Google began rolling out the March 2026 spam update on March 24 at 12:18 PM PDT, according to the Google Search Status Dashboard. The update applies globally and to all languages, and Google estimates the rollout will take a few days to complete.
Google Search Central announced it on LinkedIn: “Today we released the March 2026 spam update to Google Search. This is a normal spam update, and it will roll out for all languages and locations.”
The update is the second announced Google algorithm change of 2026, following the February 2026 Discover core update. It’s the first spam update since the August 2025 spam update, which ran from August 26 to September 22 and took nearly four weeks to complete. Google’s “few days” estimate for the March rollout suggests a shorter, more targeted deployment.
Spam Updates vs Core Updates
The distinction between spam updates and core updates is worth understanding because the response to each is different.
Core updates reassess the overall quality and relevance of content. They can cause ranking shifts for sites that haven’t done anything wrong but whose content is being reevaluated relative to competitors. A core update might drop a page not because of a violation but because Google’s systems have determined that other content better serves the query.
Spam updates enforce specific policy violations. They target sites that are actively breaking Google’s documented spam rules. When a site loses rankings or visibility during a spam update, the cause is a policy violation that Google’s systems have identified, not a broader quality reassessment. The response requires identifying and fixing the specific violation rather than improving content quality in general.
Google hasn’t disclosed which specific spam category or categories the March 2026 update targets. No new spam policies were announced alongside the rollout, which means the existing spam policy framework is the relevant reference for evaluating any impact.
What Google’s Spam Policies Actually Cover
Google’s spam policies for web search define the practices that can result in ranking demotions or complete removal from search results. These policies have expanded significantly over the past two years, particularly with the March 2024 core update that introduced three new categories. Here’s what the current framework includes.
Cloaking and Sneaky Redirects
Cloaking and sneaky redirects cover situations where a page shows different content to search engines than to users, or redirects users to a different destination than what Google sees. Paywalled content with proper structured data and Flexible Sampling compliance is explicitly excluded from the cloaking policy.
Doorway Abuse
Doorway abuse targets sites that create multiple pages designed to rank for similar search queries, funneling users through intermediate pages that exist only to capture search traffic rather than serve as useful destinations. Multiple domain names or pages targeting specific regions or cities that all route to the same destination are a common example.
Expired Domain Abuse
Expired domain abuse was introduced in March 2024 and targets the practice of purchasing expired domains specifically to leverage their historical authority for ranking new, low-value content. Buying an old domain and using it for a genuinely new site with original content is fine. Buying it to rank thin content on the back of its existing backlink profile and trust signals violates the policy.
Hacked Content
Hacked content covers any content placed on a site without authorization, typically through security vulnerabilities. Hackers often inject hidden links, hidden text, cloaked redirects, or malicious code that can be difficult for site owners to detect.
Hidden Text and Link Abuse
Hidden text and link abuse targets content placed on a page specifically to manipulate search engines that isn’t easily viewable by human visitors. White text on white backgrounds, CSS-hidden content, and text behind images are the classic examples.
Keyword Stuffing
Keyword stuffing covers the practice of overloading pages with keywords in ways that degrade the reading experience. Blocks of phone numbers, city names, or repetitive phrases added to pages without context fall under this category.
Link Spam
Link spam remains one of the most expansive and consequential spam categories. Google’s policy targets any links intended to manipulate rankings, including buying or selling links that pass ranking credit, excessive link exchanges, using automated programs to create links, and requiring links as part of terms of service or contractual agreements. Google specifically notes that advertising or sponsorship links should use rel=“nofollow” or rel=“sponsored” attributes.
The link spam policy has a specific recovery implication that differs from other categories. Google’s documentation states: “In the case of a link spam update, making changes might not generate an improvement. This is because when our systems remove the effects spammy links may have, any ranking benefit the links may have previously generated for your site is lost.” In other words, cleaning up spammy links doesn’t restore the rankings those links once provided. The artificial boost is simply removed.
Scaled Content Abuse
Scaled content abuse was broadened in March 2024 to cover any large-scale content production focused on manipulating rankings rather than helping users, regardless of whether the content is generated by AI, human writers, or a combination. The policy explicitly includes using generative AI tools to create many pages without adding value, scraping and republishing content with minimal modification, and stitching together content from multiple sources without adding substance.
