First of all, congratulations for bringing a baby girl into this world!! You must be really excited! I am very happy for you!

This looks very cool. I set up a wiki (https://ibis.mander.xyz/) and I will make an effort to populate it with some Lemmy lore and interesting science/tech 😄 Hopefully I can set some time aside and help with a tiny bit of code too.

Thank you for the positivity 💚 I wholeheartedly agree!

Drama and negativity drives engagement, and this form of engagement can easily trigger a feedback loop in which negativity keeps piling on and voices of support are practically muted.

We are participating in an open source project that has some very ambitious goals. Things can be messy, mistakes happen, there are risks, and people have many different opinions and moods. Heated discussions can be a healthy part of the process. But, once the dust is allowed to settle for a bit, it is good to remember that we are humans and that we are here because we have some shared goals.

I think the majority of people around here are kind and have a positive outlook, but perhaps it is more motivating to speak out when we have negative comments than positive ones. So, thank you for taking the time to write this positive message!

I would like to make a list at some point with several community integrations and ask my instance’s users whether they would like some of them installed into the instance. This application will definitely go on that list! I do need to take into consideration how many resources each of the apps consume, to make sure I don’t bloat my server. But this one seems quite light. Is it?

Thank you for making this open source!

I would think that they need to set a somewhat permissive threshold to avoid too many false positives due to people sharing a network. For example, a professor may share a reddit post in a class with 600 students with their laptops connected to the same WiFi. Or several people sharing an airport’s WiFi could be looking at /r/all and upvoting the top posts.

I think 8 accounts liking the same post every few days wouldn’t be enough to trigger an alarm. But maybe it is, I haven’t tried this.

It may be an AI, or it can also be a real human that is lying. The point of the application filter is to significantly slow down these approaches to bring their impact to a more manageable level. An automated AI bot will not be able to perform much better than a human troll with some free time because any anomalous registration patterns, including registration spikes and periodicity, are likely to be detected by the much more powerful processor that resides in the admin’s head.

On the other hand, a catch-all domain e-mail, a VPN with a variable IP, and a captcha-defeating bot can be used to generate thousands of accounts in a very short amount of time. Without the application filter the instance is vulnerable to these high-throughput attacks, and the damage can be difficult to fix.

It is too easy to fake e-mails. You can set up a catch-all e-mail domain and spam the registration like that. I am not a fan of giving my e-mail nor collecting other people’s e-mails.

My current message contains the following:

Please leave a short message (a sentence or two is enough) stating why you would like to join this instance and I will accept your application as soon as possible. The purpose of this form is to filter out spam bots, not to judge your motivation for joining.

It is not about them writing an essay to be let in. It is a very effective strategy to weed out spam accounts being registered in masse. One step is to make sure that the user made a cohesive sentence that addressees the question, and the other step is to check whether there is a sudden spike of similar new applications. Even ignoring the actual text, it is useful to be able to monitor whether you getting rate-limited bursts of account creations, and having the ability to approve/deny allows you to respond with less effort than if they succeed at creating the accounts.

Yes, I sent it to someone who is sitting next to me. Maybe whatever algorithm they use for filtering is a bit noisy.

In what way? I just tried sending lemmy.ml in a private message and at least that went through.

To me it’s the reciever that unjustly blocks the mail, not our TLD’s that are “untrustworthy”.

Oh, absolutely.

I also tried setting up my e-mail server at home, but my ISP won’t let me forward port 25.

I hope that’s the case! I will run more tests in a few weeks.

I was able to set everything correctly (DKIM, DMARC, PTR, SPF, MX records) and I can get a ‘8/10’ from an e-mail tester.

The two points that are deducted are due to SpamAssassin flagging the TLD:

Even then, 8/10 should be good enough, but the emails go into the spam directly - at least for gmail and protonmail.

The article I linked goes into even worse cases, like admins blocking all of ‘.xyz’ domains by default, social media sites flagging them as spam, and chat messages including an .xyz url being silently blocked.