The way Twitter users dealt with #DM #spam was to block DMs from non-followers. There are settings with similar effect on Facebook.
You can also do that on #Mastodon.
THIS IS NOT A HACK. It's literally why the feature exists. Use it. Maybe instead of banhammering the largest single instance on the #Fediverse.
Also the naive programmer-macho stuff is making me nuts. Seriously guys, it's not as simple as hacking in one line (or ten or 50) of code to integrate SpamAssassin. It really truly isn't. & no Mastodon.social isn't rolling in money, & throwing money at the problem would make no more sense than throwing devs at it (AHEM #MythicalManMonth? /AHEM).
Could it be done fast? Maybe. Sure, why not? Should it? Well I have it so from a half dozen people about whose experience I know nothing so SURE!
& in any case, going after the spam messages themselves is, frankly, the wrong priority.
The problem is the spammers. Stop the spammers, you stop the spam.
So people talking about methods for limiting spam signups are on the right priority. Mastodon.social & Mastodon.world are focusing on limiting or qualifying signups; people are discussing options for adding friction to the signup process. Those could actually work.
SpamAssassin is basically a non-solution for most instances.
We should maybe adopt a convention of distinguishing between #spam & #FediSpam: if it's exploiting features of the #Fediverse to make the spam harder to kill, it's FediSpam.
E.g. here, describing how a single site is automating post creation to send single spam messages from many servers. 'Everone on Join Mastodon' as one reply characterizes it.
FediSpam can't be killed by a single approach. You'd need to improve ability to assess humanness, & screen messages.
So, FediVerse, what systems do you have in place to stop #FediSpam not coming from a single instance but from hundreds of them? Consider @[email protected] , which is also @[email protected], @[email protected], @imtaaa, @[email protected], @[email protected], and many others. There are several advertisers going around doing this, creating 1-advert-post accounts across many instances (at the rate of 1 or 2 per day, at 1 instance). So what's stopping this? Or has no-one thought about it yet? #FediHelp @Fyrsta @wild1145 @[email protected] @[email protected]
Every approach I've heard so far to improving the ratio of humans to spambots does so by introducing some kind of friction into the signup process. #Mastodon "corporate" clearly prioritizes reduction of friction on signups as a means to drive adoption. That's advantageous to spammers.
Anything done to fight spambots at the source will at least incrementally reduce adoption. But by how much? #CAPTCHA might be a good compromise, but would it help? If it does, benefit will be short term.
Then there are the various strategies intended to triage the signup approval process. There are a bunch of them, but none of them will *stop* spambots from registering.
Spam is an arms race. Some of it's always going to get through.
In any case the current trend toward demonizing mastodon.social is unhelpful but also unsurprising. Folks need a face to blame. "It's coming from everywhere" is too scary to comprehend.
FeralRobots
steakfrite