π³π±
Seems someone is attacking mastodon.social with spam bots that are effecting users across the fediverse with spammy messages.
Users may wish to temporarily mute the mastodon.social server. If the problem persists much longer I may temporarily silence the server until it comes under control.
@freemo Don't bother. I got a spammy message and it came from my local server, mastodon.online. They're spreading.
@Bradley_JF Thankfully QOTO has a pretty extensive email blacklist so lets hope they dont infect here... though blacklists are of limited effectiveness. I hope they arent using gmail addresses or something.
There really needs to be some decentralized email blacklist or email DB or something, though not sure how you could do that without abuse.
@freemo I'm not sure that would even work, tbh. It's pretty easy to register new domains and create new swaths of email addresses.
I guess Fedi is finally picking up enough steam to be attractive to spammers. I wonder what the solutions will be tech-wise.
@Bradley_JF It could still potentially work in that case, though the exact mechanics are a bit nebulous. Presuming people participated in it and when the first few people are attacked the new domain and/or address are added to the block list then they would only be able to spam a person or two before being stopped and needing to create a new domain.
Since domains cost money, albeit it not very much, it wouldnt be economically feasible for an attacker to spend 10$ per domain to spam 3 or 4 people before needing to create a new one.
The key to success of such a system would be to have mechanics where domains/accounts get blocked quickly enough that they cant spam enough people to make the domain worth the cost (which would require tens if not hundreds of thousands of spam events to make 10$) but at the same time not to be so quick to ban domains that there are a lot of false positives.
@freemo Those are good points. I'm just not sure how you could automate that without people trolling it for fun to lock people out of their accounts. There would have to be a whitelist and some trust that major email providers will work to stop spam on their end, though that's probably an unrealistic expectation.
@Bradley_JF Yes that is the difficult part of course, doable but non trivial. In fact this conversation gave me a rather novel idea as to how to do exactly that that im mulling over to consider if its worth persuing.
With that said there is already an email blacklist where servers that spam get on the blacklist and generally is pretty trust worthy. Thought he blacklist is at the server level and only handles servers that allow users to spam en mass, it wouldnt address this case where users arent spamming via email and only using the email to create logins on other services they then use to spam.
@freemo Well, I'm glad to hear the conversation bore some fruit. I hope it works out. =)