this post was submitted on 23 Jun 2023
2176 points (96.7% liked)

Lemmy

12506 readers
11 users here now

Everything about Lemmy; bugs, gripes, praises, and advocacy.

For discussion about the lemmy.ml instance, go to !meta@lemmy.ml.

founded 4 years ago
MODERATORS
 

Please. Captcha by default. Email domain filters. Auto-block federation from servers that don't respect. By default. Urgent.

meme not so funny

And yes, to refute some comments, this publication is being upvoted by bots. A single computer was needed, not "thousands of dollars" spent.

you are viewing a single comment's thread
view the rest of the comments
[–] ch1cken@kbin.social 84 points 1 year ago* (last edited 11 months ago) (5 children)
[–] chiisana@lemmy.world 38 points 1 year ago (1 children)

This right here.

Op, if you’re not ready to moderate, don’t spin up your own server or do your own private instance. If you’re going to moderate, do it properly and don’t spew bad ideas while hiding behind a dumb “alert” throwaway.

[–] T156@lemmy.world 14 points 1 year ago (1 children)

To be honest, I'm surprised that that username was allowed (or not reserved). It seems like it would introduce a risk where people could pose as Lemmy developers or something along those lines.

[–] chiisana@lemmy.world 16 points 1 year ago (1 children)

Lemmy is very “open” right now; some might say by design, other might say flawed. OP is maybe coming from a good place and actually wants to help, but instead of doing it tactfully, OP is becoming the exact thing they’re advocating against — a spammer posting garbage.

[–] imaqtpie@sh.itjust.works 2 points 1 year ago

Meh, at least it's driving engagement. There's going to be friction for the time being as people are all mixed together into these communities. I'm sure plenty of casuals were engaged by this post, as it has over 1k upvotes.

But yeah I didn't even notice his username is alert. I'm still on high alert for Reddit shills trying to destabilize this platform, though. Just say the word and I'll come over and verbally defenestrate any shill that might appear.

[–] tal@kbin.social 13 points 1 year ago* (last edited 1 year ago)

I'm not really enthusiastic about email filters either, from a privacy standpoint. Plenty of companies that go harvest email addresses to link identities to activity.

If the CAPTCHA can't handle it, then it ain't doing its job.

[–] gkd@lemmy.ml 1 points 1 year ago (2 children)

I believe you can literally just add a . To the end of your own gmail and it will go to yours. Ie hello.1@gmail.com will go to hello@gmail.com.

[–] le__el@lemmy.world 15 points 1 year ago (2 children)

Actually, hello.1@gmail will go to hello1@gmail.

The one you are thinking I believe is hello+1@gmail will go to hello@gmail

[–] muffedtrims@lemmy.world 8 points 1 year ago (2 children)

Correct, Gmail essentially doesn't "see" dots hello@gmail is the same as h.e.l.l.o@gmail

hello+anything@gmail will also be delivered to hello@gmail. This is great for signing up for mailing lists or subscriptions then creating a filter afterwards to do with it what you please.

[–] tool@r.rosettast0ned.com 1 points 1 year ago (2 children)

Correct, Gmail essentially doesn’t “see” dots hello@gmail is the same as h.e.l.l.o@gmail

There's one exception to that. If you originally created the email address with a dot in it, as in, signed up for gmail as "hello.2@gmail.com," it's treated as a literal character in the username portion and is required.

[–] fart@sh.itjust.works 0 points 1 year ago (1 children)

maybe in the past, but i did that a few years ago and switch between the dot and not

[–] tool@r.rosettast0ned.com 1 points 1 year ago

Yeah, it had to have changed at some point then. It used to be required that you use the dot if you registered it with the dot.

[–] reduce@infosec.pub 0 points 1 year ago

It’s still not required in this case…

[–] PlasmaK@lemmy.ml 1 points 1 year ago

This particular quirk can be easily accounted for tbqh.

[–] gkd@lemmy.ml 3 points 1 year ago

Ahh, yea that's right. Regardless, just all the more reason that it's kind of silly to do what OP is talking about. Sure, you could filter out the + signs as well but overall it's a pretty pointless implementation.

[–] Shinhoshi@infosec.pub 1 points 1 year ago

Those would be separate. You’re thinking of +.

Dots have the effect of being ignored, so h.ello@gmail.com == hello@gmail.com

No, you've (maybe) limited your singular solitary instance's growth: your instance is not "Lemmy" and admins should do whatever they find works for them, is something they can easily enforce, and resolves the problem.

If you want to geoip limit signups to Skokie, Illinois? Great! If it works for you and keeps your instance from being The Problem, then it's a valid solution.

(I don't disagree that email domain blocks are not a singular solution to any abuse problem, but I also think that whatever works for the individual admin is perfectly reasonable, and email blocks CAN be worthwhile.)