Scraped Content
Scraped content covers republishing material from other sites without adding original value, even when the source is cited. Reproducing content feeds, embedding media from other sites without substantial additions, and copying content with only superficial modifications (like synonym substitution) all fall under the policy.
Site Reputation Abuse
Site reputation abuse was introduced in March 2024 and updated in November 2024. The policy targets third-party content published on a host site primarily to exploit that site’s existing ranking authority. Google clarified in the November update that no amount of first-party involvement, including oversight, licensing agreements, or partial ownership, changes the fundamental nature of the violation if the content’s purpose is to leverage the host site’s ranking signals. Moving the content to a subdirectory or subdomain of the same site is specifically called out as an insufficient fix.
Thin Affiliate Content
Thin affiliate content covers affiliate sites that duplicate product descriptions from retailers or manufacturers without adding unique reviews, comparisons, or other original value.
Misleading Functionality
Misleading functionality targets pages that promise one function (like a download or a tool) but execute something else (like an ad click or a redirect).
User-Generated Spam
User-generated spam covers comment spam, forum spam, and other user-contributed content that contains promotional links or low-value material that the site owner hasn’t moderated effectively.
Machine-Generated Traffic
Machine-generated traffic targets using bots, automated programs, or similar tools to send fake traffic to a site, which can manipulate engagement metrics.
Malware and Unwanted Software
Malware and unwanted software covers sites that host harmful downloads, deceptive software, or code that behaves in ways users don’t expect or consent to.
SpamBrain and Automated Detection
Google’s primary spam detection system is SpamBrain, an AI-based platform that identifies patterns associated with manipulative practices. Spam updates typically represent improvements to SpamBrain’s detection capabilities, enabling it to catch new types of spam or more accurately identify existing violations.
SpamBrain operates continuously, not just during announced spam updates. The updates represent notable improvements to the system that Google considers significant enough to announce. Between updates, the system continues learning and adjusting, but the announced rollouts mark moments where the detection capabilities have been meaningfully upgraded.
What Happens If a Site Is Hit
Sites affected by a spam update can experience ranking drops or complete removal from search results. The impact is automated, meaning sites don’t receive a manual action notification in Search Console (that’s a separate enforcement mechanism). The effects appear in traffic and ranking data.
Recovery from a spam update is possible but slow. Google’s documentation states that improvements may only become visible “if our automated systems learn over a period of months that the site complies with our spam policies.” There’s no quick fix. The site needs to identify and address the specific violations, then wait for Google’s systems to reassess compliance over time.
For link spam specifically, the recovery path is even more constrained. Removing or disavowing spammy links doesn’t restore the rankings those links once provided. The rankings drop reflects the removal of an artificial signal, and the only way to regain lost positions is through building legitimate authority over time through quality content and editorial link building from relevant, authoritative sites.
The Timeline of Recent Spam Enforcement
The March 2026 update sits within a broader pattern of spam enforcement that has accelerated since early 2024.
The March 2024 core update introduced three new spam categories (expired domain abuse, scaled content abuse, and site reputation abuse) and was the most significant expansion of spam policies in years. The June 2024 spam update followed with additional enforcement of the new categories. The August 2025 spam update ran for nearly four weeks and was characterized by SISTRIX as penalty-only, with affected domains losing visibility but no broad ranking changes.
The cadence has been roughly one to two spam updates per year, with each one refining and strengthening SpamBrain’s ability to detect violations. The trend is toward more frequent, more targeted enforcement rather than the large-scale overhauls that characterized earlier algorithm updates.
What to Do Right Now
For sites following Google’s spam policies and building authority through legitimate means like quality content, editorial guest posting, and earned digital PR coverage, the practical response is the same as every spam update: monitor Search Console data over the next few days and watch for any unexpected changes in rankings or traffic.
If rankings drop during the rollout period, review Google’s spam policies against the site’s practices. The most common violations in recent updates have been scaled content abuse (particularly AI-generated content at scale without editorial value), link spam (purchased or manipulated backlinks), and site reputation abuse (third-party content leveraging a host site’s authority).
If everything looks clean and traffic still drops, wait for the rollout to complete before drawing conclusions. Spam updates can cause temporary fluctuations during the rollout period that settle once the update finishes. Google will update the Search Status Dashboard when the rollout is complete.
Google Search Status Dashboard incident: March 24, 2026, 12:00 PM PT Google Search Central LinkedIn announcement: March 24, 2026