18h ago

Will Lemmy spam become like email spam?

My understanding of federation is that it's like email. If one server is misbehaving, then they get defederated.

So how come email spam still exists - why don't spammer domains get defederated? It seems like we've got the worst of both worlds, where it's hard to get your emails relayed when you run a small email server, and easy to get them relayed if you're a spammer.

Is there anything about Lemmy's architecture that will prevent this problem?

8 comments

So how come email spam still exists
We were really naive back when email was invented.
Is there anything about Lemmy's architecture that will prevent this problem?
While Lemmy versions maintain some backwards compatibility, Lemmy is designed to move forward, and allow incremental security improvements. And it is possible to apply significant security updates to individual servers without losing access to the out of date ones.
Email really doesn't have an equivalent way to improve security, Incrementally, without dropping large legitimate parts of the network.
DMARC and DKIM are making finally progress for email security- by dropping large legitimate parts of the network.

Most Esteemed and Honorable Sir/Madam,
What a good post I write to you in great distress, for I am Prince Oluwafemi of the Most Federated Kingdom of Lemmy. My federation has been defederated most unjustly, and I am in dire need of your assistance to restore my rightful place among the shitposters.
To do this I just need you to visit the charity setup by my people so they can track your donation and return the internet points once I am back in my rightful place www.justputyourcarddetailsin.edu
- I kind of wanted that address to exist...

they do get 'defederated'... by way of automated block lists by domain and IP...but the issue is smtp due to age is trivially easy to setup on new domains/ips as well as dns and relay tricks to obfuscate the true source.

It will be worse.
And Lemmy is not designed at all to handle spam.
- I used to use Kbin.social but eventually it started to get overrun by spam when the servers worked.

If one server is misbehaving, then they get defederated.
If the instance the spam is originating from is nothing but spam, yeah. Most instances only defederate from another as a last resort and/or if the offending instance is a total lost cause or dedicated to spam/trolling/etc.
Is there anything about Lemmy's architecture that will prevent this problem?
Yes. Applications for new registrations assuming admins can be arsed to turn them on. It won't 100% prevent it, but it will reduce it by probably 90%.
Most spam on Lemmy comes from instances with open registration (ones that do not require an application). Lemdro.id is probably the biggest offender and pain in my side. Email verification and CAPTCHAs are not effective barriers. They may slow down spam signups, but do absolutely nothing to stop them.
Instances that have 24/7 admin coverage do okay with allowing open signups (again, without application approval) and keeping spam to a minimum; some still slip through, but they're usually quickly dealt with due to having an admin available 24/7. Instances with round-the-clock admin availability are rare, though.
Instances without 24/7 admin coverage (roughly 99% of them) should, IMO, NOT have open signups and require applications. Some spam may get through, but the admins can at least have eyes on new registrations.

I know the best way to prevent spam. Well, specifically I know someone who does. He happens to be the leading expert in spam mitigation. In fact, he's so good, he was arrested for it, and his history purged from the net. I would give you a name, but that would only make his treatment in prison even worse.
Thankfully, I have a few connections that I can use to free him. He's currently being held in a remote Russian prison, but the guards are corrupt. For a mere $10k USD or so, I can free him. Please direct donations to Bitcoin address xjejksoej28sj77.

8 comments