984
submitted 1 year ago* (last edited 1 year ago) by lwadmin@lemmy.world to c/lemmyworld@lemmy.world

Lately we have been dealing with a few abusive members from Feddit.nl and we were unable to get in touch with the instance administrator.

Part of the problem is the instance's open registrations which do not require you to enter an e-mail address during signup. This in combination with an inactive admin is a recipe for abuse.

We hope this is only temporary but we have to do this to protect our users.

Edit: we use fediseer, have a look https://gui.fediseer.com/instances/detail/lemmy.world

Edit 2: We got in touch with the Feddit.nl admin. Email requirements were added to the sign-up process and we're setting up a communication channel. So that means we are federating with Feddit.nl again!

you are viewing a single comment's thread
view the rest of the comments
[-] BitingChaos@lemmy.world 39 points 1 year ago

Part of the problem is the instance's open registrations which do not require you to enter an e-mail address during signup.

How is this even a thing? Why would the Lemmy software even allow operation like this?

[-] tpyo@lemmy.world 123 points 1 year ago

Back when I signed up for reddit, you didn't need an email and they warned you if you lost your password you'd be locked out of your account until you regained it and they would not offer support to reset it

I liked that. I don't want to have to submit my email for everything just to interact

[-] cyberpunk007@lemmy.world 20 points 1 year ago

One of the reasons I have my own email domain and random email addresses for certain services.

[-] Dopeness@lemmy.world 6 points 1 year ago

Catch all? I love it so damn much since I got it. Bitwarden added it on the fly and now I got disposable email addresses for anything I can think of, it's so, so perfect!

[-] Tangent5280@lemmy.world 4 points 1 year ago

Hi, is this only for the web interface or something? Is this available for the android interface?

[-] ohmyiv@lemmy.world 5 points 1 year ago

You can access it from the android Bitwarden app. Go to the password generator. Where it says "What would you like to generate?", tap Password and select username in the popup, then click OK. After that, it gives you an option to use a different emails when it generates the email address to use for the account you're setting up.

[-] palitu@aussie.zone 3 points 1 year ago

hmmm... i may need to buy bitwarden... i currently self-host, but that sounds very tempting!

[-] Dopeness@lemmy.world 4 points 1 year ago

No need. Even selfhost is free. The catch all feature is also included in the free plan. Bitwarden free is amazingly packed with pretty much all the features you need. Tip: Make a 'non-profit' organisation and invite your family to it. You can share passwords for streaming service etc using this.

[-] Voyager@psychedelia.ink 5 points 1 year ago

Managing this for a large amount of services is a huge overhead for me. I use Sub-addressing and then apply filters based on categories.

[-] dpkonofa@lemmy.world 3 points 1 year ago

It annoys the shit out of me how many developers don’t allow for sub-addressing. Google has supported it on Gmail since inception and it follows the damn spec! Don’t use your crappy form validator if it doesn’t allow valid emails!

[-] Copernican@lemmy.world 2 points 1 year ago

I've always been curious. Do any parties just remove the string between "+" and "@" when they see those emails registered?

[-] dpkonofa@lemmy.world 2 points 1 year ago

Not that I’ve seen. Some do however incorrectly escape the string and end up with an invalid email like namesite.com@gmail.com instead of name+site.com@gmail.com.

[-] IdleSheep@lemmy.blahaj.zone 3 points 1 year ago* (last edited 1 year ago)

If you have catch all enabled for your custom domain there's no overhead.

Signing up for reddit? Just put reddit@example.com and that address will be automatically created and start receiving reddit's emails. Don't have to fiddle with anything.

[-] cyberpunk007@lemmy.world 2 points 1 year ago

I like this.

I use legacy free g suite, might see if it supports this

https://smash.vc/gsuite-catch-all-guide/

[-] cyberpunk007@lemmy.world 2 points 1 year ago

Interesting. How does this work? I've never used it. I either add manual aliases or distribution groups. It's a pain in the ass but it works and is safer than using the same email for everything.

One thing I like is also how you can tell who sold your email to spammers 🤣

[-] jcg@lemmy.world 2 points 1 year ago

I do this as well but there's been quite a few times when the email input wouldn't accept it and it's usually on the sites you really wanna have it on.

[-] Duamerthrax@lemmy.world 2 points 1 year ago

I was dumb founded to find out that vrchat doesn't except ProtonMail. I had to use my mothballed gmail account.

[-] Dopeness@lemmy.world 2 points 1 year ago

Got a domain? Setup 'catch all' and you are all set. If not consider a cheap one. It's unlimited disposable email addresses for few buck a year.

