Add a server setting to disallow private messages to users



  • Death

    Great idea! Please add this feature!

  • ShotGun

    Great! Agree, I am sick about advertising.

  • Maximvdw

    This should be a top priority

  • Cap'n Odin

    The way it is right now the only defense a server has against transgressions in pm, like gore or other nsfw images as well as phishing attacks, is to kick all new accounts the moment they join.

    This cannot go on any longer, larger communities are at their breaking point.

    I understand that allowing the users control of this seemed like a good idea when you first started working on Discord but there are unforeseen victims of this choice both users are effected as well as moderators.

    The best solution is to make this a role permission, this is literally the last unfixed security hole that allows spammers to do as they please.

    We have no means to keep growing while keeping our users safe.

  • Stormkyleis

    This is an absolute necessity.

    We don't have enough moderation tools to protect our users, in general.

  • Rob

    This should be implemented in 2 ways.  One is a role based permission ie "Give this user the ability to DM members of this server" and also an individual setting, ie in the "Server - Notification Settings" ie Prevent users from this Server to PM me".  The second setting is in case a server owner does not enable the first setting on their server 9ie allows DMs to non friends), but I can override this myself by blocking the server myself.  In either case, being friends with the person would override this setting.

  • Ishidres

    As cool as this feature would be, there is no way to control or check wether the user intended to send a DM to someone as a server member or just wanted to send a message to a person directly but shares a server with them. What if I just want to send a message to a user but I share a server with them? The server shouldn't be able to control wether I'm allowed to DM them or not.

    Also, what if e.g. person A and person B share two mutal servers. Server A now disables DMs from members, but Server B allows them. Which server will decide if DMs are now allowed or not?

    A better solution would be to e.g. limit the amount of DMs you can send in a specific time. These bots which mass-advertise in DMs send messages to hundreds or even thousands of users in a short time. No human being would ever do that. You could limit the amount of DMs to e.g. 20 individual users every e.g. 10 minutes. A spam bot wouldn't be able to successfully advertise anymore with a cooldown like that and the users could quickly report the bot to a moderator of the server.

  • Kefka

    As a said in my suggestion, the solution would be simple: adding someone as a friend bypasses the DM restrictions. As far as multiple servers, if one server allows it, then the rest you share with the same person should too. Its up to the server owner to set things properly. If the server in question becomes a DM adbot spamfest, either tell the owner to change the settings, or leave the server. The idea is to help people, not limit them.

  • Kefka

    To those searching for a solution still, use a captcha bot combined with discord's "table flip" setting, and an auto kick in UNDER 10 min if the user doesnt verify. Table flip mode prevents users from messaging OR DM'ING users for 10 min, or until they are granted a role. Have new users start with no roles or permissions, then grant a role after completing the captcha. The role,from the captcha will bypass table flip mode and allow the user to chat immediately after completing the captcha. After 9 (or less) minutes, have your bot of choice check for the verified role the captcha gives. If they dont have it, auto kick from the server.

    Ever since I set up this system I've had 0 issues with spambots. We went from literally hundreds or even thousands a day, to 0. It works. I personally use YAGPDB as my bot of choice, but it isnt the most simple to use. Less experienced users may want to search for alternatives.

  • Rob

    How does this prevent DMing?

  • Kefka

    Go into server settings - moderation, and read the description for table flip mode. It prevents users from DMing other server members for 10 min, or until they get a role. By auto kicking in 9 min or less if they dont verify (and get a role), it resets that 10 min timer if they rejoin to try again. I've tested all of this very thoroughly.

  • Rob

    But given the setting to accept DMS from server members is a DISCORD setting and not a BOT setting, I don't see how

  • Kefka

    Idk, ask Discord. It works. My members no longer get DM spam. Says right in the description that it blocks DMs to other server members, and it does.

  • Rob

    Send me your discord link, I'd love to test it!

  • Kefka

    Send me a friend request on discord. -removed-

  • Seblor

    I second this idea too.

    As an administrator on a server that has been recently made public, the number of members is increasing a lot, and with it many spammers. Before that, we already had a number of people complain that other members were bothering them with their own servers (game or discord servers) in private messages.

    Having a role (or server-wide) permission for disallowing PMs between people if their only common server is mine would be really great.

  • hamitcagdas

    important, and i want it so much ! do it DC admins

  • Nirjonadda

    Please make under consideration for implementation this functionality !

  • Ehi

    It's impossible to make a safe community on Discord unless you make it completely private - and given the amount of abuse and bot activity even medium-sized servers get, it's vital that more user protection functionality is added to allow server owners to properly look after their communities.

    I agree with previous posters that this should be a role-based permission - there are multiple ways to screen and verify users before allowing them full access to the server, and DMing other server members/viewing the channel list should be something we can implement this way.

