this post was submitted on 13 Jul 2024
126 points (75.0% liked)
Open Source
37986 readers
176 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Is it though? Don't email spammers just spoof the domain or send without a domain? I'm not entirely sure if that's different from how the fediverse works. I'm not too knowledgeable about this topic.
Very much so. Out of the spam that I do see in my inbox, the sender domains are usually spoofed, while the reply-to addresses are usually gmail.com, hotmail.com or outlook.com.
You need to set up dkim to prevent spoofing. Each message sent has a digital signature that matches one on a DNS record for your domain. You can also set an SPF record, which will tell the recipient what up addresses are authorized to send mail on behalf of your domain.
The recipent must have policies in place that reject mail which fails dkim/spf
Replying to your edit:
This is an instance moderation problem. If you're letting spammers in, you need to use a better application process or something similar to that. A big problem with email spam is that most email services allow anyone to sign up for free without any checks.
Ultimately defederating bad actors and defederating "good" actors who fail to moderate their own users is necessary.
Hmm I feel like some pooling of effort with spam detection built into the software (lemmy for instance) could help spread the effort of spam fighting to other, smaller instances and not just centralised to the big ones.
But it's difficult to say what will happen I guess. We need to just keep being vigilant when it comes to stopping spam while keeping in mind our shared goal of a decentralised social Internet.
Agreed, and this is what makes the Fediverse so good. It would be annoying to lose your instance, true, but you just move to another or roll your own. Additionally, let's say they start spamming Mastodon from mastodon.social; their messages would go to the Global channel, but if I only ever read Local or Subscriptions, I'll never see their spam.
The Fediverse and ActivityPub will continue to evolve, but unlike SMTP, they were created after the internet became adversarial. This author isn't the first to try to fearmonger over the future of AP, and they won't be the last.
It is fearmongering, albeit unintended, but I don't think it completely applies to the Fediverse as it stands. We should always remain vigilant and never complacent, and I'm sure the devs and moderators are keeping spam control in their minds. This isn't the 1980s, and we're not trying to retrofit a protocol that came before spam was ever a thing.