile carriers — AT&T Mobility, T-Mobile. "Mobile users". Best rank.
When you send from a DC IP, your trust score is lowered baseline. Not an auto-ban, but raises scan priority in case of other signals.
Fix: residential proxies from Bright Data, Oxylabs, Soax. $8-15/account/month. Price difference pays off at the first saved account ($200-500 loss per ban).
Same TDATA fingerprint
Each Telegram session stores device metadata: device_model, system_version, app_version, lang_code, system_lang_code. All of this is visible to the server.
When you have a farm of 50 accounts all entering from the same Telegram Desktop client 4.8.11 / Windows 10 / en-US / lang_code ru — you send a server signal: "50 different phone numbers sitting on one machine". SpamBot processes such clusters separately.
Correct scheme: fixed unique fingerprint per account, mimicking the diversity of real Telegram user population.
Burst sending (100+ msg/hour)
Telegram returns FLOOD_WAIT when rate limit is exceeded. Soft restriction — just wait X seconds. But repeated FLOOD_WAIT in short periods is a red flag. After 3-5 FLOOD_WAIT events in an hour, the account gets PEER_FLOOD — restriction on messaging strangers.
What counts as burst:
- 50+ messages in 10 minutes
- 100+ messages per hour
- 500+ messages per day (even evenly distributed)
Safe corridor: 30-40 messages/hour with log-normal distribution of delays. Total up to ~700-900 messages/day at even load.
Zero warmup
Fresh SIM activated → authorization → instant send. Perfect bot profile.
What's needed: 3-5 days of behavioral warmup. Not "sitting", but activity. Detailed breakdown in method 2026 and warmup myth article.
Template text without spintax
Telegram hashes the body of each message. 50+ identical hashes in a short period = content cluster flag.
Fix: spintax + LLM rewriting. Detailed in the conversion article.
Self-check list
| Check | Status |
|---|---|
| I use residential proxies (not DC) | □ |
| Fingerprint is unique per account | □ |
| Rate limit ≤ 40 messages/hour | □ |
| 3+ days warmup before outreach | □ |
| Spintax 4+ blocks or LLM rewriting | □ |
All 5 checked — you're in the top 10% for outreach hygiene. Your bans will only be from offer-related causes (content complaints) or privacy restrictions on recipients' side. Network layer is closed.
TG:ON for macOS · Windows · Linux
Desktop app, 160 MB. Runs locally, your keys stay yours. 3-day trial, no credit card.
Download for freeTG:ON closes all 5 by default.
Residential proxies, fingerprint randomization, smart rate-limiter, behavioral warmup, spintax+AI. Three-day trial, no card.
Start trial