    That said, for those struggling with bots and DM abusers, you can implement the following basic verification, suitable for public servers:


    In short, most bots can't manipulate even the most rudimentary verification schemes, so you can implement a very basic "human check" using any general-purpose bot, a single channel, and a 'Verified' role. Personally, I like Zira for this, as reaction roles are simple to understand and relatively accessible, but you can do this with any bot that can assign roles based on user input - if you use a bot already, it can probably do this! First, we'll set up the server.

    If one does not already exist, create a "Verified" role. (You can call this whatever you like, but make a note of it, and substitute it for "Verified" in later steps.)


    Next, create a #welcome channel to contain your bot. At this stage, you should set the permissions so that @everyone can read the channel (green tick), but override it so that Verified cannot - set the Read Messages checkbox to show a red cross. This is a vital part of the process, as it means that verified users will not appear in this channel's user list, and bots will not be able to see them to send abusive DMs.

    Depending on how you plan to assign the verified role, you may also want to disable the ability for @everyone to Send Messages, for example if you're using reaction roles to assign access. 


    Next, you'll need to set up your bot so that it can assign your verified role. I won't go into detail here, as the process is different for every bot, but the best method is be to have a single message in the channel directing new users to react to the message to continue. Then, set up your bot to give the Verified role to anyone who reacts to that message. Once you're done, make sure to test this before proceeding, as it is now the one process allowing access to the server.


    Lastly, it's time to lock down the rest of your server. Before you proceed, consider ensuring that all your active members have the Verified role so they don't lose access. If you have a server large enough where doing this manually isn't feasible, certain bots allow you to mass-assign roles to all users, such as Dyno.

    When you're ready to proceed, edit each channel in your server and set the permissions for @everyone to deny Read Messages (red cross), and the permissions for Verified to Allow (green tick). If you have a lot of channels, consider setting this at the category level and allowing it to sync with the channels within.


    At this stage, you're done - make sure you test the process thoroughly with a non-Administrator account, and ensure that no channels can be visible to both verified and unverified users. If done correctly, this will ensure that new users cannot see the server - or the user list - without first getting through a basic verification process. While humans can click through and gain access to your server easily, most DM bots cannot and will be stopped at the door.

    Note that this process does not prevent human spammers, trolls, or griefers from gaining access - to prevent this, I would suggest implementing a human verification system, requiring new users to be approved by your moderators. (Consider asking for something simple, like their in-game username if you're a game server - legitimate users will be able to pass this easily, whereas trolls will often leave without even trying.)


    Hope this helps! As you can see, it would be much easier to implement this with "can send private messages to members" and "can view member list" permissions, and this doesn't work at all if you need to keep your server safe from human attackers, but it is at least a start.

    Over to you, Discord staff...

  • Kefka


    Your method will not work. Simple verification methods, such as a reaction, typing a command, etc, are static and can easily be automated. I have personally had this issue and ended up basically playing cat and mouse with the spambots.

    On top of that, simply denying view permissions to a channel will NOT stop a bot from seeing the users on that server. If you don't believe me, set up a server as you described, then press ctrl+k to bring up the search box, and search for a user on the server that you shouldn't be able to see. You'll notice you can find them, no problem. Selfbots can do anything a user can, so they have access to this feature as well.

    Here is a WORKING method to stop DM spambots:

    - invite the bot yagpdb, or any other which can achieve the same results.
    - enable yag's built in verification module, which uses google reCAPTCHA and is quite difficult to automate.
    - set up permissions so that users do not have permissions until after they get the verified role from the verification, similar to what Ehi described above.
    - set up a welcome channel for unverified users, but do not let them chat in it. Instead, use it to instruct them how to verify, which discord settings to enable to recieve the bot's dm, troubleshooting, etc.
    - set the autokick timer for yag varification to 9 min or less, so that users will be kicked from the server if they do not verify within 9 min.
    - set the autokick message to explain to the user why they were kicked and how to join correctly.
    - make absolutely sure users recieve no roles until AFTER they verify.
    - finally, set your server moderation settings (in discord) to "table flip" mode.

    This will prevent new users from talking OR STARTING NEW DM CONVERSATIONS until they recieve a role (verify) or until 10 min has passed. Since they will be kicked after 9 min of not verifying, it will be impossible for them to chat or open new DMs until they verify. When they verify, they are given a role, which will allow them to chat right away without waiting the full 10 min. When I first posted here forever ago, I was getting HUNDREDS of dm spambots a day. Since setting this up, I get zero.

  • alwaystired

    Here's another reason for it:

    I found myself in the role of admin for an informal discord community centered around an online school. They lack an official chatroom.

    The ability to do this would allow us to have synchronous discussions while more effectively preventing academic dishonesty.

  • ObiOneStenobi

    Please implement this!