Lemmy is probably hurting email spammers because users and community names look like email addresses. - eviltoast

I wonder how many thousands of spam bots have tried to connect to the servers and send email using text ripped from these pages federated across numerous domains.

And they can’t just block one website. They’d have to individually block every node if they want to crawl the web for email addresses to steal. I hope it’s a real thorn in their side.

  • moira@femboys.bar
    link
    fedilink
    arrow-up
    76
    ·
    edit-2
    6 months ago

    At my instance I did setup a email wildcard (receive emails from any address on that domain which don’t already have a account) and I get a lot of phishing and scam emails, most of them are send “to” /c/meta@femboys.bar, as link to this community is linked in sidebar, but I also seen emails “send to” random usernames

    screenshot showing email mailbox, about 15 phishing emails

    So yeah, It is happening, i wonder how bad it is on larger instances

      • moira@femboys.bar
        link
        fedilink
        arrow-up
        5
        ·
        6 months ago

        thankfully that is a special mailbox for spam, I sometimes like to come through the emails and see where they submit the data, and maybe submit some data on my own, plus report the issue to website owner/hosting

    • PM_Your_Nudes_Please@lemmy.world
      link
      fedilink
      arrow-up
      6
      ·
      6 months ago

      I personally love my catch-all email domain. Anything that isn’t addressed to a specific list of addresses lands in a generic secondary inbox. So like I can have a personal inbox with the email address I give to friends, a work inbox for the address I give to clients, and an “everything else” inbox that isn’t associated with either work or personal emails.

      It also allows me to easily identify which companies are selling my info. If I sign up to a Walmart membership with “Walmart@[domain]” and then start seeing a bunch of spam at that address, I know they sold my info to some ad company. I can simply burn that address; I just filter everything from that address straight into spam. And now my inbox is clean again.

    • EtzBetz@feddit.de
      link
      fedilink
      arrow-up
      3
      ·
      6 months ago

      I was searching for this, but how can you do a wildcard account which will just receive mails from all aliases?

      • moira@femboys.bar
        link
        fedilink
        arrow-up
        5
        ·
        6 months ago

        it depends on your email provider/server, search under term “catch-all” or alias. I’m using a self hosted email on hestiacp, which have a option under domain email settings