[-] ttmrichter@lemmy.world 2 points 1 year ago

And then there's those of us who don't use email for all practical purposes. I haven't sent an email in anger for a donkey's age; the only reason I have an email at all is because of all the people in North America who think email is the wave of the future.

[-] SpliceVW@lemmy.world 59 points 1 year ago

Let's be real - an email address doesn't really stop much of anything. Anyone can really easily spin up new email addresses freely.

[-] Corkyskog@sh.itjust.works 19 points 1 year ago

Yeah I still don't have an email associated with my reddit account. Which shocks people... although I haven't logged on in months, so maybe it's now required for legacy accounts

[-] MakeItCount@lemmy.world 4 points 1 year ago

it's not required globally but some subs require it to be able to post

So far only /r/formula1 does for me

[-] tpyo@lemmy.world 1 points 1 year ago

Hah, I replied higher up in the comments that when I signed up for reddit, I also didn't need an email address and I think that particular one never required setting one

Newer accounts definitely did and I used different emails for those accounts

[-] SportsRulesOpinions@lemmy.world 2 points 1 year ago

They somehow managed to force me to add my email. I don't remember how.

[-] CoderKat@lemm.ee 18 points 1 year ago

Sadly yeah. We absolutely should use email signup because it filters our the absolute lowest effort bots, but it does nothing against higher quality bots or humans. Not only can you easily spin up new emails on the fly, but many emails allow ways to make the email appear unique (eg, Gmail ignores dots and anything after the + sign), there's plenty of temporary email services with a variety of domains, and if you own a domain, you can trivially create unlimited emails until they catch on and ban the entire domain.

Inactive admins are also an issue, but if malicious users are determined enough, it doesn't matter that much how active an admin is. An active admin can mostly help by making IP banning an option (imperfect, but will work on many humans) and can temporarily turn on approvals to make it easier to weed out low hanging fruit. Nothing will work against someone determined enough, but could at least reduce how many instances they can turn to.

[-] itsdavetho@lemmy.world 2 points 1 year ago

Personally I don't think anything will stop anyone determined to bring this type of harm to the community, there's an endless list of workarounds. These communities need a larger network of moderators across timezones

[-] sab@lemmy.world 8 points 1 year ago

Nope, but it will stop the less determined ones.

With no email verification, you can pretty much create dozens of fake accounts per second - as fast as the API can handle.

[-] antik@lemmy.world 13 points 1 year ago

Sure. But we changed our sign-up policy recently. Users are now informed during sign-up that temporary email accounts are banned.

We have another announcement regarding this soon.

[-] ttmrichter@lemmy.world 2 points 1 year ago

How do you define a "temporary email account"?

I'm reminded of old games that insisted you couldn't sign up with an email provider and had to use an ISP email ... which kinda screwed over the literally BILLIONS of people whose ISPs don't give email addresses...

[-] Asudox@lemmy.world 44 points 1 year ago

Lemmy is open source. Everyone can modify it to fit their needs.

[-] cley_faye@lemmy.world 29 points 1 year ago

Because anyone running it can decide to do it this way. That's how code works; you can edit it. Even if the option wasn't there, if any instance admin wants that to happen it's easy to do.

[-] ccunning@lemmy.world 24 points 1 year ago

Last I checked, even Reddit allows signups without an email address…

[-] jimbo@lemmy.world 16 points 1 year ago

In case anyone's wondering, you can use the old.reddit.com interface to sign up without an email.

[-] ccunning@lemmy.world 10 points 1 year ago

I only ever used old.reddit.com. Didn’t realize that option was limited to to the old interface

[-] dreadedsemi@lemmy.world 4 points 1 year ago

Last time I signed up, even new one allows you to leave email empty.

[-] wmrch@lemmy.world 5 points 1 year ago

That's true but they annoy you with a persistent banner to add an email address later on. But it's working nonetheless.

[-] ClarkDoom@lemmy.world 15 points 1 year ago

Cuz we’re on an anonymous forum basically?

this post was submitted on 13 Sep 2023
984 points (94.9% liked)

Lemmy.World Announcements

28381 readers
65 users here now

This Community is intended for posts about the Lemmy.world server by the admins.

Follow us for server news 🐘

Outages 🔥

https://status.lemmy.world

For support with issues at Lemmy.world, go to the Lemmy.world Support community.

Support e-mail

Any support requests are best sent to info@lemmy.world e-mail.

Report contact

Donations 💗

If you would like to make a donation to support the cost of running this platform, please do so at the following donation URLs.

If you can, please use / switch to Ko-Fi, it has the lowest fees for us

Ko-Fi (Donate)

Bunq (Donate)

Open Collective backers and sponsors

Patreon

Join the team

founded 2 years ago
MODERATORS