On February 15th, newly-created Fediverse accounts started posting spam messages from various instances, sending invites to a Discord server for a Japanese troll organization. This spam was widespread across the Fediverse. The posts frame ap12 from “KuronekoServer” as the culprit behind the operation.
Looking at their spam content (in Japanese)
A really interesting look at the recent spam wave.
A first step is RBL intergration, a shared blocklist of spam instances that subscribed instances would use to blackhole spam users/traffic/instances. These are used ubiquitously in email spam systems, so there is a precedent in federation systems for it working. We need to stand up an RBL, and then mod Lemmys federation system to work automatically based on the community blocklist.
It does mean that poorly admined instances will get blackholed, breaking their federation, but that’s the cost of a healthy network.
This is how email servers have worked for decades - there is no silver bullet and this comes closest. If you poorly admin your email instance, say allowing it to be an open relay (same as just allowing open registrations), you get blacklisted everywhere aka defederated. Same if you have a compromise and someone starts spamming out.
I think integrating with SpamAssasin shouldn’t be that hard. The threshold may need to be set quite high and things like votes/boosts may need to be exempted in some way, but the Fediverse can take a lot of existing tools from email.
Luckily, we don’t need to do anything to support anything like DKIM and reverse PTR, because those technologies are built right into ActivityPub. We can’t add SPF, because ActivityPub allows for arbitrary servers to boost stuff so that replies and such get mirrored right. A DMARC-like “we’ve blocked 40% of your traffic” notification may also be useful so Fediverse servers can monitor if their servers are misbehaving.
What we might need is some kind of ActivityPub proxy that’ll parse and analyse incoming/outgoing traffic, pass them through whatever spam filter you like, and forward the ones that make it to actual server software. That way, we can write one tool that’ll work for Lemmy, Mastodon, Misskey, and all other kinds of servers.
A first step is RBL intergration, a shared blocklist of spam instances that subscribed instances would use to blackhole spam users/traffic/instances. These are used ubiquitously in email spam systems, so there is a precedent in federation systems for it working. We need to stand up an RBL, and then mod Lemmys federation system to work automatically based on the community blocklist.
It does mean that poorly admined instances will get blackholed, breaking their federation, but that’s the cost of a healthy network.
This is how email servers have worked for decades - there is no silver bullet and this comes closest. If you poorly admin your email instance, say allowing it to be an open relay (same as just allowing open registrations), you get blacklisted everywhere aka defederated. Same if you have a compromise and someone starts spamming out.
I think integrating with SpamAssasin shouldn’t be that hard. The threshold may need to be set quite high and things like votes/boosts may need to be exempted in some way, but the Fediverse can take a lot of existing tools from email.
Luckily, we don’t need to do anything to support anything like DKIM and reverse PTR, because those technologies are built right into ActivityPub. We can’t add SPF, because ActivityPub allows for arbitrary servers to boost stuff so that replies and such get mirrored right. A DMARC-like “we’ve blocked 40% of your traffic” notification may also be useful so Fediverse servers can monitor if their servers are misbehaving.
What we might need is some kind of ActivityPub proxy that’ll parse and analyse incoming/outgoing traffic, pass them through whatever spam filter you like, and forward the ones that make it to actual server software. That way, we can write one tool that’ll work for Lemmy, Mastodon, Misskey, and all other kinds of servers.