cross-posted from: https://lemmy.dbzer0.com/post/123857

This is my current attempt at preparing to counter the spam waves that will be appearing as the fediverse becomes more and more popular.

It involves the creation of whitelists based on a chain of trust between instances with easy ways to add and remove into it with few overheads.

Let me know what you think and if you’re interested, please do register your instance at https://overctrl.dbzer0.com.

  • db0@lemmy.dbzer0.comOP
    link
    fedilink
    English
    arrow-up
    5
    ·
    2 years ago

    The problem with using email as a playbook is… Email has soft failed as a distributed system. It’s been captured by a few mega corporations who have created a web of trust between them and everyone else is struggling to get through and silently dropped in the spam bin often enough with no recourse. Cory doctorow has spoken extensively on this.

    I think to avoid this happening to the fediverse as well we need to start building our own web of trust early on and not let the fate of email happen once more

    • terribleplan@lemmy.nrd.li
      link
      fedilink
      English
      arrow-up
      3
      ·
      edit-2
      2 years ago

      Perhaps I am a unicorn, but I have self-hosted my email for years and don’t have deliverability problems. The only problems I have had:

      1. I think I had to sign up with some sort of Microsoft thing or submit a ticket to them or something because I had an issue with sending mail to o356. That was resolved quickly and I haven’t had a problem since.
      2. My server host (Linode, and Digital Ocean before them) is on the UCEPROTECT-L3 blacklist, because they (and whitelisted.org) are a bunch of scammers and block entire ASNs for almost any amount of spam, then extort individual mail server operators to get their IP specifically delisted.

      To me one of the big things that differentiates Lemmy (and the fediverse in general) from email is that most of it is public, so the things in email that would involve sharing someone’s private information (email addresses, IPs, email contents, etc) are public (at least the post/comment and username+instance), and can all be verified. I think there is a lot of potential because of this. Maybe I’m crazy, but I just really don’t like the idea of a whitelist-based system because it means I as a small instance operator may have to sign up to dozens of services like the one you are building. I want my instance to be able to federate pretty much as widely as possible, and to me such a burden is too much to ask within a system/protocol/fediverse that is designed to facilitate sharing and decentralization.

      Also, I think there is already room for a problem with “capture”. What motivation is there for .world .ml or beehaw to bother signing up for your thing? Even assuming you get 100 like minded admins to sign up for Overseer that is probably a pretty small fediverse island without them, some or all “mega” instances will probably just end up getting a pass anyways and at the end of the day no system is in place to help with the problem of bot/spamming users on trusted instances (whether in that WoT or just blindly trusted by the WoT).

      Most of the spam I get is from gmail addresses, I don’t see it going any differently here.

      • db0@lemmy.dbzer0.comOP
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        2 years ago

        Yes I am cognisant to the fact that it’s likely most won’t bother to sign. I’m considering just importing all instances and allow others to guarantee for them whether they’ve been claimed for not. Claiming am instance will likewise just allow their admins to guarantee and endorse other instances

        Way I see it, they motivation to sign up is to crowdsourced trust building in the fediverse, instead of relying on defacto webs of trust which will develop organically around the big players.

        About email, check the experience of doctorow https://doctorow.medium.com/dead-letters-73924aa19f9d