Moderating a Telegram community sounds like a solved problem until you actually run one. A group of ten thousand people generates a firehose of messages, and buried in it are spammers who have spent years learning how to evade every naive filter you could write. They mix scripts, insert zero-width characters, translate their pitch into thirty languages, and rotate wording faster than a blocklist can keep up.

Telm is our answer to that. The design principle behind it is that spam detection is two problems at once: it has to be fast enough to act before a message is seen, and accurate enough that it doesn't punish real members. Those goals pull in opposite directions — the most accurate check is also the slowest — so instead of picking one, we built a pipeline of three layers, each catching what the previous one couldn't and handing off only the hard cases.

Layer one: the rule engine

The first layer is a hand-tuned rule engine, and it does most of the work. It carries over 200 patterns covering the spam that never really changes: crypto-pump invites, fake job offers, "DM me for easy money," phishing links, and the obfuscation tricks used to smuggle them past filters.

The two things that make it effective are breadth and speed.

  • It normalizes text before matching — folding lookalike Unicode characters, stripping zero-width spaces, collapsing the homoglyph tricks that turn "invest" into a string that looks identical but isn't. Spammers rely on your regex seeing something different from what the human eye sees; normalization closes that gap.
  • It covers 30+ languages, because a rule that only knows English is blind to most of the world's spam.
  • It runs in under 10 milliseconds. That's the number that lets Telm delete a message before the room has really seen it, rather than after the damage is done.

The rule engine catches the overwhelming majority of spam on its own. But rules have a ceiling: they only know what they've been told, and a genuinely novel scam won't match any pattern. That's what the next layers are for.

Layer two: the AI classifier

When a message survives the rules but still looks suspicious — an unusual link, an odd posting pattern, a first-time poster with a pitch-shaped message — it goes to a machine-learning classifier trained on labeled spam and legitimate messages.

The classifier catches the stuff rules can't articulate: the tone of a scam, the structure of a manipulation attempt, the shape of a message that's technically clean but statistically spammy. The problem is that model inference is expensive, and running it on every message would blow the latency budget the rule engine works so hard to protect.

So the classifier sits behind a cache. Spam comes in waves — the same campaign hits many groups with near-identical messages within minutes. We key the cache on a normalized fingerprint of the message, so the first instance of a campaign pays the full inference cost and every subsequent copy is a cache hit. In practice, the cache absorbs the bulk of repeated traffic, and the model only truly runs on genuinely new content.

message ──▶ normalize ──▶ rule engine  (<10ms, 200+ patterns)
                              │ uncertain
                              ▼
                        fingerprint cache ──hit──▶ verdict
                              │ miss
                              ▼
                        AI classifier ──▶ verdict + cache write

Layer three: semantic memory

The third layer is the one that makes Telm hard to evade over time. Spammers don't send the same message twice — they paraphrase. "Join our exclusive signals group" becomes "get access to our private trading channel," which becomes the same offer in Portuguese. A fingerprint cache sees three different strings. A human sees one scam.

Semantic memory closes that gap by working on meaning instead of text. When a message is confirmed as spam, Telm stores an embedding — a numerical vector that captures what the message means rather than how it's spelled. New messages are embedded too, and compared against that memory by similarity. A paraphrase, a translation, a reworded pitch all land near the original in vector space, even though they share almost no literal characters.

This is what lets Telm catch the second, third, and hundredth variation of a scam it has only been shown once. The rule engine handles the known, the classifier handles the novel, and semantic memory handles the mutated — the long tail of spam that survives precisely because it never repeats itself word for word.

The CAS blocklist

Not every defense has to be computed locally. Telm integrates the Combot Anti-Spam blocklist (CAS), a global, community-maintained registry of accounts already confirmed as spammers across the Telegram ecosystem.

The value of CAS is that it acts before a message exists. When a known-bad account tries to join or post, Telm can ban it on sight — no content to analyze, no inference to run, because the identity itself is the signal. It's the cheapest possible check and it removes a meaningful slice of bad actors before the detection pipeline ever has to think about them.

Monitoring Mode: acting only after you trust it

A moderation bot that makes a wrong call is worse than no bot at all. Delete a real member's message on day one and you've taught the community not to trust the tool. So every new group starts Telm in Monitoring Mode.

In this mode, Telm watches and reports but touches nothing. For every message, it records the action it *would* have taken — delete, mute, ban — and shows you, without actually doing any of it. You get to see exactly how the pipeline behaves against your community's real traffic, with your real members, before it has permission to act.

This does two things. It builds justified trust: you flip Telm to active only once you've seen its decisions match your judgment. And it's a safety net for tuning — if a particular rule is too aggressive for your group's culture, you find out in a report, not in an angry message from a member who got banned for saying "check out my project."

Monitoring Mode is, in a sense, the whole philosophy in one feature. Detection can be aggressive because activation is conservative. You see before it acts, and by the time it acts, you already know it's right.