Holger's Code
← Back to news

May 27, 2026

The SEO scam email — and how AI lets you fact-check it in 30 seconds

A cold email warned me my site was "invisible on Google." With an AI assistant looking at the actual code, I confirmed in under a minute that nothing was wrong. Here's the playbook.

I got this in my inbox today:

We recently ran a backend analysis of your website, and the results show that several important SEO steps are incomplete. Due to this, your website is currently not appearing on Google, Bing, and other search engines when searched with keywords related to your business and services.

We understand that your website was created to attract more clients and generate more business... Please send us your preferred time availability for a quick phone call, along with your updated contact number, and we will get in touch with you to explain how we can help fix and improve your website.

No company name. No domain mentioned. No actual findings. No keywords. Just vague panic and a request for my phone number.

This is a template. It goes out in bulk to anyone with a public contact form, and the entire goal is to get you on a sales call where someone reads a generic checklist back to you and charges a monthly retainer to "fix" things that were never broken.

The old way: doubt creeps in

The reason these emails work is not that people are gullible. It's that most site owners have no quick way to verify the claim. "Am I actually indexed? Is my metadata correct? Did I forget a sitemap?" If checking takes an afternoon, doubt wins and the sales call gets booked.

The new way: ask the AI that already has your code open

I asked my AI assistant — Claude Code, sitting in my editor with the project loaded — one question: "Do I have proper SEO setup in this site?"

Thirty seconds later I had a concrete answer, with file references:

  • Full Next.js Metadata API in app/layout.tsx — title template, description, canonical URL, Open Graph, Twitter card, explicit robots: { index, follow } plus Googlebot directives.
  • app/robots.ts — robots.txt route, present.
  • app/sitemap.ts — sitemap.xml route, present.
  • app/feed.xml — RSS feed, also linked from metadata alternates.
  • Favicon, OG image, the lot.

Every single thing the email implied was missing was already there. The doubt evaporated, and the email went where it belonged.

Why this matters beyond one spam email

The scam economy around small business websites runs on information asymmetry — they know (or pretend to know) something about your site that you don't. AI assistants collapse that asymmetry. You no longer need to be an SEO specialist to verify an SEO claim, a security expert to verify a "vulnerability notice," or a lawyer to read a vague legal threat. You just need to ask, in plain English, against the actual artifact in question.

A few rules of thumb I now use:

  1. If an email warns you about your site but never quotes a single specific thing from it — domain, URL, page title, headline — it's bulk spam. Real audits cite real findings.
  2. Before replying to any technical claim, ask your AI to verify it against the source. Thirty seconds of grounded checking beats an hour of vague worry.
  3. Trust the free, authoritative tools. Google Search Console and Bing Webmaster Tools tell you exactly what's indexed and what isn't. No phone call required.

The con only works while you feel uncertain. With AI in the loop, that window is now about as long as it takes to type the question.